Splunk Search

Community Activity

Removing unwanted records for a single output? Hi There, These results are for a particular serial number, we do have many results like this for several serial ... by smanojkumar Contributor in Splunk Search 03-02-2023 0 10	0	10
What Search can monitor Password Changed not by Automation? Hi Splunk Community, I need a Splunk Query that monitors a password change in the DC log source that was not performe... by Eyal Path Finder in Splunk Search 03-02-2023 0 4	0	4
How to create an alert with two condition to meet by sequence before the alert can trigger? Hi, I want to create an alert with two condition to meet by sequence before the alert can trigger. We are using event... by syazwani Path Finder in Splunk Search 03-02-2023 1 5	1	5
How to extract the user and move it to a field in Splunk? How to extract the following user and move it to a field in Splunk?message: xad="/home/andy"message: xad="/home/georg... by LearningGuy Motivator in Splunk Search 03-02-2023 0 2	0	2
Splunk DB connect: How to avoid output duplicate data into database? I am using Splunk DB connect to push my data from Splunk to oracle database. However, I can't not figure out how to a... by amoswuchi Loves-to-Learn Lots in Splunk Search 03-02-2023 0 5	0	5
Adding delimiter to a field values Hi all,I need some help in creating a new field,I have a field like followingField 1AABBCCDDEEFFAAAABBBBCCCC Id like ... by Laxman24 Explorer in Splunk Search 03-02-2023 1 4	1	4
Why does my search empty during run? Hi all.I have a search that searches a large amount of events.Its run on fast mode, on the statistics page.When i sta... by michaelnorup Communicator in Splunk Search 03-02-2023 0 3	0	3
DateParserverbose warning logs despite having proper Time format and prefix in props.conf Hey community,Need your help!!!!We have lot of internal warn logs for DateParserverbose issue in our splunk prod envi... by likithgowda New Member in Splunk Search 03-02-2023 0 4	0	4
SPL search to find the license purchase and expiration date in Splunk Cloud? As rest command has some limitation on splunk cloud. How to find the license purchase date and expiration date on spl... by restinlinux Explorer in Splunk Search 03-01-2023 0 0	0	0
Stats for multiple fields in the same table? I have logs like below: { [-] TransactionName: "my TransactionName" type1Error: NA eventTime: 2023-02-28... by Nidd Path Finder in Splunk Search 03-01-2023 0 4	0	4
Dedup not removing results that are duplicates Hi All!Had a look around but couldn't find an answer to this. I'm trying to do a search where I track a users log in ... by Southy567 Explorer in Splunk Search 03-01-2023 0 1	0	1
How to extract rex specific data from Splunk log? We have a rule engine that assigns category codes to items. The category codes are assigned per location. We want to ... by AnirbanG Loves-to-Learn Lots in Splunk Search 03-01-2023 0 5	0	5
How to perform splunk subsearch through Splunk java SDK? how to perform splunk subsearch through splunk java SDK by kanurag1795 Engager in Splunk Search 03-01-2023 0 1	0	1
What is the Default bucketing time and retention policy? Hello to all I would like to know the default time set for hot, warm, cold and frozen buckets. I also want to know wh... by splunkcol Builder in Splunk Search 03-01-2023 0 0	0	0
Help searching IIS/W3C log for parent URL? We're indexing a set of standard IIS W3C logs into our indexer and have a need to obtain a list of the parent sites f... by marshallsuk Engager in Splunk Search 03-01-2023 0 1	0	1
What is the difference between $user$ and user=$user$ ? Hello, I can see in many Use Cases examples that tokens are using alternately in drill down searches:$user$ and user=... by suspense Explorer in Splunk Search 03-01-2023 0 2	0	2
How to add multiple email addresses in Splunk Alert based on field value? Hello Splunkers, How can we send email to multiple email addresses using Splunk alert? I saw below documentation in ... by whitefang1726 Path Finder in Splunk Search 03-01-2023 0 3	0	3
How to start time calculation for each transaction? Hi , I have a splunk log where we have End time and time to Serve Requst (in Millisec).i want calculate Start ti... by xp001975 Explorer in Splunk Search 02-28-2023 0 14	0	14
How to extract local user account in Splunk from syslog messages in unix audit.log? How to extract local user account in Splunk from syslog messages in unix audit.log?Thanks by LearningGuy Motivator in Splunk Search 02-28-2023 0 1	0	1
How to write Timechart for search with binary value result? Hi I have a field, mode, which returns either returns data or is None (mode_true, mode_false). I'm trying to search a... by mrf23 Explorer in Splunk Search 02-28-2023 0 4	0	4
How to create alert if there is no data from an extracted field? Hello Splunkers , I am trying to schedule an alert when there is no data from a particular field which is extracted f... by power12 Communicator in Splunk Search 02-28-2023 0 4	0	4
Why can't I search field values created in eval? I have a field called "Node_ID" that I extracted from another field "issue" that is formatted as N1234. There were so... by michaeler Communicator in Splunk Search 02-28-2023 0 1	0	1
How to search to find disabled alert? Hi!I'm using Splunk cloud. Trying to create alert to catch event when someone disabling alert.Need advice on the sear... by kimberlytrayson Path Finder in Splunk Search 02-28-2023 0 6	0	6
How to extract field from source field? I am trying extract "user20" from rest of "_9a4ab75c_239_process.log". tried multiple ways but unable to separate th... by ravir_jbp Explorer in Splunk Search 02-28-2023 0 1	0	1
How to perform splunk search for local account in the openstack tenant (and audit) logs ? How to perform splunk search for local account in the openstack tenant (and audit) logs ?Thanks by LearningGuy Motivator in Splunk Search 02-28-2023 0 3	0	3