Splunk Search

Community Activity

How to join with rex not working? I have 2 index, abc and bcz index abc data is in raw format like below. <random ip address>\|-NA\CAPITA\|5xxhxh545\|jljd... by harryhcg Explorer in Splunk Search 02-02-2023 0 5	0	5
Multi Select ALL value shows no data Hello,I am using 2 multi select dropdown. When its on the default value 'ALL' then it doesn't show any value in the... by Neel88 Explorer in Splunk Search 02-02-2023 0 1	0	1
Searching for matches in Output across entire range? (index="external" Feedback "Text") \| transaction channel startswith=POST endswith=received maxspan=1m maxevents=2 ... by interrobang Explorer in Splunk Search 02-02-2023 0 3	0	3
Construct multivariable histogram chart? I have a search along these lines "duration: " \| rex field=host "(?P<host_type>[my_magic_regex])" \| rex "duration... by cool_pbenjamin New Member in Splunk Search 02-02-2023 0 1	0	1
How to find inputlookup value in result? \| inputlookup suspicious_win_comm.csv lookup table contents has only keyword keyword <- field name tasklist ver i... by jamesjung01 Explorer in Splunk Search 02-02-2023 0 2	0	2
Why is Index bucket rolling faster than what is set in indexes.conf? Hello SplunkersI am pretty new to splunk admin .I have the following config set up in indexes.conf where I set up one... by power12 Communicator in Splunk Search 02-02-2023 0 8	0	8
How to achieve providing timestamp field when event does not contain time in it? Hello, I wanted a EVAL statement which manually adds a specified time may be "00:00:00" for the event containing only... by poojithavasanth Explorer in Splunk Search 02-02-2023 0 2	0	2
How to convert a large number to string with expressions of long and short scales, or neither. Numeral system macros for SplunkExamples of Single Value panel and Table.Hello,Just an announcement.I have created ma... by tfujita_splunk Splunk Employee in Splunk Search 02-02-2023 3 0	3	0
How to change the date format from 'yyyy-mm-dd' to 'mm-dd-yyyy' on the saved search? I am working on the saved search not index/lookup.I tried this code - \| eval date=strftime(strptime(<fieldname>,"%Y-%... by Neel88 Explorer in Splunk Search 02-02-2023 0 5	0	5
How to calculate the total count of occurances of a timestamp ? Basically I have a set of raw data with different time stamp in CCYYMMDDHHMMSS format. I want to list out the stats w... by naveenalagu Explorer in Splunk Search 02-02-2023 0 6	0	6
How to rename fields only from a certain search (Search1) OR (Search 2)? Hello everyone,I have a search in the following format:(index="index1" group=a) OR (index="index2" group=a)....Later ... by erikschubert Engager in Splunk Search 02-02-2023 0 1	0	1
Why are there missing fields for sample queries? Hi I'm implementing some searches provided by Splunk Threat Research Team to detect threats from AD logs. But I canno... by syamaguchi3 Explorer in Splunk Search 02-02-2023 0 2	0	2
How to exclude results using checkbox? I have the following search which returns a table of all hostnames and operating systems. \| inputlookup hosts.csv\| se... by tomapatan Contributor in Splunk Search 02-02-2023 0 4	0	4
Why do less events display while searching as * then search hostname while its showing if I search at the beginning? Hi Guys, Less Event displayed while searching as * then search hostname while its showing if I search at the beginnin... by AKBBB Explorer in Splunk Search 02-02-2023 0 11	0	11
How to join two table with aggrouped date value? A have two tables anda i want to relation this two tables by nember of events in a hour, i manage to make a SQL quer... by arriel96 Explorer in Splunk Search 02-02-2023 0 4	0	4
How to plot two sets of data in line chart when BOTH is selected? Hello Everyone, I have dashboard with token value as datacenter, which has 3 options from dropdown: Dublin ="*dbl_dc_... by super_edition Path Finder in Splunk Search 02-02-2023 0 4	0	4
Why time filter value/range is not being passed to the query result? Does anyone know why the time range picker here on the right side (set to Yesterday Jan 30) cannot affect my _time da... by chongdong Explorer in Splunk Search 02-02-2023 0 3	0	3
How to achieve Crowdsec json logs fields extraction? Hello Splunk's community, I got some difficulty for the fields extraction in crowdsec's logs which are format with JS... by NEHS Loves-to-Learn in Splunk Search 02-01-2023 0 1	0	1
Why time zone conversion does not always work (Zscaler ZPA)? I've been working on a Dashboard/Query that takes two date/time values (UTC) from Zscaler ZPA logs and converts to lo... by MSY Explorer in Splunk Search 02-01-2023 0 4	0	4
How to get count of each source by IP ? Query:\|tstats count where index=afg-juhb-appl host_ip=* source=* TERM(offer)i want to get the count of each... by Vani_26 Path Finder in Splunk Search 02-01-2023 0 4	0	4
Is there a row limit to lookup tables? My boss asked me to generate a report of people connecting to our network from public VPN providers. I'm using this ... by ilhwan Path Finder in Splunk Search 02-01-2023 0 7	0	7
How to achieve regex for ingest actions to match a list of EventCodes? Hello, I am trying to get regex to work in ingest actions to match a list of event codes from Window Security Logs. ... by garrywilmeth Explorer in Splunk Search 02-01-2023 0 4	0	4
How to run two searches based on timestamp? I have a dashboard showing website user journey data by reading various elements from a log message. Now the struct... by majeedk_nbg Engager in Splunk Search 02-01-2023 0 3	0	3
What is an alternative to timechart when needing aggregation on 2 by clauses? I am struggling to figure out how to get the Visualization that I want, if even possible.... Timechart works great fo... by dmoberg Path Finder in Splunk Search 02-01-2023 0 2	0	2
How do I concatenate two fields into a string? I have two fields, application and servletName. I'd like to have them as column names in a chart. I'm currently try... by brettgladys Explorer in Splunk Search 02-01-2023 9 8	9	8