Splunk Search

Community Activity

How do I reformat my table? Hello Splunkers!! As per my requirement my current results are as below : severityVulnablitiesCritical3Medium 4Low6 ... by uagraw01 Motivator in Splunk Search 10-26-2022 0 5	0	5
How to get special characters in logs recognized by Splunk by default? Hi, Log format is JSON I have a Field named Organization Now when Organization = "Systèmes" , this will have the foll... by edwinmae Path Finder in Splunk Search 10-26-2022 0 0	0	0
How to search for Windows event followed by another Windows event? I am trying to create a search which looks for an EventCode 4624 followed by another EventCode 4625 from same user, i... by Mckechnie Engager in Splunk Search 10-26-2022 0 1	0	1
Why is a function as 3-rd arg in the "replace" function not evaluating capturing groups? Hi all,Due to utf16/8-mismatch, I find a lot of utf16 \xnn chars in my events; this makes the json-parser kind of lo... by philbond Observer in Splunk Search 10-26-2022 0 1	0	1
Performance fields/stats/table https://community.splunk.com/t5/Splunk-Search/Fields-vs-table-vs-nothing/m-p/498525#M194897 I was looking at a Splunk... by bowesmana SplunkTrust in Splunk Search 10-25-2022 1 6	1	6
How to calculate the percentage of total bytes by app? I am having a brain fart on trying to figure out how to find the total bytes per application and the the percent of e... by jwalzerpitt Influencer in Splunk Search 10-25-2022 0 2	0	2
Separate multiple splunk values with an OR clause? I have a text box in a splunk dashboard and I'm trying to find out how I can separate values entered into the text bo... by MM0071 Path Finder in Splunk Search 10-25-2022 0 4	0	4
Why am I receiving fewer events when using rename command in Splunk? I am getting fewer events when using rename command in splunk. ( Compared to the search where I haven't used rename).... by vjsplunk Loves-to-Learn Everything in Splunk Search 10-25-2022 0 3	0	3
How to join inner? Inter join is not displaying any results. the search works however, nothing is showing up on the screen index = ten... by marceldera Explorer in Splunk Search 10-25-2022 0 1	0	1
How to combine two values from the same field? I'm trying to combine two simular values from the same field. and rename the values. I would like to combine /v1/pr... by msarkaus Path Finder in Splunk Search 10-25-2022 0 1	0	1
How can I show empty timechart with global_time date range? I have three graphs that show results based on a global time range.However, if I have no results (no errors) the thir... by vmpj Loves-to-Learn in Splunk Search 10-25-2022 0 6	0	6
Is there a Dashboard Studio widget to change background colors based upon query result (Yes / No)? I have seen several posts asking similar questions but I am not that much of a UI guy so they do not make sense. I ha... by sjringo Contributor in Splunk Search 10-25-2022 0 0	0	0
Result-depending cidrmatch between two lookups? Hello, I've been searching the internet for quite a while. But can't find any approach. I have a primary search that ... by JoDeBa Loves-to-Learn in Splunk Search 10-24-2022 0 2	0	2
How to determine if event is in list of outages? I have a seemingly simple request: list the events and indicate if it occurred during an outage. I have been trying f... by apps_inpaytech Explorer in Splunk Search 10-24-2022 0 6	0	6
Can I limit foreach iterations, or place a where clause (or other filter) in the foreach subsearch? Can I limit foreach iterations, or place a where clause (or other filter) in the foreach subsearch? I'm attempting to... by testingMemes Engager in Splunk Search 10-24-2022 0 2	0	2
Is there a more efficient way to match multiple values using rex? Hello, I have to avoid matching several values in a fields. The following works, but I"m wondering if there is a mo... by richnavis88 Explorer in Splunk Search 10-24-2022 1 2	1	2
How to dynamically remove events based on field value? Hello all, I have a search that's something like this: index=* sourcetype=* ID=* (value=1 OR value=2 OR value=... by es5 Loves-to-Learn Lots in Splunk Search 10-24-2022 0 7	0	7
How to get 2 unique rows for the values in the list. I have the following query: application_id=12345 STATUS_CODE IN (300, 400, 500)\| head 10 How can I modify this such ... by angersleek Path Finder in Splunk Search 10-24-2022 0 1	0	1
Inconsistency in search results with time settings? Hello, \| transaction RRN keepevicted=t \| search date_hour <6 If I execute this search with a specific date(10-10... by bo2057 Loves-to-Learn in Splunk Search 10-24-2022 0 2	0	2
What's the easiest way to Regex for any characters in the middle? Hello, I need to take events with two kind of text (different paths) :Appended to: G:\Streamserve\Appended to: D:\G... by nessaner Explorer in Splunk Search 10-24-2022 0 3	0	3
Timezone- Could you please help me convert all the values to a standard timezone(UTC)? Hi Community, Please help me.. I have a field Expiration with values having different timezones . Could you please he... by ranjithan Path Finder in Splunk Search 10-24-2022 0 4	0	4
Using eval to Add Field for top Result? I need to create a new field to assign to the top results of a command using eval. Obviously this syntax doesn't wor... by splunkyphil Engager in Splunk Search 10-23-2022 0 2	0	2
Help with inputintelligence command? Below is my spl \|from datamodel:"Threat_Intelligence".""Threat_Activity" \|dedup threat_match_field,threat_match_val... by dm1 Contributor in Splunk Search 10-23-2022 0 2	0	2
Failed logins by host- How can I find out what the "other" devices or hostnames are? I have repeated failed logins listed as "Other" in my pie chart for Failed Logins by Host. How can I find out what th... by na Loves-to-Learn in Splunk Search 10-23-2022 0 3	0	3
How to plot backlog data on timechart? Hi All, I need help on plotting backlog data on timechart We have set of tickets in backlog on specific dates with wo... by SanjayReddy SplunkTrust in Splunk Search 10-23-2022 0 5	0	5