Splunk Search

Community Activity

	Help with deduping similar values Hi Everyone,I have a field called "User" that contains similar values and I was wondering how to remove or merge simi... by tomapatan Contributor in Splunk Search 12-14-2022 0 2	0	2
	How to extract same set of values from different log format? EventAgentLogin ================== 2022-12-14 06:39:03.875 TRACE 12632 --- [New I/O client worker #1-6] c.i.e.g.wor... by ravir_jbp Explorer in Splunk Search 12-14-2022 0 1	0	1
	How can I write the rex for the following regex? I want to write the rex command for the following regex and give it a new field where the findings will be dumped int... by leagawa New Member in Splunk Search 12-14-2022 0 1	0	1
	How to trace and span in Splunk Enterprise? Hi Is it possible to feed opentelemetry log to "splunk enterprise" and draw trace and span without use Splunk APM? ... by indeed_2000 Motivator in Splunk Search 12-14-2022 0 4	0	4
	How to get first logout after login? I have daily user login/logout data like this: date,user,action2020-04-14 01:00:00,user1,login2020-04-14 01:05:00,use... by alissan Explorer in Splunk Search 12-14-2022 0 4	0	4
	Splunk custom script with python and pip library \| Integrity check of installed files failed Hello Splunkers,I recently created a custom alerts on my Search Head, and for this alert to run I needed to install a... by GaetanVP Contributor in Splunk Search 12-14-2022 0 3	0	3
	How to change chart marker size for each fields in splunk? Hi Team, Current i have fields and with this query below, was able to get all fields are in same size.<option name="c... by SSwaminathan90 Explorer in Splunk Search 12-14-2022 0 0	0	0
	Why are my correlation search fields missing from the notable events? I have a correlation search in Splunk ES that does some statistics, and return a table with the events; "src_ip", "de... by hettervik_new Explorer in Splunk Search 12-14-2022 0 0	0	0
	Notable Event Custom Fields I'm working on creating multiple custom correlation rules such as failed logins from one IP, failed logins from multi... by ericl42 Path Finder in Splunk Search 12-14-2022 0 1	0	1
	How to extract 3 characters after a given string in Splunk? I want to extract the two characters 78 from the barvalue and have it in a separate column in my table:- deltavalue... by avneet26 Engager in Splunk Search 12-14-2022 0 5	0	5
	How to filter by if a field exist? My sample events look like this , API logs { location: Southeast Asia, properties: { backendMethod: G... by YatMan Explorer in Splunk Search 12-13-2022 0 2	0	2
	How to fix Error when adding trusted domain lists to Splunk? Hi all, I have created a dashboard incorporating few external domains I am receiving the error message like the dash... by balu1211 Path Finder in Splunk Search 12-13-2022 0 2	0	2
	How to create alternative for subsearch? I have a search with a subsearch. I run into the limitations of the maximum results (50.000) Now Ia m trying to figur... by Mike6960 Path Finder in Splunk Search 12-13-2022 0 6	0	6
	Why does Splunk change date format from 2022-12-04 to 2022/12/04 when exporting to .csv? Hi All, I am unsure if this question has been answered already - I couldn't see it. I have a time field in Splunk t... by CDel Explorer in Splunk Search 12-13-2022 0 6	0	6
	How to to update hour of a timestamp variable? Hi, I'm looking for a way to change the hour of a time variable Exemple : myTime="2022-11-20 05:23:42" and I want myT... by mxh7777 Path Finder in Splunk Search 12-13-2022 0 1	0	1
	How to search and sort based on dynamic value? Hi, I am new to splunk and have a requirement where i have to search the logs which are on 100 servers and i have to ... by batham Explorer in Splunk Search 12-13-2022 0 3	0	3
	How to filter out event from outbound mail log having "Attachment" field contains file extension ".txt,.html,.jpg,.png"? Looking for Splunk query to filter out event if "Attachment" field having extension .txt or .html or .jpg or .png if ... by Abhineet Loves-to-Learn Everything in Splunk Search 12-13-2022 0 3	0	3
	BotS - Error in 'lookup' command: Could not find all of the specified destination fields in the lookup table Hi, I am doing Boss of the SOC v1 and I stuck on question, where I need to use lookup. I imported .csv file ad here a... by suspense Explorer in Splunk Search 12-13-2022 0 5	0	5
	How to convert epoch time to a desired time zone? Hifrom below events how to convert epoch time to a desired time zonewant to convert LAST_START="1670326641", LAST_END... by sekhar463 Path Finder in Splunk Search 12-13-2022 0 14	0	14
	Why doesn't search return result when I list a field of a lookup? I was trying to join a group of documents with a list of users that I had in a lookup, and the search return me resul... by juanda667 Engager in Splunk Search 12-12-2022 0 1	0	1
	How to calculate session times from large data set? I'm analysing VPN connection logs to produce a report of the count of staff working from home for longer than 6 hours... by eddieddieddie Path Finder in Splunk Search 12-12-2022 0 6	0	6
	How to find the ips hitting the index waf? To find the ips hitting the index waf by client ip, if the hitting ips present in lookup table 2 have to be exclude... by balu1211 Path Finder in Splunk Search 12-12-2022 0 5	0	5
	How to hide submit button in Dashboard Studio? Hi, In the old XML dashboards we used to have the "x" to close the submit buttons of inputs: Whereas in Dashboard st... by fulvibus Engager in Splunk Search 12-12-2022 0 2	0	2
	How to make a table from search history, where time presets were queried by all_time or long diaposone? Hello, Splunk lovers!I have some questions What i want: 1. i want to make a table from search history, where time pre... by splunk_enjoyer Explorer in Splunk Search 12-12-2022 0 1	0	1
	How to achieve row count until data changes in column? I have a table with 3 columns: _time, type and action\| makeresults count=10\| eval type = "typeA"\| eval action = if((r... by michael_vi Path Finder in Splunk Search 12-12-2022 0 2	0	2