Splunk Search

Community Activity

Track User Login/Logout exclude first 2 hours of the day (midnight-2am) index=endpoint_ms_winevents sourcetype=XmlWinEventLog user=TESTER EventID=4624 OR EventID=4634\| stats earliest_time(_... by wingfieldj Explorer in Splunk Search 12-12-2025 0 6	0	6
Looking for feedback on SPL design using map command (concerns about performance and safety) Hi Splunk Community,I have created the following SPL for scheduled alerts. Some parts are masked for confidentiality,... by Kimiko New Member in Splunk Search 12-10-2025 0 4	0	4
Streamstats with rex and multiple "by" fields I am attempting to rex out some fields from a source log and then if FIELD1 changes in a 24 hour period when the othe... by RobK700000 Engager in Splunk Search 12-10-2025 0 1	0	1
List of existing indexes Is it possible to get list of all indexes with creation time and who created the index? by Sailesh6891 Engager in Splunk Search 12-09-2025 0 3	0	3
Classify IPv4 and IPv6 addresses as Internal vs External How can I reliably classify IPv4 and IPv6 addresses as internal vs external? Requirements:Handle both IPv4 and IPv6V... by msquicc Path Finder in Splunk Search 12-09-2025 0 1	0	1
Splunk tstats search with IPV6 subnet - WHERE clause is not an exact query Hello,I want to run a datamodel tstats search, excluding some events with a lookup for src_ip's. In case I fill the l... by mfleitma Explorer in Splunk Search 12-09-2025 0 5	0	5
Matching with a lookup I'm trying to set up a regular search to check all our GitHub packages against the latest Shai Hulud npm packages.wit... by DaveBunn Path Finder in Splunk Search 12-07-2025 0 3	0	3
AnomaliDetection does not detect outlier data In the below dataset, there are two different ISPs for the user from their usual ones.NordVPN for John and Quadranet ... by ashishmgupta Explorer in Splunk Search 12-06-2025 0 2	0	2
Return results if join has no results. Hi all,I have a search with a Join. For the event I am Joining the Master search may not always have corresponding ev... by becksyboy Contributor in Splunk Search 12-04-2025 0 2	0	2
What exactly is a tsdix file? what exactly is a tsidx file? Can someone explain please? I don't quite understand the definition: "A tsidx file as... by aoliullah Path Finder in Splunk Search 12-02-2025 4 5	4	5
KVstore usage verification on Indexers \| check before disabling Background:I have a client with a large clustered environment, I have recently upgraded it to 9.4.6 and fixed wiredTi... by NullZero Path Finder in Splunk Search 12-02-2025 0 10	0	10
Some AD groups are not displaying when setting up LDAP Hi all,I have setup an LDAP connection to my AD server. But when I click on LDAP Groups, not all groups are displayed... by DashZentin Explorer in Splunk Search 12-02-2025 0 3	0	3
How to process BOTS data? Hi everyone,I'm working with the botsv1 attack-only dataset and I need some guidance on how to approach a few SPL tas... by zakaria1996-cyb New Member in Splunk Search 11-29-2025 0 1	0	1
How to rename dynamic fields ? Hi All,Thanks in AdvanceI have a requirement we are onboarding CSV files that contain events. I am writing query to d... by karthi2809 Builder in Splunk Search 11-28-2025 0 4	0	4
Help Getting Grandparent Processes added to events I have an alert which filters process creation Windows logs. I'm attempting to add the grandparent process and comman... by dtaylor Path Finder in Splunk Search 11-27-2025 0 18	0	18
How get data for yesterday, last month on that day, and last year on that day I want o create a dashboard for my API response times and TPS for comparison between multiple timeframes. When ever s... by kuul13 Explorer in Splunk Search 11-26-2025 0 8	0	8
Alert Hi , I want to make an alert of all the indexes that are receiving 0 events in last 24 hr. Thanks by SN1 Path Finder in Splunk Search 11-25-2025 0 1	0	1
How to finetune subsearch I have below requirement. I am working on two types of events. Source 1 - From here I wanted to take employee email a... by NAGA4 Engager in Splunk Search 11-25-2025 0 2	0	2
Extraction does not take place in raw events This happens in one of newly installed 10.0.1 instances. The only data ingested is tutorialdata.zip from Splunk Tuto... by yuanliu SplunkTrust in Splunk Search 11-25-2025 0 3	0	3
Help with DNS Top 10, HTTP Traffic Volume by Day, and Time-Based Line Chart BOTSv1 Hi all,I’m working with the BOTSv1 dataset in Splunk and I’m trying to solve three tasks.I would appreciate some guid... by samaG02 Engager in Splunk Search 11-25-2025 0 2	0	2
Duplicated JSON fields on search Hello, I am running into the "common" issue of duplicated JSON fields. I use Splunk Enterprise 9.2, with an Universal... by john789789 Observer in Splunk Search 11-22-2025 0 4	0	4
Create a HEC Token For splunk Enterprise & Splunk Cloud via the PostMan Tool I ve came across a post where im trying to fetch the HEC Token via the REST API.When I tried that locally Im getting ... by PoojaDevi Loves-to-Learn Lots in Splunk Search 11-21-2025 0 4	0	4
Using Splunk to Analyze Web Traffic & Machine-Generated Data from External Content Sites I’ve been working with Splunk recently to improve the way we collect and analyze machine-generated data coming from v... by Joe_Hartzel Explorer in Splunk Search 11-21-2025 0 0	0	0
search to generate 5 sample events for lots of index/sourcetype pairs I need to provide feedback on ways logging formats could be improved.To that end, I'm trying to create a search that ... by esalesapns2 Communicator in Splunk Search 11-21-2025 0 3	0	3
Splunk forwader Can i get help with how i can download the older version of splunk forwader. The 9.0.5 specifically. It's not amongst... by ginagodwin New Member in Splunk Search 11-20-2025 0 3	0	3