Splunk Search

Community Activity

How to create a table? HI, I want to make the log below in the form of the table below. What should I do with the spl? [log ex] 14:39:19.... by minpd0309 Explorer in Splunk Search 12-12-2022 0 1	0	1
How to convert time format? Hello Splunk Lovers! i have date format 202211131614220000 and i want convert this format to readble for Splunk i sho... by splunk_enjoyer Explorer in Splunk Search 12-11-2022 0 3	0	3
How to have a search look for a match between one field's values and different lookup table field? My objective is to make a search that compares the dest_ip field value of outbound traffic with the ip values in a lo... by tminicoz Engager in Splunk Search 12-11-2022 0 2	0	2
How to get dynamic source name from a request? Hi Folks , I am new to splunk and trying to get dynamic source value from the response, here is my query: index="it... by batham Explorer in Splunk Search 12-11-2022 0 2	0	2
What is this introspection? Hi, Just upgraded to Splunk 6.1.1 and I noticed a new process running (introspection) and a new index (which, btw, is... by a212830 Champion in Splunk Search 12-11-2022 6 3	6	3
Using inputlookup as vlookup in a Subsearch I have the following main search: index=utm sys=SecureNet action=drop \| eval protocol=case(proto==1, "ICMP", proto==... by NapalmYourMom Observer in Splunk Search 12-11-2022 0 2	0	2
How to extract domain and top level domain? Dears I need your help in extracting the domain and top level domain from dns queries where: Query Field ... by moayadalghamdi Path Finder in Splunk Search 12-11-2022 0 2	0	2
How to filter out those with empty JSON field? My logs have a JSON field, like this: {<!-- --> "foo": 5, "bar": {}} I'd like to filter out logs that have an empty JSON fo... by sanggonlee New Member in Splunk Search 12-10-2022 0 2	0	2
How to get results from two different Sourcetype and presenting in a table? Im trying to get the following into a table and have a count of the successful attempts. I have tried a few ways, but... by SentinelPrime01 Explorer in Splunk Search 12-10-2022 0 5	0	5
How to produce a field value from a subsearch? Hi all, I'm currently working on creating an alert for any time a user mounts an ISO. My core search works exactly as... by dkingsland967 Observer in Splunk Search 12-09-2022 0 1	0	1
How to use field values with greater than and less than to do KV lookups? I have a KV store based lookup for Port Address Translation. Given the first 3 octets of a public facing IP and a por... by md Explorer in Splunk Search 12-09-2022 0 2	0	2
How to use time range fields from subsearch used for main search? I have a subsearch that is used to pull user, and start and expiration time fields. I want to use the two time field... by bt149 Path Finder in Splunk Search 12-09-2022 0 3	0	3
How to parse below logs when F5 pool member was down and send alert? I looking for someone help on this I am struggling with parsing the logs when pool was down and and send alert 5 minu... by rajababu Observer in Splunk Search 12-09-2022 0 1	0	1
How to calculate accurate time from .csv? Hello Splunk community, I need some help with the following: I have a .csv file that is being created at a Pacific... by jaydiare Explorer in Splunk Search 12-09-2022 0 1	0	1
Search for recurring events over multiple time spans Hi, looking for guidance please on how to alert on recurring auth events over multiple time spans, but I can't get my... by neilsmith2 Explorer in Splunk Search 12-09-2022 0 1	0	1
How to extract multiple fields from a search result? Hi All I am trying to extract the values that trail context, userid, username, groupid Sample partial event { "type... by hamishcross Engager in Splunk Search 12-09-2022 0 4	0	4
How to alert if csv entry exists but not returned in search when comparing values? Hi Guys, I am comparing the values from a csv with those returned in a json format on a splunk search. At the mom... by greekleo89 Loves-to-Learn Everything in Splunk Search 12-09-2022 0 3	0	3
If atleast one processor is up i need to consider device is online HelloGreetings!i have data in the following wayDevice Processor status01 Splunkd Running01 ... by Veeru Path Finder in Splunk Search 12-09-2022 0 4	0	4
How to check if some csv is getting used in any alert/report/dashboard or not? by nehamvinchankar Path Finder in Splunk Search 12-09-2022 0 1	0	1
How can I add quotes and comma to a multivalued field? HI,I have a multivalued field with values asABCI want it to be replaced as 'A','B','C' . I tried to do it with eval m... by Woodpecker Path Finder in Splunk Search 12-08-2022 0 5	0	5
How to search all value from one mvfield to another mvfield? Hi Community,I have 2 mvfields, how can I search for all the values in the first mvfield to all the values in the sec... by iammax Explorer in Splunk Search 12-08-2022 0 4	0	4
How to extract the field by using regex? Hi , I need to extract the value FISOBPIT10101 from the below lines. message:PSUS7\|8897\|FISOBPIT10101\|OWA\|8897\|88... by Peru123 Loves-to-Learn in Splunk Search 12-08-2022 0 5	0	5
How to extract a field using rex that contains backslash and double quotation marks? in the raw event there is a line that goes Brand\="xyz" What's the rex command I can use to extract this in my sear... by retro-bloke Explorer in Splunk Search 12-08-2022 0 4	0	4
Is is possible to store Splunk dashboard code in Gitlab or Bitbucket, so I don't lose the dashboard? I want to store the Splunk dashboard code in Gitlab or Bitbucket so I do not lose the dashboard. Any ideal if its pos... by splunkuser320 Path Finder in Splunk Search 12-08-2022 0 1	0	1
How to use inputlookup in a search, but convert the field of a stats by some column by the field of another column? I have a .csv with this format (this is a mock, just to give you an idea of the pattern)code, message,1, "Not found",... by MPJ44 Loves-to-Learn Everything in Splunk Search 12-08-2022 0 3	0	3