Splunk Search

Community Activity

How to exclude results using checkbox? I have the following search which returns a table of all hostnames and operating systems. \| inputlookup hosts.csv\| se... by tomapatan Contributor in Splunk Search 02-02-2023 0 4	0	4
Why do less events display while searching as * then search hostname while its showing if I search at the beginning? Hi Guys, Less Event displayed while searching as * then search hostname while its showing if I search at the beginnin... by AKBBB Explorer in Splunk Search 02-02-2023 0 11	0	11
How to join two table with aggrouped date value? A have two tables anda i want to relation this two tables by nember of events in a hour, i manage to make a SQL quer... by arriel96 Explorer in Splunk Search 02-02-2023 0 4	0	4
How to plot two sets of data in line chart when BOTH is selected? Hello Everyone, I have dashboard with token value as datacenter, which has 3 options from dropdown: Dublin ="*dbl_dc_... by super_edition Path Finder in Splunk Search 02-02-2023 0 4	0	4
Why time filter value/range is not being passed to the query result? Does anyone know why the time range picker here on the right side (set to Yesterday Jan 30) cannot affect my _time da... by chongdong Explorer in Splunk Search 02-02-2023 0 3	0	3
How to achieve Crowdsec json logs fields extraction? Hello Splunk's community, I got some difficulty for the fields extraction in crowdsec's logs which are format with JS... by NEHS Loves-to-Learn in Splunk Search 02-01-2023 0 1	0	1
Why time zone conversion does not always work (Zscaler ZPA)? I've been working on a Dashboard/Query that takes two date/time values (UTC) from Zscaler ZPA logs and converts to lo... by MSY Explorer in Splunk Search 02-01-2023 0 4	0	4
How to get count of each source by IP ? Query:\|tstats count where index=afg-juhb-appl host_ip=* source=* TERM(offer)i want to get the count of each... by Vani_26 Path Finder in Splunk Search 02-01-2023 0 4	0	4
Is there a row limit to lookup tables? My boss asked me to generate a report of people connecting to our network from public VPN providers. I'm using this ... by ilhwan Path Finder in Splunk Search 02-01-2023 0 7	0	7
How to achieve regex for ingest actions to match a list of EventCodes? Hello, I am trying to get regex to work in ingest actions to match a list of event codes from Window Security Logs. ... by garrywilmeth Explorer in Splunk Search 02-01-2023 0 4	0	4
How to run two searches based on timestamp? I have a dashboard showing website user journey data by reading various elements from a log message. Now the struct... by majeedk_nbg Engager in Splunk Search 02-01-2023 0 3	0	3
What is an alternative to timechart when needing aggregation on 2 by clauses? I am struggling to figure out how to get the Visualization that I want, if even possible.... Timechart works great fo... by dmoberg Path Finder in Splunk Search 02-01-2023 0 2	0	2
How do I concatenate two fields into a string? I have two fields, application and servletName. I'd like to have them as column names in a chart. I'm currently try... by brettgladys Explorer in Splunk Search 02-01-2023 9 8	9	8
How to use stats dc and get last time of occurrence? Hi! im trying to detect multiple user access from the same source (same mobile device). Im feeding splunk with logs f... by dieguiariel Path Finder in Splunk Search 02-01-2023 0 4	0	4
Need help on Dashboard related issue? Above is the title of my dashboard, need to add the present date along with the title For the above one we need to... by Renunaren Loves-to-Learn Everything in Splunk Search 02-01-2023 0 0	0	0
How to form query for nested field (Json array) searching? Hi I have a field(event_details) that contains a JSON array.Record 1:{<!-- -->"event_details":[{"product_id":"P002","price":1... by Austin_James Engager in Splunk Search 02-01-2023 0 6	0	6
Has anyone ran into Eventtype "xxxxxxxxx" does not exist or is disabled. Search results only for a certain period? Hi, My client has encountered the following issue below and I was just wondering if anyone has encountered something ... by mohdmikhael Explorer in Splunk Search 01-31-2023 0 7	0	7
Okta Data - Appending to lookup table question I have 5 separate endpoints for our Okta environment that I'm pulling into Splunk. The data is all event driven so if... by jpsheridan Engager in Splunk Search 01-31-2023 0 1	0	1
How do I refine this search to use 'my_report_date' instead of _time? Hi all - I'm attempting to write a query using earliest/latest based off a date field in the event, not _time. I've t... by mistydennis Communicator in Splunk Search 01-31-2023 0 1	0	1
How to combine field values into singular value? I feel like there's a simple solution to this that I just can't remember. I have a field named Domain that has 13 val... by michaeler Communicator in Splunk Search 01-31-2023 0 2	0	2
How can I combine multiple fields with a common name results in to single column? How can I combine multiple fields results in to single column with common name for example Test1, Test2, Test3 and so... by satyaallaparthi Communicator in Splunk Search 01-31-2023 0 1	0	1
How do I force a timestamp to be recognized as UTC in a query for strptime? I have a datasource that passes the time as a string like the following: "2018-08-07T17:38:16.352" This string is ... by briancronrath Contributor in Splunk Search 01-31-2023 0 9	0	9
Network Toolkit: How to ping hosts from a search I have a search that gives me a column with hostnames host A B C I am trying to use the network toolkit application... by rohitmaheshwari Explorer in Splunk Search 01-31-2023 0 3	0	3
How to reverse a real-time query to it's original alert/report/dashboard? Hi guys. I'm currently working to fix all "real-time" jobs running on my company and I came across one job that I can... by NizanCohen Explorer in Splunk Search 01-31-2023 0 2	0	2
Is it possible to get user details from the _configtracker index? Hello I've been looking at the new _configtracker index and I would like to know how I could get the User details ass... by ewanbrown967 Engager in Splunk Search 01-31-2023 0 3	0	3