Splunk Search

Community Activity

How to monitor deviation to log volume? I am trying to monitor drop in events per index. What is the best way to get a baseline and detect deviation to the v... by Splunk77 Explorer in Splunk Search 02-09-2023 0 3	0	3
Lookup filtering performance on very large lookups This is not a question, rather I am sharing something that I discovered with a Splunk OnDemand support call. I though... by lindonmorris Explorer in Splunk Search 02-09-2023 1 1	1	1
How to create Splunk search to check the last 15 minutes then increment by 1 minute? For example: i have been hitting the pavement trying to figure out a search query for events that happened between 3:... by Baragatti Observer in Splunk Search 02-09-2023 0 4	0	4
How to separate values in a field to new fields? I have a lookup with a field called IP. The field has values that have multiple IPs in them an I would like to sperat... by atebysandwich Path Finder in Splunk Search 02-09-2023 0 4	0	4
search Please need help with this command -Average response time with 10% additional buffer ( single number) – Use “Eval” op... by navarone0161 Explorer in Splunk Search 02-09-2023 0 2	0	2
How to use fillnull or similar before an eval? As I write this I realize that what I want is likely not possible using this method. I want a fillnull (or similar) ... by MScottFoley Path Finder in Splunk Search 02-09-2023 0 4	0	4
How to force delete savedsearch results after x time , disable " AutomIatic lifetime extensions"? Is there a setting that stops the "AutomIatic lifetime extensions" (https://docs.splunk.com/Documentation/Splunk/9.... by teunlaan Contributor in Splunk Search 02-09-2023 0 0	0	0
Detect host connecting to malicious domains - PaloAlto + AD join statement Hi,I am trying to get a list of workstations trying to connect to malicious DNS using PaloAlto and Windows AD logs.Fr... by corti77 Contributor in Splunk Search 02-09-2023 0 4	0	4
How to parse XML and props.conf? This is very similar to a lot of XML parsing questions, however I have read through ~20 topics and am still unable to... by poojithavasanth Explorer in Splunk Search 02-09-2023 0 7	0	7
How to search with cidrmatch with multiple subnets? Hello everyone, I got such table after search ipsubnets10.0.0.2 10.0.0.0/24 10.0.0.3 10.0.0.0/24 172.24.23.23/24 ... by bosseres Contributor in Splunk Search 02-09-2023 0 6	0	6
Why does REST API return nested json as string not json? Hi,I am using the REST API to pull data from splunk, using the output_mode=json.The data that is returned is a mix of... by bdunstan Path Finder in Splunk Search 02-09-2023 0 3	0	3
How to match string which include random numbers with a lookup? Hello Team,i have the following problem.Inside my data i have a String like:Error in Data \| 5432323 from endpoint 543... by klischatb Path Finder in Splunk Search 02-09-2023 0 3	0	3
Why is UF not reporting to DS? Hi, I have 10 hosts, from this only 3 hosts are reporting to DS and 7 are not reporting.when i searched with _interna... by Vani_26 Path Finder in Splunk Search 02-09-2023 0 2	0	2
How to group events based on a fields with predefined values? I need to group by a field where all possible values should be shown in the result.For example, the below snippet gro... by ChrisPatin New Member in Splunk Search 02-08-2023 0 1	0	1
How to fill count number of previous month when there is no data? Hi Splunk community, I have a chart display the number of users in each month. There was no data coming in in October... by boxmetal Path Finder in Splunk Search 02-08-2023 0 3	0	3
What does default to? Because of a typo we had the following in our query: earliest=-1@d Since Splunk query actually ran I assumed that s... by pm771 Communicator in Splunk Search 02-08-2023 0 5	0	5
How to achieve a field extraction where field differs in location per log row but still has structure? I have an OpenCanary which is using a webhook to deliver data into my Splunk instance. It works really well but my re... by LeeMoe Path Finder in Splunk Search 02-08-2023 0 3	0	3
Can't I use backslashes in Splunk searches? I have a Splunk query as below which pulls some events. index="windows_events" TargetFileName="startup" Now from t... by pavanae Builder in Splunk Search 02-08-2023 0 1	0	1
How do I write this search with a mvindex with a conditional? Hello, I have the below SPL with the two mvindex functions. mvindex position '6' in the array is supposed to apply ht... by user33 Path Finder in Splunk Search 02-08-2023 0 5	0	5
How to use field inside quoted search as a variable? Hi, I have the following joined Splunk query:index="myIndex" source="mySource1" \| fields _time, _raw \| rex "Naam van... by Bleepie Communicator in Splunk Search 02-08-2023 0 7	0	7
Can anyone direct me to a mechanism to export run data (success/failure) for HTTP checks via CSV? Without the ability to remove testing errors in uptime calculation when reporting monthly numbers, I spend a lot... by sflesch360 Engager in Splunk Search 02-08-2023 0 4	0	4
Calculate number of decimals for each record in field? Field = 1.123456789 Field = 14.123456 Field = 3.1234567 I need to run a query that will return the number of decimals... by DPOIRE Path Finder in Splunk Search 02-08-2023 0 2	0	2
How to stop searching when first result was found in each index in multisearch Hello I find it difficult to stop the search when I got first result in multisearch.I tried \|head 1 but it can't be ... by Raymond2T Path Finder in Splunk Search 02-08-2023 0 4	0	4
Can anyone tell me why Account ID and User Agent aren't displaying in my table? index=akamai "httpMessage.host"="" "httpMessage.path"="/auth/realms/user/login-actions/authenticate" "User-Agent:*"... by jhilton90 Path Finder in Splunk Search 02-08-2023 0 4	0	4
Should I use lookup or inputlookup in search? Hello Splunkers, Please if someone can help me with a Splunk query, I have a list of IPs I imported in lookup table, ... by mohsplunking Path Finder in Splunk Search 02-08-2023 0 4	0	4