Splunk Search

Community Activity

transforms.conf and props.conf my event and inputs.confsourcetype = rsa:syslogfeb 01 10:24:12 myhostname 2025-02-01 10:24:12,999, myhostname, audit.... by jtran9373 Explorer in Splunk Search 02-27-2025 0 7	0	7
Best Practices for Finding Data Across All Splunk Logs and Indexes Hello,As a SOC analyst, what are the best practices for writing SPL queries to quickly find specific data (such as an... by Ben Explorer in Splunk Search 02-27-2025 0 2	0	2
Token Help on Alerts after search So I had help before that after a search I could send a report on a schedule and send a token to a mattermost channel... by LizAndy123 Path Finder in Splunk Search 02-27-2025 0 2	0	2
Modulus in Splunk is faulty in my occasion Hi fellow splunkers,recently i deployed WinPrintMon inputs to our printserver, to check driver versions and found out... by TheEggi98 Path Finder in Splunk Search 02-26-2025 0 2	0	2
Searching for text in a field using a wild card I have a field message in _raw that looks something like this:"message":"test::hardware_controller: Unit state update... by nkavouris Path Finder in Splunk Search 02-26-2025 0 12	0	12
Excluding holidays and weekends for Alert I have a Holiday.csv file that imports dates for specific holiday dates.example:2024-04-012026-12-292028-06-26I am wo... by Cheng2Ready Communicator in Splunk Search 02-26-2025 0 11	0	11
How to send field as Token in Alerts So I have my Query working and I have a webhook created in a ChannelIt says that I can send Tokens when I send the Al... by LizAndy123 Path Finder in Splunk Search 02-26-2025 0 3	0	3
I have a need to count the number of events ingested for 2024. I would like to get a count of events of all data ingested for 2024. I have hundreds of indexes and all data over 90... by paulcurry Path Finder in Splunk Search 02-26-2025 0 2	0	2
Host override with event data Hello,I have logs coming in with the host showing as the UF. I want to replace the host value with some event data.H... by boknows Explorer in Splunk Search 02-26-2025 0 9	0	9
Where can I download Universal Forwarder Package for Windows ARM Hello,I am looking to download Forwarder package windows ARM for Surface 7 laptops and not finding the link, please ... by Roy_9 Motivator in Splunk Search 02-26-2025 0 1	0	1
Extract multivalue field using transforms mv_add=true not working as expected Hi, I am having hard time extracting multi value fields present in an event using transforms mv_add=true, it seems t... by ak9092 Path Finder in Splunk Search 02-26-2025 0 5	0	5
Proper Rex expression help I need help building a proper rex expression to extract the bold text from the following raw data{"bootcount":8,"devi... by nkavouris Path Finder in Splunk Search 02-25-2025 0 6	0	6
display field value in a statement i have a field coming after a calculation like a percentage field the request from user is to display in text format... by secure Path Finder in Splunk Search 02-25-2025 0 1	0	1
Splunk mvexpand results truncated Hi, I have this Splunk SPL: index=EventViewer source="WinEventLog:Application" SourceName=sample \| table host Name, ... by Singh10 Explorer in Splunk Search 02-25-2025 0 4	0	4
Rex expression built with field extractor not working? I have a reliable base query to find events containing the information I want.I built a rex using the field extractor... by nkavouris Path Finder in Splunk Search 02-24-2025 0 2	0	2
Issue with printmon query not showing the proper results for "total_pages" ALCON,Hello, I am having issues with printmon query results not showing the proper results for "total_pages". The pa... by Johnsonbc Explorer in Splunk Search 02-24-2025 0 3	0	3
compare data in two columns Hi i have data from two columns and using a third column to display the matches\| makeresults\| eval GroupA = 353649273... by secure Path Finder in Splunk Search 02-23-2025 0 3	0	3
Questions on query to get all alerts which are configured in Splunk , 1 , 0 , and Blanks in the fields So jumping into this search questionhttps://community.splunk.com/t5/Alerting/How-can-I-query-to-get-all-alerts-which... by Cheng2Ready Communicator in Splunk Search 02-21-2025 0 1	0	1
Splunk Search to identify users searching back 30 days or more I am trying to create a search that shows me all users that are searching back 30 days or longer in Splunk.For exampl... by scout29 Path Finder in Splunk Search 02-21-2025 0 4	0	4
How to convert epoch time to human readable format in search query? Could someone please help me convert epoch time to human readable time? "time":1407361408100 this is what i'm tryin... by ziyod2005 Explorer in Splunk Search 02-21-2025 3 23	3	23
Searching across multiple host combinations Our team looks after 7 applications, we have 5 environments and each application sits on between 2 and 4 servers, dep... by larrydavid New Member in Splunk Search 02-20-2025 0 2	0	2
How to create a single table with results from two different queries Hi everyone.I'm sorry if this seems like a questions that's already been asked, but none of the answers I could find ... by pedropiin Path Finder in Splunk Search 02-20-2025 0 2	0	2
Splunk Visualization displaying the same color for both columns I am using the following query to display a result on a dashboard (query with sample data which resembles the data I ... by TallBear Engager in Splunk Search 02-20-2025 0 5	0	5
Saved Searches Hello all,Actually i have been using rest command \| rest /servicesNS/-/MYAPP/saved/searches \| table titleto call my s... by siva_kumar0147 Explorer in Splunk Search 02-20-2025 0 2	0	2
How to create a field on the fly using CASE I have the following values that will go in a field titled StatusMsg:"Task threw an uncaught and unrecoverable except... by NanSplk01 Communicator in Splunk Search 02-19-2025 0 11	0	11