Splunk Search

Community Activity

Charting completion time on daily basis Hi, I'm trying to build a line graph that would show me the completion time of an event on a daily basis. The complet... by nomad1981 Explorer in Splunk Search 02-14-2023 0 3	0	3
Which type of host is talking to which type of host on which port Hey everyone,I want to create a search that gives me the following information in a structured way: Which type of hos... by erikschubert Engager in Splunk Search 02-14-2023 0 3	0	3
Any ideas on Auditing Content Library? I need to provide audit details on our ES Content Library. Using rest, I can identify searches that have been updated... by gazoscreek Path Finder in Splunk Search 02-14-2023 0 1	0	1
Is there a way to choose the smaller subnet that contains the src_ip? Hi, I have a lookup definition that look like that: When I'm running this search with looking up in this lookup difi... by joock3r Explorer in Splunk Search 02-14-2023 0 1	0	1
How to write a rex to extract values in a field that are delimited by comma? I want to write a rex to extract values in a field that are delimited by comma. index=group sourcetype="ext:user_acco... by zacksoft_wf Contributor in Splunk Search 02-14-2023 0 4	0	4
How to filter out value based from another another column? HiGreatly appreciate your help, would like to know if there is any way i could filter out a value based from another ... by villnooB Explorer in Splunk Search 02-14-2023 0 1	0	1
How can I apply split and regex TSV at the same time? Hi,I have logs separated by a tab. I have defined FIELD_DELIMITER=tab, INDEXED_EXTRACTIONS=tsv FIELD_NAMES etc in pro... by max8006 Explorer in Splunk Search 02-14-2023 0 1	0	1
How to Extract Event Logs from SignalFX via API? Hi, I'm trying to extract logs via API using /v2/event/find Found here: Retrieve Events V2 \| API Reference \| Splunk D... by rvillaflores Loves-to-Learn in Splunk Search 02-14-2023 0 0	0	0
How to select only one event? My query is this. index=log AND 1378 There are two event 20230112, 1378, error A/B/C, duration 100 20230112, 13... by disasters Explorer in Splunk Search 02-13-2023 0 7	0	7
How to track impossible travel events for users who are logging in to applications using Duo 2fa? Good afternoon, I'm looking for a way to track impossible travel events for users who are logging in to applications ... by drathbo New Member in Splunk Search 02-13-2023 0 3	0	3
Is it possible to use map search twice? Not sure if this is possible through Splunk query but what i am trying to do is basically retrieve field value from o... by ak9092 Path Finder in Splunk Search 02-13-2023 0 1	0	1
Extract any character when dot is present? Hi, I have different mails in my logs and I need to filter them in order to distinguish real users from technical use... by marco_massari11 Communicator in Splunk Search 02-13-2023 0 1	0	1
How to create over lapping dashboard? I am new to slunk, I have to create one dashboard and compare current day with same day of last week based on request... by ssharma Loves-to-Learn Lots in Splunk Search 02-13-2023 0 5	0	5
Why is dashboard report search unable to read from time picker? Hi All, My Dashboard panel which calls a report search is showing "Search did not return any events." When i click on... by neerajs_81 Builder in Splunk Search 02-13-2023 0 4	0	4
How to Sort data by using the value of Variable Name I have a query and at the end I want to sort the data by specific column But column is dynamically generated. i can g... by sukansingh Explorer in Splunk Search 02-13-2023 0 5	0	5
Error in 'search' command: Unable to parse the search: Right hand side of IN must be a collection of literals? index=index1 type=1 feature IN ([search index=index1 type=type2 application=weather_app \| dedup feature \| f... by buttsurfer Path Finder in Splunk Search 02-12-2023 0 2	0	2
How to extract some fields from an existing field which has backslashes? I have a field called folder_path which gives the values as follows. folder_path\Device\XYZ\Users\user_A\AppData\prog... by pavanae Builder in Splunk Search 02-12-2023 0 3	0	3
Is it possible to use stats inside a join command? I have a user table which shows which department each user belongs to. I want to join this with another table on User... by buttsurfer Path Finder in Splunk Search 02-12-2023 0 3	0	3
Searching for data around a time frame? Hello i am new I have combined data from cyclogs,adserver logs and firewall logs how can i search for data that happe... by Chris231289 Loves-to-Learn Lots in Splunk Search 02-12-2023 0 4	0	4
Why doesn't the stramstats work when I group by certain field? The search below doesn't work when i add department in the group by fields in the streamstats commands. It works with... by buttsurfer Path Finder in Splunk Search 02-12-2023 0 1	0	1
Rexgex Non-capturing group - still capturing? rex field=title "(?titleNEW(.*?)(?:-))" I have this rex command above but it still outputs the dash at the end which... by tb5821 Communicator in Splunk Search 02-11-2023 0 2	0	2
Why am I getting Invalid lookup table? I want to use a lookup table, but every time, I add the command to my search "\| lookup name_of_my_lookup", I'm gettin... by szabados Communicator in Splunk Search 02-10-2023 1 5	1	5
Help with search query for non-reporting IP addresses? Hi All,I have a field name ip_address which has 50 IP values in it. at every 5mins interval, I will receive the same... by vinothkumark Path Finder in Splunk Search 02-10-2023 0 1	0	1
How to take the result from a timechart 'sum by' and multiply it by another value? Hello, what I am trying to do in this search is sum the total CPU seconds, by report class, for a one day period. Onc... by jhewel2495 Engager in Splunk Search 02-10-2023 0 1	0	1
How to search a list of names and compare it to a different list of names? I have two lists: one has a list of hostnames and another has a list of prefixes to hostnames. I would like to create... by atebysandwich Path Finder in Splunk Search 02-10-2023 0 1	0	1