Splunk Search

Community Activity

	Where are the strange text artifacts included in search results coming from? Hey folks, Here's a weird one... I just added a new data source (Windows share permissions) into our Splunk env... by bensec01 Explorer in Splunk Search 10-10-2022 0 3	0	3
	How to count events when hour is finished? Hi everyone, I am doing a search to find all the events that sent from different servers by hour, to find if any serv... by Julia1231 Communicator in Splunk Search 10-10-2022 0 5	0	5
	How to calculate the number of times the same event has occured in an index? How to calculate the number of times the same event has occured in an index by MG Engager in Splunk Search 10-10-2022 0 2	0	2
	How to extract fields from bluecoat logs? How to extract the log example below: 2010-09-29 16:23:44 2 172.16.106.54 exam.ple Filter-ID==4 - OBSERVED "Search E... by TheGU Path Finder in Splunk Search 10-10-2022 0 3	0	3
	Why is multi column join not working whereas single column join is working fine? single column join is working index=* source=jar columns.path="/log4j-core" NOT columns.path=/log4j2.17* host... by pmittal Engager in Splunk Search 10-10-2022 0 6	0	6
	How to lookup the best matching ingress url for url field in log? Dear Splunk community, I'm new to Splunk, so excuse my incompetence... What I'm trying to do is enriching my web acce... by tgravvold Engager in Splunk Search 10-10-2022 0 6	0	6
	Dynamic saved search - How do I initialize search tokens in spl? I like to use savedsearches with token inside a classic xml dashboards e.g. <form>...<search><query>\| savedsearch "m... by hschuhkn Engager in Splunk Search 10-10-2022 0 3	0	3
	How to add a column to count for consecutive occurrences? Hello, I have a monthly report that produce a table like this Violation list EmployeemonthA8-2022B8-2022 I want to ... by phamxuantung Communicator in Splunk Search 10-10-2022 0 8	0	8
	How to search for Dst_ip and Src_ip NOT in lookup table? Hi, I need your help i have a lookup table as vcs_ip.csv. inside the table, i have a column named as ip. This table i... by 7ryota Explorer in Splunk Search 10-09-2022 0 1	0	1
	How can I create an alert for long running jobs? Hi there,Search to trigger an alert when the particular job (scheduled jobs) is running more than the threshold time ... by thejasplunk67 Engager in Splunk Search 10-09-2022 0 8	0	8
	Syntax help to get distinct results from two queries from two different timeframes Hello all,I would like a single splunk query that does the following:Query "APP_A" for a specific log message, return... by JHorst New Member in Splunk Search 10-07-2022 0 2	0	2
	How to optimize my base search for syslog? Hello Splunkers , I have the below source code and using the base search as index=syslog process!=switchd but its tak... by vrmandadi Builder in Splunk Search 10-07-2022 0 5	0	5
	How do I use regex to select a string between two symbols? Splunk logs looks like below:userid=234user\|rwe23\|dwdwd --userid=id123\|34lod\|2323 textHow can I get value between "="... by ss394546910 Engager in Splunk Search 10-07-2022 0 3	0	3
	How to use the splunk ldapsearch app to list all users' memberships with in a group? I am having no luck listing users' memberships with in a group, using ldapsearch.I am not an AD LDAP expert, either.L... by Glasses2 Communicator in Splunk Search 10-07-2022 0 4	0	4
	Infoblox reporting splunk question: How to pull into first search query? Hi, I'm using the following search string in Infoblox reporting: sourcetype=ib:audit index=ib_audit \| sort -_time... by DDIGuy Explorer in Splunk Search 10-07-2022 0 4	0	4
	Is there a way to identify/search what SMB version is being used across the network? Hello Splunkers, Is there a way to identify/search what SMB version is being used across the network? I am looking to... by faizshir Loves-to-Learn in Splunk Search 10-07-2022 0 2	0	2
	How to join lookups? Hello everyone! I have 2 lookups - 1.csv and 2.csv 1.csv contains such table hostuserresulthost1Alexsuccesshost2Micha... by bosseres Contributor in Splunk Search 10-07-2022 0 1	0	1
	Why does it say there are events but then it says "No results found"? After running a search, I have the below results: 112,471 events (9/20/17 2:00:00.000 PM to 9/21/17 2:10:07.000 PM B... by frizzoS3 New Member in Splunk Search 10-07-2022 0 8	0	8
	Timechart - Is there a way to define the area in-code? Hello, I'm using a timechart with the following block for allowing the user to select a specific area and see stats o... by nsassine Explorer in Splunk Search 10-07-2022 0 4	0	4
	How to get pie chart average value in three slices? Short description:When a consumer orders groceries online, I provide the picker—the individual who picked the foods b... by alakdam Path Finder in Splunk Search 10-07-2022 0 3	0	3
	Why does search use up large amount of memory? I'm trying to export raw linux audit logs to a file. For example: splunk.exe "sourcetype=linux:audit _time>xxx... by eng3 New Member in Splunk Search 10-06-2022 0 2	0	2
	Splunk search- How to extract payload? Hello , I have splunk logger line like below: Address: XXX HttpMethod: POST Headers: {<!-- -->Ama-Internal-REST-Service=hote... by Sanjana Explorer in Splunk Search 10-06-2022 0 2	0	2
	How to utilize wildcards in time fields in lookup file? I have a lookup which has a field with time values (in 24 hr time; i.e. 00:30, 13:45, 23:15), which tells my dashboar... by TBH0 Explorer in Splunk Search 10-06-2022 0 6	0	6
	Do I use Last(..) or Latest(..) after match(..), or something else? I am performing a search for two events. A start event and a stop event for a specific job Name. I have ran into an i... by sjringo Contributor in Splunk Search 10-06-2022 0 12	0	12
	How to use eval within stats for data from tstats I'm trying to use eval within stats to work with data from tstats, but it doesn't seem to work the way I expected it ... by kcheek_umich New Member in Splunk Search 10-06-2022 0 8	0	8