Splunk Search

Community Activity

	How would I fix my search not counting correctly? Hello y'all!I'm trying to use the Single Value object, and build a search which count the number of the records and s... by fpedrosa Engager in Splunk Search 11-01-2022 0 7	0	7
	How to generate a parent child process chain to use dendogram visualization? Hello all! I´m so lost trying to get full process tree to visualize it in dendogram https://splunkbase.splunk.com/app... by cpm003 Path Finder in Splunk Search 11-01-2022 0 1	0	1
	Why is my eval command with multiple if conditions not working? Hi, I have used eval with multiple if conditions and it's failing. Kindly help. source = "2access_30DAY.log" \| eva... by SumanPalisetty Path Finder in Splunk Search 11-01-2022 0 7	0	7
	Replacing values in a column in a lookup table with the results from a search query? Hi, I have been tasked to design an alert to trigger whenever there is a modification of the "search query" of an ale... by loki New Member in Splunk Search 11-01-2022 0 1	0	1
	Check if field match the regex? Hi Splunk Community, I need help to check whether my directory field match the regex The regex I used is ^\w+:\\root_... by boxmetal Path Finder in Splunk Search 11-01-2022 0 3	0	3
	Extract count of search field(SPL) by re-search? hello index=_audit user=admin action=search info=granted search=* \| table search_id search\| replace "'search *" WITH ... by syloee Explorer in Splunk Search 11-01-2022 0 3	0	3
	Add dashboard tab to app? Good afternoon!The infrastructure command gave me permissions so that I can add a dashboard tab to my application. I ... by metylkinandrey Communicator in Splunk Search 11-01-2022 0 9	0	9
	How to match case on multiple value assigned Hi all,I'm trying to create category based on host category: Lab,Personal,Staff and get workstations to be counted fo... by aa0 Path Finder in Splunk Search 11-01-2022 0 2	0	2
	How to split multiple fields? I need to be able to split multiple fields that have a delimiter of "\|#\|". The field name will differ depending on th... by paras Explorer in Splunk Search 10-31-2022 0 2	0	2
	Why is eval command case function not working? Hi, I wrote a eval command and its not working. Kindly help. source = "2access_30DAY.log" \| eval "new_field" = case('... by SumanPalisetty Path Finder in Splunk Search 10-31-2022 0 7	0	7
	SPL to extract field and field value? SPL to extract field and field value when data seems like belowscreenshot attached.I need help in extracting field as... by AK_Splunk Explorer in Splunk Search 10-31-2022 0 3	0	3
	Combinatorics, permutation, foreach within a foreach... unique stats case to calculate a fields vertical relationship? I have a unique query that I think I have a general logical approach to solving, but the syntax and most efficient ro... by tobiasboone1 Explorer in Splunk Search 10-31-2022 0 10	0	10
	Is it possible to concatenate string with a number using eval? Hi, Can we concatenate a string with a number using eval with '.' operator? I got to know that from a video, but when... by SumanPalisetty Path Finder in Splunk Search 10-31-2022 0 3	0	3
	How to achieve a federated search to link the on-prem indexers to the cloud SH? I have a distributed Splunk environment, meaning a SHC and IDX cluster connected via distributed search as outlined i... by andrew_burnett Path Finder in Splunk Search 10-31-2022 0 1	0	1
	The default search won't let you click the link, it just lets you filter on that field, is there an override to this? I can control the data sent to the fields. All fields on the deafult search allow you include/exclude in search resu... by vinceisvince Observer in Splunk Search 10-31-2022 0 1	0	1
	What happened to the data? Hi,I have a question for my understanding. Kindly help.You had data in the past, one fine day if you see there is no ... by SumanPalisetty Path Finder in Splunk Search 10-31-2022 0 4	0	4
	"[Errno 111] Connection refused" when I restart Splunk on my HF Hello Splunkers,I am facing some errors every time I relaunch my Splunk service on my HF.Inside splunkd.log I have th... by GaetanVP Contributor in Splunk Search 10-31-2022 0 2	0	2
	DNS tunneling detection - Help with fine tuning splunk search Hey Splunkers,Can someone please help me with the logic, how can I finetune the search below to detect DNS tunnelling... by Woodpecker Path Finder in Splunk Search 10-31-2022 0 1	0	1
	Is this message format possible for sending to splunk? Tell me, is this message format possible for sending to splunk: curl --location --request POST 'http://170.25.25.25:8... by metylkinandrey Communicator in Splunk Search 10-31-2022 0 2	0	2
	How to use the results of subsearch? My requirement is to utilize the results of the sub-search and use it with the results of the main search results, bu... by smanojkumar Contributor in Splunk Search 10-31-2022 0 5	0	5
	Time range in rest query- Unable to get it down to last hour? Hi, ive got the below query that im using to try and see when correlation searches have been edited: \| rest splunk_s... by Ra1n New Member in Splunk Search 10-31-2022 0 1	0	1
	Suggestions on Minimum message type (json)? Good afternoon!We have a problem in the workflow: a part of the customer's system, which is not developed by us, is n... by metylkinandrey Communicator in Splunk Search 10-31-2022 0 4	0	4
	Need help in extraction and creating table Below query is in string text format need to separate each field and create a table with all columns for operator , ... by monicateja Explorer in Splunk Search 10-31-2022 0 2	0	2
	Regex search help? log: {“timeMillis”:“1667091964927",“timestamp”:“2022-10-30T01:06:04.927Z”,“thread”:“reactor-http-epoll-3",“level”:“IN... by monicateja Explorer in Splunk Search 10-31-2022 0 1	0	1
	How to lookup two files with same column name and display only the difference? This is my first question here! And I just started my journey with Splunk.I have two files test1.csv and test2.csv wi... by nihvk Explorer in Splunk Search 10-31-2022 0 3	0	3