Splunk Search

Community Activity

How to extract data for a portion of the field? Hello Splunk Community, So I have a table that has results like below Name Tom01 Tom02 Tom03 Tom04 ... by CodingMaestro Path Finder in Splunk Search 02-23-2023 0 2	0	2
Why does lookup return null when there are multiple matches? I have a lookup with multiple columns (keys). Some combinations make a unique match, but I need an ambiguous search ... by yuanliu SplunkTrust in Splunk Search 02-23-2023 0 7	0	7
How to correlate list of users based on IP? I am trying to create a report that will take a username(user) and look for the most recent IP address(src_ip) they u... by ff170a Explorer in Splunk Search 02-22-2023 0 2	0	2
How to add host to command in the BY section? \| chart values(Date_Policy) BY Volume,WeekRange, in above command I wanted to add host as well in the BY section but ... by AShwin1119 Explorer in Splunk Search 02-22-2023 0 1	0	1
How to rearrange below numeric columns based on order? Hi, I have to rearrange below columns in below orderi.e. 31-60 Days, 61-90 Days, 91-120 Days,151-180 Days,Over 180 Da... by Ashwini008 Builder in Splunk Search 02-22-2023 0 4	0	4
How come this doesn't work given indexers.csv is a list of Splunk servers with role indexer? How come this doesn't work given indexers.csv is a list of Splunk servers with role Indexer? \| inputlookup indexers.c... by albledsoe Engager in Splunk Search 02-22-2023 0 2	0	2
Dashboard not populating as they have $ symbol in some field values, is there another way? Hello SplunkersI have the following search.The search works fine when running it but when its saved as a panel in a d... by power12 Communicator in Splunk Search 02-22-2023 0 3	0	3
Why does field becomes null when attempting to subtract? I am feeling puzzled. I am trying to take a date, convert it to epoch time, and then subtract a number of seconds fro... by iomega311 Explorer in Splunk Search 02-22-2023 0 3	0	3
Data Models and incomplete source data Greetings,I'm finally tackling the topic of data models within my organization, and am coming across situations I am ... by mjuestel2 Path Finder in Splunk Search 02-22-2023 0 4	0	4
How to check if a value exists in a list of values? Hi,I'm filtering a search to get a result for a specific values by checking it manually this way:.... \| stats sum(val... by sdhiaeddine Explorer in Splunk Search 02-22-2023 0 2	0	2
How to compare data from data model with data from data set? Hello, I have a data model named firewall_logs with firewall data in which the interesting fields are: file_hash, url... by danutmatei Explorer in Splunk Search 02-22-2023 0 0	0	0
Why doesn't my rex code work? Very strange scenario. I'll use a rex statement to retrieve data and it works perfectly. If I copy and paste the rex ... by JBlackberg Engager in Splunk Search 02-22-2023 0 5	0	5
How to join and read input from csv? I've a query index="main" app="student-api" "tags.path"=/enroll "response"=succcess which also gives a trace_id a... by GhanaRusk Engager in Splunk Search 02-22-2023 0 11	0	11
How to create a correlation search that would trigger an alert for a search? I need to create a correlation search that would trigger an alert if it found a match from IPs from: \| inputlookup ip... by Kitag345 Explorer in Splunk Search 02-21-2023 0 1	0	1
How to compare field from one index to multiple field in other index? Good day,I have a usecase explained below -Index A has Reporting_Host (mix of IP address, hostname, FQDN) and Index C... by Navanitha Path Finder in Splunk Search 02-21-2023 0 5	0	5
How to do the opposite of match()? I'm trying to do a DOES NOT match() instead of a match(). http://docs.splunk.com/Documentation/Splunk/6.1/SearchRefer... by thisissplunk Builder in Splunk Search 02-21-2023 1 4	1	4
How to add and divide field results for percentage? I'm trying to figure out the percent of successful authentications from out vulnerability scans. There is a field nam... by atebysandwich Path Finder in Splunk Search 02-21-2023 0 3	0	3
Field Alias Applied to Hostname - Events Matched But No Results? Hi,I am new to Splunk so please forgive me.I had created a field field, where if the hostname contains "-us" then r... by kbarton New Member in Splunk Search 02-21-2023 0 3	0	3
Why are results showing when there are none? Hi,I have an index= random_index which contains JSON data of a URL HTTP status code like {'availability':200,applicat... by lostcauz3 Path Finder in Splunk Search 02-21-2023 0 1	0	1
Do you have to use the props.conf method or GUI for a field extraction in a clustered environment? Hi, For field extractions in a clustered environment do you have to use the props.conf method or can you use the fiel... by joe06031990 Communicator in Splunk Search 02-21-2023 0 1	0	1
How to extract fields from json attributes? I am sending some traces from my service to Splunk using the OpenTelemetry Collector and the Splunk HEC exporter. My ... by sergimola Explorer in Splunk Search 02-21-2023 0 5	0	5
Parse a value and then use that as new query to search? Hi, I have an unusual scenario for the data I am working with and would like to see if it's even possible to extract ... by zakirhere New Member in Splunk Search 02-21-2023 0 2	0	2
Why is there alerting slowness issues after upgrade? Hi All, After splunk upgrade from 8.0 to 9.0.2 , i am facing the slowness in alerting to create ticket . Can anyone h... by AKBBB Explorer in Splunk Search 02-21-2023 0 0	0	0
How to parse these events? Hi Experts,I have below eventsEvent 1 : TRANEND TRANS ABENDS TRN1 ABN1 blah blahEvent 2 : TRANEND CICS_TRAN_Abends CI... by ravikumar_sri20 Engager in Splunk Search 02-21-2023 0 3	0	3
How to combine two search results? Hello  I need your help for a subject. I want to combine two search results and I need you help beacause I have a p... by anissabnk Path Finder in Splunk Search 02-21-2023 0 7	0	7