Splunk Search

Community Activity

Trying to join columns to an initial query Hello,I wonder if someone could help me out with a query. I'm trying to compare a value against different point in ti... by sbedard Engager in Splunk Search 10-11-2022 0 3	0	3
Why are some values from events in splunk query returning NULL? Hi, I have the following event as an example. Properties: { [-] Path: /v1.0/locations/branches QueryString: ?branch... by labaningombam Explorer in Splunk Search 10-11-2022 0 3	0	3
Is there a way to enrich events by having country information from IP address automatically through props.conf? Hello, I am trying to come-up with something which will automatically enrich the events using the country information... by efheem Explorer in Splunk Search 10-11-2022 0 0	0	0
How to get host and sourcetype combinations that do not fit in any Datamodel Hello,I'm trying to retrieve all the host-sourcetype combinations that are not captured by any Datamodel. I have a pe... by ownion Path Finder in Splunk Search 10-11-2022 0 0	0	0
Why is where command not working with Splunk events? I want to search below events in the base search. However these are not getting displayed when I use the where cmd. T... by ghostrider Path Finder in Splunk Search 10-11-2022 0 1	0	1
How can I extract the fields from log file? I need to split the below log files to like excel table. My Log file is: 2022-05-25 13:00:02 100.200.190.70 - test [1... by nayagan Engager in Splunk Search 10-11-2022 0 2	0	2
Help using lookup tables to select search results I have a lookup table named ics_special_domains that contains this: domain_name,typemicrosoft.com,microsoft*.microsof... by ilhwan Path Finder in Splunk Search 10-11-2022 0 6	0	6
How to show all values of a field on the same table? by din98 Explorer in Splunk Search 10-11-2022 0 9	0	9
How to send reports to email addresses in the query results? Hello Splunkers!!As per the below results. I want to send individual report to each manager on their email id. Likewi... by uagraw01 Motivator in Splunk Search 10-11-2022 0 1	0	1
How to determine and compare current time? Friends, tell me how to be in the next task.I have an alert time every two minutes.I need to use this time, apparentl... by metylkinandrey Communicator in Splunk Search 10-11-2022 0 3	0	3
What is the difference between min() max() and earliest() latest() for _time manipulations? If i only want to use the field "_time" of a log to get first and latest occurrence of an event, which commands shoul... by edefIo1937 Engager in Splunk Search 10-11-2022 1 4	1	4
How to calculate the percentage of IP CIDR? Hi, Kindly assist me as I am not getting the results I anticipate.I wish to have a table like this ClientIPCountPerce... by Lye Path Finder in Splunk Search 10-10-2022 0 12	0	12
How to achieve grouping the results using field present inside a json array? I have below format log messages. At the end I want to group the messages by BID.{ "details" : [ { "BID" : "123" }, {... by ghostrider Path Finder in Splunk Search 10-10-2022 0 1	0	1
How to index combination with different event structure? Hi all, I would like to create a table with details involved from two different index created. I'm facing difficulty ... by aa0 Path Finder in Splunk Search 10-10-2022 0 3	0	3
Where are the strange text artifacts included in search results coming from? Hey folks, Here's a weird one... I just added a new data source (Windows share permissions) into our Splunk env... by bensec01 Explorer in Splunk Search 10-10-2022 0 3	0	3
How to count events when hour is finished? Hi everyone, I am doing a search to find all the events that sent from different servers by hour, to find if any serv... by Julia1231 Communicator in Splunk Search 10-10-2022 0 5	0	5
How to calculate the number of times the same event has occured in an index? How to calculate the number of times the same event has occured in an index by MG Engager in Splunk Search 10-10-2022 0 2	0	2
How to extract fields from bluecoat logs? How to extract the log example below: 2010-09-29 16:23:44 2 172.16.106.54 exam.ple Filter-ID==4 - OBSERVED "Search E... by TheGU Path Finder in Splunk Search 10-10-2022 0 3	0	3
Why is multi column join not working whereas single column join is working fine? single column join is working index=* source=jar columns.path="/log4j-core" NOT columns.path=/log4j2.17* host... by pmittal Engager in Splunk Search 10-10-2022 0 6	0	6
How to lookup the best matching ingress url for url field in log? Dear Splunk community, I'm new to Splunk, so excuse my incompetence... What I'm trying to do is enriching my web acce... by tgravvold Engager in Splunk Search 10-10-2022 0 6	0	6
Dynamic saved search - How do I initialize search tokens in spl? I like to use savedsearches with token inside a classic xml dashboards e.g. <form>...<search><query>\| savedsearch "m... by hschuhkn Engager in Splunk Search 10-10-2022 0 3	0	3
How to add a column to count for consecutive occurrences? Hello, I have a monthly report that produce a table like this Violation list EmployeemonthA8-2022B8-2022 I want to ... by phamxuantung Communicator in Splunk Search 10-10-2022 0 8	0	8
How to search for Dst_ip and Src_ip NOT in lookup table? Hi, I need your help i have a lookup table as vcs_ip.csv. inside the table, i have a column named as ip. This table i... by 7ryota Explorer in Splunk Search 10-09-2022 0 1	0	1
How can I create an alert for long running jobs? Hi there,Search to trigger an alert when the particular job (scheduled jobs) is running more than the threshold time ... by thejasplunk67 Engager in Splunk Search 10-09-2022 0 8	0	8
Syntax help to get distinct results from two queries from two different timeframes Hello all,I would like a single splunk query that does the following:Query "APP_A" for a specific log message, return... by JHorst New Member in Splunk Search 10-07-2022 0 2	0	2