Splunk Search

Community Activity

Calculating next row based on the first value generated in the new column called 12days? I got to calculate the rest of the row based on the first value generated in the new column called 12days. Attempted ... by w344423 Explorer in Splunk Search 03-12-2023 1 2	1	2
Trigger alert after checking results for 3 minutes? Hello How can I trigger an alert after checking the results for 3 minuets So for example, if I want that the alert wi... by sarit_s Communicator in Splunk Search 03-12-2023 0 1	0	1
How to concatenate fields? Hello Splunkers!! I have two fields AND I want to concatenate both the fields.Location : 3102.01.03element : S82(=310... by uagraw01 Motivator in Splunk Search 03-12-2023 0 4	0	4
Recommended way to join large dataset from multiple data sources? Hi, I am new to Splunk and have very little knowledge. I am seeking help for following use case: Query1 gives process... by pmittal Engager in Splunk Search 03-11-2023 0 1	0	1
How does the cofilter command work? by chaitanya1 Observer in Splunk Search 03-11-2023 0 1	0	1
Multiple sourcetypes combine datasets similar to concept Index-to-Match Hello All,I have been scouring the community and other boards but for the life of me cannot create a SPL query to get... by TangSauce Engager in Splunk Search 03-11-2023 0 8	0	8
How to calculate time difference between two different searches for a common field? I have 2 different search queries and I want to calculate sum of differences between time of event 1 and event 2 (in ... by akidua Explorer in Splunk Search 03-10-2023 0 3	0	3
Duration between two events by day based on three or more fields? Hello - I need to calculate the average duration between two status types for a user type in a location in a region. ... by nu_learner Explorer in Splunk Search 03-10-2023 0 2	0	2
Comparing two consecutive time chunks of events by host? I am trying to create a search to generate an alert if I find a host that has more than 1000 events for two consecuti... by sjringo Contributor in Splunk Search 03-10-2023 0 11	0	11
See what values match in a specified field between lookups? I have two look up and both have a field called DNS. I need to figure out which values in those fields match. I have ... by atebysandwich Path Finder in Splunk Search 03-10-2023 0 2	0	2
How to merge data for multiple Splunk queries and reduce the data retrieval time? Hi All,I have 4 indexes: -index1index2index3index4Each index has its own search criteria, there are some common field... by Taruchit Contributor in Splunk Search 03-10-2023 0 4	0	4
Regex to extract words in red? While processing an AS request for target service krbtgt, the account XXX-G-Dashboard-Dev did not have a suitable key... by KhalidSheikh Engager in Splunk Search 03-10-2023 0 2	0	2
Matching value inside a lookup with wildcard? Hello, i'm new to Splunk and i need some advices.I've created a lookup named my_color_lookup, with 2 column : color,d... by zewashere New Member in Splunk Search 03-10-2023 0 1	0	1
Adding a new row in stats using values from previous search? I want to add new row to my search result using values from the previous result. Basically I am counting few strings ... by Vivekmishra01 Explorer in Splunk Search 03-10-2023 0 3	0	3
Find missing hosts after referencing a lookup file. Hello I have the following search which produces statistics(746) in Splunk: index=my_index sourcetype=my_st id=100 h... by jason_hotchkiss Communicator in Splunk Search 03-10-2023 0 3	0	3
How to create a multivalue to single value from XML? I need to create a single field named MemberOf from the XML snippet below. It should look like this: memberOf CN=But... by cmcdole Path Finder in Splunk Search 03-10-2023 0 4	0	4
Case condition to check 2 events on the same field Hi,I want to write a case condition where i can check values from Range column.For instanceIf range for both cost & p... by Ashwini008 Builder in Splunk Search 03-10-2023 0 5	0	5
Get the value of a dynamic name field Hello,I'm having an issue with a field search. I have a lookup where I specify for every sourcetype which field is re... by ivan5593 Explorer in Splunk Search 03-09-2023 0 2	0	2
How to extract from complex JSON file? Hello, I have complex JSON events ingested as *.log files. I have issues (or couldn't do) with extracting fields from... by SplunkDash Motivator in Splunk Search 03-09-2023 0 25	0	25
Comparing 2 groups of data I have 2 groups of data:messageId1: ['A', 'B', 'C']messageId2: ['A', 'E', 'F', 'G', 'T', 'Z'] How do I return the val... by ckutach Engager in Splunk Search 03-09-2023 0 2	0	2
How to Split rows into columns I am trying to split the values in both the columns and create 5 rows by assigning respective values. I need an outpu... by vik Explorer in Splunk Search 03-09-2023 0 2	0	2
How to get top 10 values for each multicolumn timechart? Here's my query: index=comp_logs "processed=" \| eval name=consumerGroupId \| timechart span=1h sum(processed) as proce... by sjim Loves-to-Learn in Splunk Search 03-09-2023 0 1	0	1
How Can IBM Qradar SIEM Integrates with Splunk SOAR? Hello Splunkers, I have client that already has a IBM Qradar SIEM and wants to Integrates with Splunk SOAR (formely ... by marcos_eng1 Explorer in Splunk Search 03-09-2023 0 1	0	1
How to create a single alert for multiple error codes Following is my query:index=backup \| stats count by errorsI have thousands of error codes in logs and I need to trigg... by shady6 Loves-to-Learn in Splunk Search 03-09-2023 0 1	0	1
query optimization on IP adress Hello community!I'm looking for a way to optimize this search below and I need some help : index="oswinsec" source="X... by Nico99 Explorer in Splunk Search 03-09-2023 0 2	0	2