Splunk Search

Community Activity

	Events coming along with user when using top, rare? Hi When i'm searching the top users who logged into a host, I'm getting event data along with the user when i'm usin... by jahziah952 Engager in Splunk Search 12-14-2022 0 1	0	1
	How to implement whois lookup for ips hitting fw? Hi.. I have to find the ip address hitting fw for that i have to implement the whois lookup for the hitting ips but n... by balu1211 Path Finder in Splunk Search 12-14-2022 0 1	0	1
	Splunk search command time modifiers not working I want to strip certain results by time from my search. I eventually plen to place a dedup command between the first ... by matthewg Explorer in Splunk Search 12-14-2022 0 3	0	3
	What is the issue with my SPL? Hi, I am a new Splunk user and this is my first post on the community forum. If I am not following guidelines please... by ACyber Engager in Splunk Search 12-14-2022 0 1	0	1
	How can I make interpolation between given two points in Splunk, where time variable is not involved? Hi Team, Considering the image shared below:- x1 is my x-axis and y1 is my y-axis. I would like to interpolate va... by SSwaminathan90 Explorer in Splunk Search 12-14-2022 0 6	0	6
	How to search multiple lines and create an alert when certain values match? Hi, I am a beginner here in Splunk. I am trying to search multiple lines in the log and generate an alert if certain... by junster Explorer in Splunk Search 12-14-2022 0 2	0	2
	Splunk oneshot returns empty results sometimes I am using Python SDK to run Splunk queries at 10 minute interval to collect data for my application. I have nearly 3... by ShaneReddy New Member in Splunk Search 12-14-2022 0 0	0	0
	Help with deduping similar values Hi Everyone,I have a field called "User" that contains similar values and I was wondering how to remove or merge simi... by tomapatan Contributor in Splunk Search 12-14-2022 0 2	0	2
	How to extract same set of values from different log format? EventAgentLogin ================== 2022-12-14 06:39:03.875 TRACE 12632 --- [New I/O client worker #1-6] c.i.e.g.wor... by ravir_jbp Explorer in Splunk Search 12-14-2022 0 1	0	1
	How can I write the rex for the following regex? I want to write the rex command for the following regex and give it a new field where the findings will be dumped int... by leagawa New Member in Splunk Search 12-14-2022 0 1	0	1
	How to trace and span in Splunk Enterprise? Hi Is it possible to feed opentelemetry log to "splunk enterprise" and draw trace and span without use Splunk APM? ... by indeed_2000 Motivator in Splunk Search 12-14-2022 0 4	0	4
	How to get first logout after login? I have daily user login/logout data like this: date,user,action2020-04-14 01:00:00,user1,login2020-04-14 01:05:00,use... by alissan Explorer in Splunk Search 12-14-2022 0 4	0	4
	Splunk custom script with python and pip library \| Integrity check of installed files failed Hello Splunkers,I recently created a custom alerts on my Search Head, and for this alert to run I needed to install a... by GaetanVP Contributor in Splunk Search 12-14-2022 0 3	0	3
	How to change chart marker size for each fields in splunk? Hi Team, Current i have fields and with this query below, was able to get all fields are in same size.<option name="c... by SSwaminathan90 Explorer in Splunk Search 12-14-2022 0 0	0	0
	Why are my correlation search fields missing from the notable events? I have a correlation search in Splunk ES that does some statistics, and return a table with the events; "src_ip", "de... by hettervik_new Explorer in Splunk Search 12-14-2022 0 0	0	0
	Notable Event Custom Fields I'm working on creating multiple custom correlation rules such as failed logins from one IP, failed logins from multi... by ericl42 Path Finder in Splunk Search 12-14-2022 0 1	0	1
	How to extract 3 characters after a given string in Splunk? I want to extract the two characters 78 from the barvalue and have it in a separate column in my table:- deltavalue... by avneet26 Engager in Splunk Search 12-14-2022 0 5	0	5
	How to filter by if a field exist? My sample events look like this , API logs { location: Southeast Asia, properties: { backendMethod: G... by YatMan Explorer in Splunk Search 12-13-2022 0 2	0	2
	How to fix Error when adding trusted domain lists to Splunk? Hi all, I have created a dashboard incorporating few external domains I am receiving the error message like the dash... by balu1211 Path Finder in Splunk Search 12-13-2022 0 2	0	2
	How to create alternative for subsearch? I have a search with a subsearch. I run into the limitations of the maximum results (50.000) Now Ia m trying to figur... by Mike6960 Path Finder in Splunk Search 12-13-2022 0 6	0	6
	Why does Splunk change date format from 2022-12-04 to 2022/12/04 when exporting to .csv? Hi All, I am unsure if this question has been answered already - I couldn't see it. I have a time field in Splunk t... by CDel Explorer in Splunk Search 12-13-2022 0 6	0	6
	How to to update hour of a timestamp variable? Hi, I'm looking for a way to change the hour of a time variable Exemple : myTime="2022-11-20 05:23:42" and I want myT... by mxh7777 Path Finder in Splunk Search 12-13-2022 0 1	0	1
	How to search and sort based on dynamic value? Hi, I am new to splunk and have a requirement where i have to search the logs which are on 100 servers and i have to ... by batham Explorer in Splunk Search 12-13-2022 0 3	0	3
	How to filter out event from outbound mail log having "Attachment" field contains file extension ".txt,.html,.jpg,.png"? Looking for Splunk query to filter out event if "Attachment" field having extension .txt or .html or .jpg or .png if ... by Abhineet Loves-to-Learn Everything in Splunk Search 12-13-2022 0 3	0	3
	BotS - Error in 'lookup' command: Could not find all of the specified destination fields in the lookup table Hi, I am doing Boss of the SOC v1 and I stuck on question, where I need to use lookup. I imported .csv file ad here a... by suspense Explorer in Splunk Search 12-13-2022 0 5	0	5