Splunk Search

Community Activity

How to create a multivalue to single value from XML? I need to create a single field named MemberOf from the XML snippet below. It should look like this: memberOf CN=But... by cmcdole Path Finder in Splunk Search 03-10-2023 0 4	0	4
Case condition to check 2 events on the same field Hi,I want to write a case condition where i can check values from Range column.For instanceIf range for both cost & p... by Ashwini008 Builder in Splunk Search 03-10-2023 0 5	0	5
Get the value of a dynamic name field Hello,I'm having an issue with a field search. I have a lookup where I specify for every sourcetype which field is re... by ivan5593 Explorer in Splunk Search 03-09-2023 0 2	0	2
How to extract from complex JSON file? Hello, I have complex JSON events ingested as *.log files. I have issues (or couldn't do) with extracting fields from... by SplunkDash Motivator in Splunk Search 03-09-2023 0 25	0	25
Comparing 2 groups of data I have 2 groups of data:messageId1: ['A', 'B', 'C']messageId2: ['A', 'E', 'F', 'G', 'T', 'Z'] How do I return the val... by ckutach Engager in Splunk Search 03-09-2023 0 2	0	2
How to Split rows into columns I am trying to split the values in both the columns and create 5 rows by assigning respective values. I need an outpu... by vik Explorer in Splunk Search 03-09-2023 0 2	0	2
How to get top 10 values for each multicolumn timechart? Here's my query: index=comp_logs "processed=" \| eval name=consumerGroupId \| timechart span=1h sum(processed) as proce... by sjim Loves-to-Learn in Splunk Search 03-09-2023 0 1	0	1
How Can IBM Qradar SIEM Integrates with Splunk SOAR? Hello Splunkers, I have client that already has a IBM Qradar SIEM and wants to Integrates with Splunk SOAR (formely ... by marcos_eng1 Explorer in Splunk Search 03-09-2023 0 1	0	1
How to create a single alert for multiple error codes Following is my query:index=backup \| stats count by errorsI have thousands of error codes in logs and I need to trigg... by shady6 Loves-to-Learn in Splunk Search 03-09-2023 0 1	0	1
query optimization on IP adress Hello community!I'm looking for a way to optimize this search below and I need some help : index="oswinsec" source="X... by Nico99 Explorer in Splunk Search 03-09-2023 0 2	0	2
How to convert seconds to milliseconds by stripping out seconds and then add it to milliseconds? Hello, I am performing the following search to extract the time taken to upload index=* my_search \|rex "\[upload\] ... by raghul725 Explorer in Splunk Search 03-09-2023 0 2	0	2
Disk Usage: How to show memory consuming files? Hello everyone Is there a way to determine what occupies disk storage? The following SPL yields a line graph that sho... by Gabriel Path Finder in Splunk Search 03-09-2023 0 2	0	2
How to transpose some rows to columns? The original data : _time reg exp raw 2019-09-20 A 1 100 2019-09-20 B 2 200 2019-09-20 C ... by jenniferhao Explorer in Splunk Search 03-09-2023 0 6	0	6
Comparing 2 searches using different sources? I am trying to make 2 searches using different indexes and sources The first search is looking for all entries with "... by ckutach Engager in Splunk Search 03-08-2023 0 1	0	1
What is splunk definition for yesterday time range? Hi , I have an alert scheduled to run every day 7 am and this runs on Time Range : Yesterday. Wanted to know how Splu... by Indu Engager in Splunk Search 03-08-2023 0 2	0	2
Need help with spath for json extraction I'm trying to use spath to extract fields from a json object in an event. This is the event2023-03-08T22:47:06.664521... by wheels531 Engager in Splunk Search 03-08-2023 0 1	0	1
How to table results with multiple evals? I have a search where I have multiple evals to check if items are true of false. With my results I want to show somet... by aohls Contributor in Splunk Search 03-08-2023 0 1	0	1
Is there any way to detect if somebody ran the delete command in a search? Hello all, Is there any possibility to detect if somebody ran a \| delete command? I do know about the "can delete" ... by pinVie Path Finder in Splunk Search 03-08-2023 1 4	1	4
How to create a drilldown from timechart to get all the events based datapoint clicked? Hi , I m new to splunk and still exploring. I have created a timechart with a span on 10 mins . The timechart has a s... by satishp00 Engager in Splunk Search 03-08-2023 0 1	0	1
Why does using "timechart" result in missing values? I have a search with a timechart command to fill a single value dashboard entry based on a count that comes from a DB... by kmaron Motivator in Splunk Search 03-08-2023 0 15	0	15
How to create a query for alerting two different events from the same host? I am working on a query to report on host/s that have triggered two different event types. For example windows event ... by Splunk77 Explorer in Splunk Search 03-08-2023 0 1	0	1
I have 2 mvfields, how to extract values that are present in 1 but not other? I feel like this should be a simple solution but I can't find it. So my search gives values that were present from a... by Aroot002 Path Finder in Splunk Search 03-08-2023 0 2	0	2
Why nested macros using the same argument wont work when the argument has strings in double quotes? We have this scenario where two nested macros using the same argument raises an error at the parsing of the second on... by joshiro Communicator in Splunk Search 03-08-2023 0 5	0	5
How to lookup against two-column table? I have an index with roughly 1.6 million records and want to compare the roughly 370'000 entries in the table with us... by LeeMoe Path Finder in Splunk Search 03-08-2023 0 6	0	6
How to change the field order of input? Before creating a lookup using the outputlookup command, I specified which fields I wanted and in which order I wante... by atebysandwich Path Finder in Splunk Search 03-08-2023 0 1	0	1