Splunk Search

Community Activity

Data Models and incomplete source data Greetings,I'm finally tackling the topic of data models within my organization, and am coming across situations I am ... by mjuestel2 Path Finder in Splunk Search 02-22-2023 0 4	0	4
How to check if a value exists in a list of values? Hi,I'm filtering a search to get a result for a specific values by checking it manually this way:.... \| stats sum(val... by sdhiaeddine Explorer in Splunk Search 02-22-2023 0 2	0	2
How to compare data from data model with data from data set? Hello, I have a data model named firewall_logs with firewall data in which the interesting fields are: file_hash, url... by danutmatei Explorer in Splunk Search 02-22-2023 0 0	0	0
Why doesn't my rex code work? Very strange scenario. I'll use a rex statement to retrieve data and it works perfectly. If I copy and paste the rex ... by JBlackberg Engager in Splunk Search 02-22-2023 0 5	0	5
How to join and read input from csv? I've a query index="main" app="student-api" "tags.path"=/enroll "response"=succcess which also gives a trace_id a... by GhanaRusk Engager in Splunk Search 02-22-2023 0 11	0	11
How to create a correlation search that would trigger an alert for a search? I need to create a correlation search that would trigger an alert if it found a match from IPs from: \| inputlookup ip... by Kitag345 Explorer in Splunk Search 02-21-2023 0 1	0	1
How to compare field from one index to multiple field in other index? Good day,I have a usecase explained below -Index A has Reporting_Host (mix of IP address, hostname, FQDN) and Index C... by Navanitha Path Finder in Splunk Search 02-21-2023 0 5	0	5
How to do the opposite of match()? I'm trying to do a DOES NOT match() instead of a match(). http://docs.splunk.com/Documentation/Splunk/6.1/SearchRefer... by thisissplunk Builder in Splunk Search 02-21-2023 1 4	1	4
How to add and divide field results for percentage? I'm trying to figure out the percent of successful authentications from out vulnerability scans. There is a field nam... by atebysandwich Path Finder in Splunk Search 02-21-2023 0 3	0	3
Field Alias Applied to Hostname - Events Matched But No Results? Hi,I am new to Splunk so please forgive me.I had created a field field, where if the hostname contains "-us" then r... by kbarton New Member in Splunk Search 02-21-2023 0 3	0	3
Why are results showing when there are none? Hi,I have an index= random_index which contains JSON data of a URL HTTP status code like {'availability':200,applicat... by lostcauz3 Path Finder in Splunk Search 02-21-2023 0 1	0	1
Do you have to use the props.conf method or GUI for a field extraction in a clustered environment? Hi, For field extractions in a clustered environment do you have to use the props.conf method or can you use the fiel... by joe06031990 Communicator in Splunk Search 02-21-2023 0 1	0	1
How to extract fields from json attributes? I am sending some traces from my service to Splunk using the OpenTelemetry Collector and the Splunk HEC exporter. My ... by sergimola Explorer in Splunk Search 02-21-2023 0 5	0	5
Parse a value and then use that as new query to search? Hi, I have an unusual scenario for the data I am working with and would like to see if it's even possible to extract ... by zakirhere New Member in Splunk Search 02-21-2023 0 2	0	2
Why is there alerting slowness issues after upgrade? Hi All, After splunk upgrade from 8.0 to 9.0.2 , i am facing the slowness in alerting to create ticket . Can anyone h... by AKBBB Explorer in Splunk Search 02-21-2023 0 0	0	0
How to parse these events? Hi Experts,I have below eventsEvent 1 : TRANEND TRANS ABENDS TRN1 ABN1 blah blahEvent 2 : TRANEND CICS_TRAN_Abends CI... by ravikumar_sri20 Engager in Splunk Search 02-21-2023 0 3	0	3
How to combine two search results? Hello  I need your help for a subject. I want to combine two search results and I need you help beacause I have a p... by anissabnk Path Finder in Splunk Search 02-21-2023 0 7	0	7
How to prevent DNS resolution? Hey all, Our raw syslogs are showing IP addresses of sourced events, but the results in Splunk is changing the IP add... by willspk Engager in Splunk Search 02-21-2023 0 3	0	3
How to enable search for specific index? I decided to make a search with following situation. However, I would like to enhance the performance that when user... by Raymond2T Path Finder in Splunk Search 02-21-2023 0 7	0	7
How to append multiple columns to get result I am looking to get the data in year, month, day, hour, minute and second basissearch criteria is index="abc" rex fie... by aaa2324 Explorer in Splunk Search 02-21-2023 0 2	0	2
Hybrid Splunk and ELK correlation? Hi, I hope that asking this question will not cause controversy. I currently manage a hybrid between Splunk and ELK, ... by splunkcol Builder in Splunk Search 02-21-2023 0 1	0	1
How can I move spath and mvexpand into props.conf? Hi, This work when I use it at search time: \| spath path=messageParts{} output=message \| mvexpand message \| rex field... by jnhth Explorer in Splunk Search 02-21-2023 0 0	0	0
Logging events on alerting? Hi Team,working on how to log individual rows in my search result table as individual events in Splunk. Below is a pi... by 11v New Member in Splunk Search 02-20-2023 0 1	0	1
How to join searches to search for inactive Splunk users? So i am trying to get a list of inactive splunk users. I have first tried just grabbing a list of all the users with ... by michaelnorup Communicator in Splunk Search 02-20-2023 0 2	0	2
Multiple values are showing in the single field after joining the lookup. Hello Splunkers,I have two lookups which are need to join. In lookup1.csv its containing the Rule name and the techni... by LRathinakumar Explorer in Splunk Search 02-20-2023 0 3	0	3