Splunk Search

Community Activity

	Splitting Multi-Value and Multi-Line field? I have a list of chrome extensions that are installed that is returned in a multivalue field. One of the results look... by daveywfii Explorer in Splunk Search 01-25-2023 0 2	0	2
	How to parse log with a lot of indicators? Hello everyone, I have a question for you, and I need your help please  I have some logs, but the parsing isn't don... by anissabnk Path Finder in Splunk Search 01-25-2023 0 1	0	1
	How to extract fields (in props.conf) based on conditional regex? Hello,My events contain strings such as:notification that user "mydomain\bob" hasnotification that user "fred" has no... by Jamie Path Finder in Splunk Search 01-25-2023 0 7	0	7
	How to compare CSV data with Splunk data? Please help with the query on how to compare CSV data with Splunk event and get those data in result which is not ava... by Khuzair81 Path Finder in Splunk Search 01-25-2023 0 4	0	4
	How to find percentage with selective sum of field values? < query > ... \| stats count by return_code fetches me the below output.I have to create an alert where the sum of any... by vinothkumark Path Finder in Splunk Search 01-24-2023 0 5	0	5
	Help with regex Hi community. Some searches have:index="my_index"index=my_indexI want to extract a new field named user_index but can... by hank72 Path Finder in Splunk Search 01-24-2023 0 1	0	1
	How to convert row value result into a column? Hi, I am very new to splunk and need help for the below situation. I am having two columns as below Row Column... by svm157 Loves-to-Learn Lots in Splunk Search 01-24-2023 0 5	0	5
	How to find ITSI old and current version from splunk logs ? I'm trying to create a dashboard to find the old version and new version of splunk from the logs but unable to find i... by sjaitly Engager in Splunk Search 01-24-2023 0 2	0	2
	How to get an alert if a user doesn't have a specific event in a 90 day timeframe? We have a use case where we need to have an alert emailed if a user (under the field User) does not have an event of ... by Virpee Engager in Splunk Search 01-24-2023 0 2	0	2
	How to extract field which are in a set? Hello SplunkersI have the following raw events 2023-01-20 18:45:59.000, mod_time="1674240490", job_id="79" , time_sub... by power12 Communicator in Splunk Search 01-24-2023 0 8	0	8
	Help needed with inner join with different field name and a filter Can someone help with query?I have 2 index abc and bczFrom abc index I want to show stats for field1where field2 from... by harryhcg Explorer in Splunk Search 01-24-2023 0 2	0	2
	How to display the number of failures, plus earliest(_time) and latest(_time) by src_ip? Given web access log data with following fields: _time, http_status, src_ip, dest_ip After a bruteforce attack on a ... by mikefoti Communicator in Splunk Search 01-24-2023 0 1	0	1
	How to subtract two timestamps per logEvevtType? Hello, apologies if this was stated previously. I have multiple calls - each RequestID with a RequestReceive and Resp... by user33 Path Finder in Splunk Search 01-24-2023 0 5	0	5
	What are Splunk search rules for hit by count? In the below search I am looking for rules hit by count, but how or where would I add a NOT or !, if I wanted to know... by bam22 Engager in Splunk Search 01-24-2023 0 1	0	1
	How to display all eventtypes in a timechart, including the all zero count eventtypes? I have six eventtype's that each check Juniper router logs for an Interface bounce (an up/down event). These are work... by rprior Explorer in Splunk Search 01-24-2023 0 3	0	3
	Why is there error when trying to get data from REST API using Python script? I'm trying to get data by registering it as a Splunk script using Python code. But the problem only occurs when I run... by munang Path Finder in Splunk Search 01-24-2023 0 2	0	2
	How to use multiple numbers in search? Hello Guys, I'd like to create a search based on business hours, and like to use a field with value like this: "2023/... by ipteam Engager in Splunk Search 01-23-2023 0 5	0	5
	How to create a search for group by and filter query? My data looks like the following student_idbrowser_idguiddatetimex_id12_aChrome_211221/9/23 14:45788a13_aChrome_4121... by anrak33 Explorer in Splunk Search 01-23-2023 0 7	0	7
	How to group by and concat column values? Given the below scenario: base search\| table service_name,status,count Service_name Status Count serviceA 500_IN... by spl_1991 Engager in Splunk Search 01-23-2023 0 2	0	2
	How to pass a value to a non existent field/null? Is it possible to assign a value to a different fields. I am trying to combine two different events but the same inde... by villnooB Explorer in Splunk Search 01-23-2023 0 4	0	4
	How accelerate only one root dataset from datamodel with multiple datasets? Hi! I try to accelerate only one dataset in datamodel with multiple datasets. How i can do it through datamodel.conf ... by kyokkygo Engager in Splunk Search 01-23-2023 0 2	0	2
	How to remove a word with Regex using Capturing group? Hello, I have a Regex for splitting a Person full name into Person lastname, firstname and middlename. Regex used: (?... by poojithavasanth Explorer in Splunk Search 01-23-2023 0 5	0	5
	How to extract data from .conf file? I need to extract ITSI app version from app.conf fileTo display the data on a dashoboard I found a way sing the confi... by sjaitly Engager in Splunk Search 01-23-2023 0 3	0	3
	How to get total number of hours elapsed from last event raised till now()? Hey people, I want to find out the total number of hours that elapsed from the last event raised. This is what I wa... by sjs Path Finder in Splunk Search 01-22-2023 0 1	0	1
	How can a regex query be written to extract source IP address? The position of IP address is getting changed(appearing before or after https) in the logs, in such scenario how rege... by Daksesh Explorer in Splunk Search 01-22-2023 0 5	0	5