Splunk Search

Community Activity

	How to efficiently expand json array entries? I have a scenario where i want to expand the field and show as individual events. Below is my query, which works fine... by Splunk_321 Path Finder in Splunk Search 11-25-2022 0 1	0	1
	How to create new columns from results? I'm trying to create table with the top 5 results split into columns, so that I can have multiple results per line, g... by CyberMage Engager in Splunk Search 11-25-2022 0 1	0	1
	Help with Search != litsearch --- In 'litsearch' there are extra unwanted key=value statements We are spending a tremendous amount of time tuning our search structures lately. One thing we have run across in our ... by dural_yyz Motivator in Splunk Search 11-25-2022 0 2	0	2
	Splunk DS deletes props.conf on universal forwarder Hello,I use Splunk as Indexer and deployment server und I have one universal forwarder installed. I'm getting an erro... by alpeen_splunk Explorer in Splunk Search 11-25-2022 0 3	0	3
	How to create search for date field? Hello splunk lovers!i want help with date field and i want fast. i have field, format example: data_started 01.01.20... by splunk_enjoyer Explorer in Splunk Search 11-25-2022 0 1	0	1
	What regex to use to remove \\ form the hostname fields? Hi All, I have a hostname stating \\sent134 I need to remove this \\ using regex and it should be like this: sent134... by SabariRajanT Path Finder in Splunk Search 11-25-2022 0 2	0	2
	How to group results and list common occurrences by time? I have the following data: { "remote_addr": "1.2.3.4", "remote_user": "-", "time_local": "24/Nov/2022:09:55... by guywood13 Path Finder in Splunk Search 11-25-2022 0 3	0	3
	How to replace join by stats to merge SPL based on common field? Hi,My datasets are much larger but these represent the crux of my hurdle... Sourcetype= transaction fields= trans... by innoce Path Finder in Splunk Search 11-24-2022 0 1	0	1
	How to visualize all the search I put using the search command? HI All, I would like to visualize all the search fields/content I mentioned using the command search: index=* \| sear... by matcad81 New Member in Splunk Search 11-24-2022 0 2	0	2
	How do I build this Sysmon log search without having required fields? I want to implement this correlation search: `sysmon` EventCode=10 TargetImage=lsass.exe CallTrace=dbgcore.dll* O... by Ash Engager in Splunk Search 11-24-2022 0 1	0	1
	Nested SubQuery With NOT IN Clause Hello,I am looking for the equivalent of performing SQL like such:SELECT transaction_id, vendorFROM ordersWHERE trans... by ayu2375 Engager in Splunk Search 11-24-2022 0 2	0	2
	How to use SED to remove optional fields? We have api requests that I want to create statistics by the request but to do this I need to remove variable identif... by singlinet Engager in Splunk Search 11-24-2022 0 2	0	2
	How do I rename a nested field? I have an eval query. The details object returned looks like this: {<!-- --> status: 404, code: ERROR } "details... by stong2351 New Member in Splunk Search 11-24-2022 0 2	0	2
	How to generate _time for search in metadata? Hi need to generate current date like this "20201123" and use as a search filter on metadata. AFAIK there is no "_tim... by indeed_2000 Motivator in Splunk Search 11-24-2022 0 6	0	6
	Why am I getting different timewrap results depending on what time of day the search is run? I have a saved search running every few minutes to append data to a 15 day csv log file within Splunk. I'm trying to... by dougburdan Explorer in Splunk Search 11-24-2022 0 2	0	2
	Is it possible to convert the hex data into ascii without affecting the ascii data? Hi all, I am attempting to convert data extracted as a field containing combination of hex and ascii data. Was wonde... by xiaoming New Member in Splunk Search 11-23-2022 0 3	0	3
	Is there a way for Lookup file to return field names? Is there a way to achieve this? I have a lookup table with 2 columns alert_type and short_description. alert_typ... by ansif Motivator in Splunk Search 11-23-2022 0 5	0	5
	Show error details when errors 10% higher than previous 30 mins? Hi, I want to display the error details in the last 30 mins, so they can be investigated, when the amount of errors h... by MikeyD100 Explorer in Splunk Search 11-23-2022 0 4	0	4
	Finding concurrent sessions over time by PrisonMike Explorer in Splunk Search 11-23-2022 0 10	0	10
	Help with lookup to get table? Hi, I have a lookup as follow ipidname111.111.111.111111simone*222marco in the index I have ipid 111.111.111.1111112... by simo Path Finder in Splunk Search 11-23-2022 0 2	0	2
	How to show multiple records value in same table row? I have a job that runs multiple times if it failed. I need to create a dashboard with a table that shows all the atte... by splunkuser320 Path Finder in Splunk Search 11-23-2022 0 3	0	3
	How do I extract using regex? i have below result, how can I do a regex to extract the fields, first being DateTime, username, Action, Entity2022-1... by sphiwee Contributor in Splunk Search 11-22-2022 0 2	0	2
	How do I check which major destinations generate the most logs on a specific firewall host? How do I check which major destinations generate the most logs on a specific firewall host = 10.22.44.254? I would li... by renangomes New Member in Splunk Search 11-22-2022 0 1	0	1
	Is it possible to create a Pie Chart from three fields? Is it possible to create a Pie Chart from three fields? If so, how? Thanks a million in advance! by itsmevic70 Explorer in Splunk Search 11-22-2022 0 2	0	2
	How to split single field into multiple with different format? Hi All, i have events like below and i want to extract the fields as TotalRecords, SuccessRecords, FailedRecords, B... by Praveenrocky New Member in Splunk Search 11-22-2022 0 2	0	2