Splunk Search

Community Activity

	How can I compare two values obtained from a search and a lookup table? Hello,For the past week I've been working in a way to run some queries for a report about vulnerability findings.I ha... by Berfomet96 Explorer in Splunk Search 11-14-2022 0 3	0	3
	Listing the common fields from 2 Indexes that that dont exist during a specified time I am trying to correlate authentication attempts [ index_A (username, role) vs index_B (username, authentication_time... by Ansab Engager in Splunk Search 11-14-2022 0 1	0	1
	What rex to use for the extraction of virtual from URI? These two cells are examples of results I see in IIs logs. If the field is just a / (backslash) ( as in the first ex... by lbonnes Observer in Splunk Search 11-14-2022 0 1	0	1
	Is there a REST command to delete rows from lookup.csv? is there a REST command to delete rows from the dmc_forwarder_assets.csv? For example, to remove rows where the statu... by pc1234 Explorer in Splunk Search 11-14-2022 0 1	0	1
	What other commands do you avoid to save system resources? Hi, I have a general question about which commands do you usually avoid in order to make search faster? For example I... by fedejko Explorer in Splunk Search 11-14-2022 0 3	0	3
	Index migration event count becomes 3x more I recently migrated a clustered index. We wanted to rename the index. I created the new index as your normally woul... by coreyCLI Communicator in Splunk Search 11-14-2022 0 0	0	0
	Can I create a multivalue _meta field? I have a use case that uses an indexed field that is configured at input time: [monitor:///my/input/file1] _meta = n... by adam_reber Path Finder in Splunk Search 11-13-2022 0 3	0	3
	How to extract an unknown number of fields with rex command? Let's say I have data in an event that looks like this: NAME: John NAME: Mary NAME: Sue Assuming I have ... by jbrenner Path Finder in Splunk Search 11-13-2022 0 3	0	3
	How to create a table with emails sent and emails received from a given emails addresses? Hi Guys,I'm trying to create a table with the count emails sent and emails received from a given emails addressesColu... by JLopez Explorer in Splunk Search 11-13-2022 0 6	0	6
	Has anyone else got inconsistent results in Splunk? Hi, on our Splunk instance I have set a report using a time chart with a span of 1h and time frame of a day and the r... by joe06031990 Communicator in Splunk Search 11-13-2022 0 5	0	5
	How to get fields in different events in a table? Hello: I am trying to get fields from different events in the same table. I have two different events, and let's say ... by Paul Explorer in Splunk Search 11-12-2022 0 3	0	3
	How to find incremental or constant rate points of last 24 hours? Hi I have challenge that need to know how with splunk, math, statistics, ... able to solve it. Here is the log: sampl... by indeed_2000 Motivator in Splunk Search 11-11-2022 0 5	0	5
	How to solve this issue with eval if? Hi, I am facing an issue with the eval if condition. Please help. index=main, source=ls.csv \| eval new_field = if(e... by SumanPalisetty Path Finder in Splunk Search 11-11-2022 0 1	0	1
	Will using a wildcard with where work? I am trying to get a wildcard to work with a where clause. Not sure if I'm doing something wrong altogether or just m... by brcox9090 New Member in Splunk Search 11-11-2022 0 2	0	2
	How to display default value in rex statements if the value is blank? Hi, I am using the following script in Splunk query. Here i am trying having multiple values in field AdditionalData ... by manojchacko78 Path Finder in Splunk Search 11-11-2022 0 3	0	3
	How to filter data from JSON object having one field name and list of values into table? I have data something like below. msg: {<!-- --> application: test-app correlationid: 0.59680117.1667864418.7d2b8d5... by Splunk_321 Path Finder in Splunk Search 11-11-2022 0 1	0	1
	Lookup (KVStore) doesn't return any data? Can't seem to get this lookup(KVstore) to function.The dataset is from active directory in some cases in the same eve... by thoma1 Explorer in Splunk Search 11-11-2022 0 11	0	11
	How to create specific timerange fields to group stats? Hello,I have a collection of logs (same source type) but some of them have different or additional fields. In order t... by Fleety Loves-to-Learn Lots in Splunk Search 11-11-2022 0 1	0	1
	Help joining two different sourcetypes from the same index that both have a field with the same value but different name Hello everybody, I'm trying to join two different sourcetypes from the same index that both have a field with the sam... by Berfomet96 Explorer in Splunk Search 11-11-2022 0 2	0	2
	How to achieve "Message":"###1234$$$ Invalid" result with rex? splunk data: 2022-01-01T02:06:12.182Z 7c3edf29-c081-4cca-ae9b-0f79ef7d1c8d INFO {"InfoLogInformation":{"MethodName":"... by wvsgo215 Engager in Splunk Search 11-11-2022 0 2	0	2
	How to ceate a regex blacklist in inputs.conf with a common string value in log file? Hi All, Having issue in identifying the correct blacklist regex expression to skip the few logs which are loading to ... by sreesuresh545 New Member in Splunk Search 11-10-2022 0 4	0	4
	How to find App based on source types and indexes? Hello I have a quick question. are there any ways we can find a specific index name that was used within which App? ... by SplunkDash Motivator in Splunk Search 11-10-2022 0 2	0	2
	Help with search for week event analysis Hello Team, I have used to ask the same question in my previous ask :https://community.splunk.com/t5/Splunk-Search/Ho... by uagraw01 Motivator in Splunk Search 11-10-2022 0 6	0	6
	How can I optimize my query ? I have the following query with multiple joins and using max=0 which is not giving me all results as I think the size... by vrmandadi Builder in Splunk Search 11-10-2022 0 3	0	3
	How to split a column into two based on condition? Hi all, Pls consider this subset of data,... - Date - Fruit - Seller - Bad_count - ...11/8 - Apple - X - 311/8 - Appl... by shreyp Explorer in Splunk Search 11-10-2022 0 13	0	13