Splunk Search

Community Activity

How can I apply split and regex TSV at the same time? Hi,I have logs separated by a tab. I have defined FIELD_DELIMITER=tab, INDEXED_EXTRACTIONS=tsv FIELD_NAMES etc in pro... by max8006 Explorer in Splunk Search 02-14-2023 0 1	0	1
How to Extract Event Logs from SignalFX via API? Hi, I'm trying to extract logs via API using /v2/event/find Found here: Retrieve Events V2 \| API Reference \| Splunk D... by rvillaflores Loves-to-Learn in Splunk Search 02-14-2023 0 0	0	0
How to select only one event? My query is this. index=log AND 1378 There are two event 20230112, 1378, error A/B/C, duration 100 20230112, 13... by disasters Explorer in Splunk Search 02-13-2023 0 7	0	7
How to track impossible travel events for users who are logging in to applications using Duo 2fa? Good afternoon, I'm looking for a way to track impossible travel events for users who are logging in to applications ... by drathbo New Member in Splunk Search 02-13-2023 0 3	0	3
Is it possible to use map search twice? Not sure if this is possible through Splunk query but what i am trying to do is basically retrieve field value from o... by ak9092 Path Finder in Splunk Search 02-13-2023 0 1	0	1
Extract any character when dot is present? Hi, I have different mails in my logs and I need to filter them in order to distinguish real users from technical use... by marco_massari11 Communicator in Splunk Search 02-13-2023 0 1	0	1
How to create over lapping dashboard? I am new to slunk, I have to create one dashboard and compare current day with same day of last week based on request... by ssharma Loves-to-Learn Lots in Splunk Search 02-13-2023 0 5	0	5
Why is dashboard report search unable to read from time picker? Hi All, My Dashboard panel which calls a report search is showing "Search did not return any events." When i click on... by neerajs_81 Builder in Splunk Search 02-13-2023 0 4	0	4
How to Sort data by using the value of Variable Name I have a query and at the end I want to sort the data by specific column But column is dynamically generated. i can g... by sukansingh Explorer in Splunk Search 02-13-2023 0 5	0	5
Error in 'search' command: Unable to parse the search: Right hand side of IN must be a collection of literals? index=index1 type=1 feature IN ([search index=index1 type=type2 application=weather_app \| dedup feature \| f... by buttsurfer Path Finder in Splunk Search 02-12-2023 0 2	0	2
How to extract some fields from an existing field which has backslashes? I have a field called folder_path which gives the values as follows. folder_path\Device\XYZ\Users\user_A\AppData\prog... by pavanae Builder in Splunk Search 02-12-2023 0 3	0	3
Is it possible to use stats inside a join command? I have a user table which shows which department each user belongs to. I want to join this with another table on User... by buttsurfer Path Finder in Splunk Search 02-12-2023 0 3	0	3
Searching for data around a time frame? Hello i am new I have combined data from cyclogs,adserver logs and firewall logs how can i search for data that happe... by Chris231289 Loves-to-Learn Lots in Splunk Search 02-12-2023 0 4	0	4
Why doesn't the stramstats work when I group by certain field? The search below doesn't work when i add department in the group by fields in the streamstats commands. It works with... by buttsurfer Path Finder in Splunk Search 02-12-2023 0 1	0	1
Rexgex Non-capturing group - still capturing? rex field=title "(?titleNEW(.*?)(?:-))" I have this rex command above but it still outputs the dash at the end which... by tb5821 Communicator in Splunk Search 02-11-2023 0 2	0	2
Why am I getting Invalid lookup table? I want to use a lookup table, but every time, I add the command to my search "\| lookup name_of_my_lookup", I'm gettin... by szabados Communicator in Splunk Search 02-10-2023 1 5	1	5
Help with search query for non-reporting IP addresses? Hi All,I have a field name ip_address which has 50 IP values in it. at every 5mins interval, I will receive the same... by vinothkumark Path Finder in Splunk Search 02-10-2023 0 1	0	1
How to take the result from a timechart 'sum by' and multiply it by another value? Hello, what I am trying to do in this search is sum the total CPU seconds, by report class, for a one day period. Onc... by jhewel2495 Engager in Splunk Search 02-10-2023 0 1	0	1
How to search a list of names and compare it to a different list of names? I have two lists: one has a list of hostnames and another has a list of prefixes to hostnames. I would like to create... by atebysandwich Path Finder in Splunk Search 02-10-2023 0 1	0	1
How to join two searches using one field AND a time constraint between the correlated events? Hi,I am trying to get a list of workstations trying to connect to malicious DNS using PaloAlto and SYSMON logs.From P... by corti77 Contributor in Splunk Search 02-10-2023 0 5	0	5
How to search earliest time in correlation search? Hi, I'm trying to create a correlation search in splunk unable to figure out options Time range earliest time/latest... by AL3Z Builder in Splunk Search 02-10-2023 0 3	0	3
Why can't I generate data table of statistics? Hi, My overall goal is to create a resulting data table with headings including HourOfDay, BucketMinuteOfHour, DayOfW... by POR160893 Builder in Splunk Search 02-10-2023 0 6	0	6
Is there a way to get logs in JSON format for an API call from a Springboot Application? Is there a way to get logs in JSON format for an API call from a Springboot Application? by kanurag1795 Engager in Splunk Search 02-10-2023 0 1	0	1
How to create a search for delay of data in Splunk? Hello all As a splunk in an early station  I currently have the following challenge:We have many indexes and we want... by ursfischer Engager in Splunk Search 02-10-2023 0 3	0	3
Why can't I plot timechart to investigate seasonality in index data? Hi, I am running the following query to check seasonality in my index:index="ABC\| timechart count by _time \| timechar... by POR160893 Builder in Splunk Search 02-10-2023 0 1	0	1