Splunk Search

Community Activity

	Why won't strptime work for the below format? Hi, My Strptime function is not working for the below format. date format: 1/13/23 11:44:11.543 AM eval time_epoc= s... by batham Explorer in Splunk Search 01-27-2023 0 1	0	1
	How to compare contents of one lookup to another? Currently I have an inputlookup csv that contains a list of IP addresses and lookup csv that has a list of subnets. I... by atebysandwich Path Finder in Splunk Search 01-27-2023 0 1	0	1
	How to change each instance of a field search result? I'm doing a search for server names and will eventually extract to to a csv. However, each result comes out as one of... by atebysandwich Path Finder in Splunk Search 01-27-2023 0 4	0	4
	How to filter events with regex? I'm trying to filter out events like the ones below using the regex expression regex _raw!="^[A-Za-z0-9]{4}:.*$" bu... by pjanssen007 Explorer in Splunk Search 01-27-2023 0 6	0	6
	How to blacklist regex in parsing? Currently running Splunk Universal Forwarder version 9.0.3. Looking to ignore Windows event logs (EventCode = 4103) u... by qcjacobo2577 Path Finder in Splunk Search 01-27-2023 0 14	0	14
	Is there a way to search across multiple lookup files to find text within them? Hi Is there a way to search across multiple Lookup files to find text within them ? I know that you can use \| inputl... by finchy Explorer in Splunk Search 01-27-2023 0 4	0	4
	How to disable save as option? I want to disable the feature of save as, user can able to search but shouldn't be able to save it as a dashboard or ... by bapun18 Communicator in Splunk Search 01-27-2023 0 2	0	2
	How to use a lookup to filter raw data from a log? Hi all, I am new to Spluntk and have problem with my search. I have a Lookup table: Error.csv FilterError1Error2*... by jip12048 Engager in Splunk Search 01-27-2023 0 1	0	1
	How to split time into column and other fields into row? \|eval TotalApps=if(match('Total',"NTB"),"1","0") \|eval In-Progress=if('Total'="NTB" AND isnull('APPL_SUB-DATE'),"1","... by kalaiyarasi Loves-to-Learn Lots in Splunk Search 01-27-2023 0 5	0	5
	Events are getting matched, but why don't I see any table with messageid and timediff? I have 2 events having fields1. id_cse_event: sqsmessageid,timestamp2. Scim: sqs_message_id, timestamp.I want to sear... by amitrinx Explorer in Splunk Search 01-27-2023 0 3	0	3
	How to parse this json data? Hi,Please could you help with parsing this json data to table { "list_element": [ { "element": "{\"var1\"... by sdhiaeddine Explorer in Splunk Search 01-26-2023 0 5	0	5
	Help needed Timechart Query Dear experts , I am searching on my bot index, which contain conve-id and rest of the fields are stored as payload. U... by Macky_29 Explorer in Splunk Search 01-26-2023 0 5	0	5
	How to search values in the lookup file? I have sample.csv file with about 30000 rows with columns: sample data data value1 value25600012345 abc xxx7890... by prasant Path Finder in Splunk Search 01-26-2023 0 5	0	5
	How to combine fields and get average value by other field? I feel like I'm dancing circles around the solution to this problem. I created a field named "Duration" with rex that... by michaeler Communicator in Splunk Search 01-26-2023 0 1	0	1
	How to do field Extractions from the Message field in WinEventLog? So after searching here it seems like a lot of people have trouble parsing/handling WinEventLogs. I want to ask if th... by Skeer-Jamf Path Finder in Splunk Search 01-26-2023 0 6	0	6
	On understanding array versus multivalue fields Greetings. My Splunk instance parses messages which has a JSON array type: ```{ tags: ["info", "foo", "bar"] }```Let'... by cdieringerwm Observer in Splunk Search 01-26-2023 0 1	0	1
	How to search for an event and other surrounding events? Hi All, I'm pretty new to Splunk so forgive me if this is an easy question. I'm trying to figure out how to a) search... by security_mike Explorer in Splunk Search 01-26-2023 0 4	0	4
	Horizontal Bar Chart Bar Colors: How to create search? I have a horizontal bar chart usingthe following post processing search:\| stats count by urgency\| eval urgency = if(u... by jason_hotchkiss Communicator in Splunk Search 01-26-2023 0 3	0	3
	Rex field extraction I am trying to determine the average time for a set of issues to get resolved. I already created a field named "Durat... by michaeler Communicator in Splunk Search 01-26-2023 0 3	0	3
	How to pull RDP Connections in my environment? Query doesnt bring up anything. Try to pull RDP connections in my environment: event_simpleName=UserLogon LogonT... by Cyberguru Engager in Splunk Search 01-26-2023 0 2	0	2
	How to replace 2 different characters in the same field? Hi, I have a csv that is imported to splunk and one of those fields has a space for the thousands and ends with ",00... by fariapm1 Explorer in Splunk Search 01-26-2023 0 6	0	6
	How to create a Splunk query to detect HTTP direct outbound traffic? Hello, I need a search query to detect http outboun irect traffic. Thank you. by ze271021 Loves-to-Learn Everything in Splunk Search 01-26-2023 0 1	0	1
	When using stats to display values() of fields, how can we have the values to align between the field names? Hi All, When using stats to display values() of fields , how can we have the values to align between the field nam... by neerajs_81 Builder in Splunk Search 01-26-2023 0 3	0	3
	Error in 'lookup' command: Why is it failing to re-open lookup file? Hello Splunker! Sometimes my searches on Splunk Enterprise Security Search Head ran into following error (mostly) w... by halu Loves-to-Learn Lots in Splunk Search 01-26-2023 0 7	0	7
	Splitting Multi-Value and Multi-Line field? I have a list of chrome extensions that are installed that is returned in a multivalue field. One of the results look... by daveywfii Explorer in Splunk Search 01-25-2023 0 2	0	2