Splunk Search

Community Activity

How to optimize my base search for syslog? Hello Splunkers , I have the below source code and using the base search as index=syslog process!=switchd but its tak... by vrmandadi Builder in Splunk Search 10-07-2022 0 5	0	5
How do I use regex to select a string between two symbols? Splunk logs looks like below:userid=234user\|rwe23\|dwdwd --userid=id123\|34lod\|2323 textHow can I get value between "="... by ss394546910 Engager in Splunk Search 10-07-2022 0 3	0	3
How to use the splunk ldapsearch app to list all users' memberships with in a group? I am having no luck listing users' memberships with in a group, using ldapsearch.I am not an AD LDAP expert, either.L... by Glasses2 Communicator in Splunk Search 10-07-2022 0 4	0	4
Infoblox reporting splunk question: How to pull into first search query? Hi, I'm using the following search string in Infoblox reporting: sourcetype=ib:audit index=ib_audit \| sort -_time... by DDIGuy Explorer in Splunk Search 10-07-2022 0 4	0	4
Is there a way to identify/search what SMB version is being used across the network? Hello Splunkers, Is there a way to identify/search what SMB version is being used across the network? I am looking to... by faizshir Loves-to-Learn in Splunk Search 10-07-2022 0 2	0	2
How to join lookups? Hello everyone! I have 2 lookups - 1.csv and 2.csv 1.csv contains such table hostuserresulthost1Alexsuccesshost2Micha... by bosseres Contributor in Splunk Search 10-07-2022 0 1	0	1
Why does it say there are events but then it says "No results found"? After running a search, I have the below results: 112,471 events (9/20/17 2:00:00.000 PM to 9/21/17 2:10:07.000 PM B... by frizzoS3 New Member in Splunk Search 10-07-2022 0 8	0	8
Timechart - Is there a way to define the area in-code? Hello, I'm using a timechart with the following block for allowing the user to select a specific area and see stats o... by nsassine Explorer in Splunk Search 10-07-2022 0 4	0	4
How to get pie chart average value in three slices? Short description:When a consumer orders groceries online, I provide the picker—the individual who picked the foods b... by alakdam Path Finder in Splunk Search 10-07-2022 0 3	0	3
Why does search use up large amount of memory? I'm trying to export raw linux audit logs to a file. For example: splunk.exe "sourcetype=linux:audit _time>xxx... by eng3 New Member in Splunk Search 10-06-2022 0 2	0	2
Splunk search- How to extract payload? Hello , I have splunk logger line like below: Address: XXX HttpMethod: POST Headers: {<!-- -->Ama-Internal-REST-Service=hote... by Sanjana Explorer in Splunk Search 10-06-2022 0 2	0	2
How to utilize wildcards in time fields in lookup file? I have a lookup which has a field with time values (in 24 hr time; i.e. 00:30, 13:45, 23:15), which tells my dashboar... by TBH0 Explorer in Splunk Search 10-06-2022 0 6	0	6
Do I use Last(..) or Latest(..) after match(..), or something else? I am performing a search for two events. A start event and a stop event for a specific job Name. I have ran into an i... by sjringo Contributor in Splunk Search 10-06-2022 0 12	0	12
How to use eval within stats for data from tstats I'm trying to use eval within stats to work with data from tstats, but it doesn't seem to work the way I expected it ... by kcheek_umich New Member in Splunk Search 10-06-2022 0 8	0	8
Time Range "earliest" in SPL not working? When conducting searches, we have observed that the SPL searches were not working based on the "earliest" time range ... by thahir Contributor in Splunk Search 10-06-2022 0 3	0	3
Can I change the stats limit in Splunk for the max characters? hello all, My problem is I thing Splunk have max character accepted for stats command, when i perform this search ind... by Hugues Path Finder in Splunk Search 10-06-2022 0 15	0	15
How to dynamically change table contents based on log messages? Not sure if I am putting this in the correct area; my apologies ahead of time. I wanted to know if it would be possib... by kiddsupreme Explorer in Splunk Search 10-06-2022 0 1	0	1
How to join REST & search results? I'm really bad when it comes to join searches, though I've been doing this for years. I'm able to find the list of o... by manderson7 Contributor in Splunk Search 10-06-2022 0 2	0	2
Make average compare with two columns value based and display it in Panel I have two two columns of data, One is Expected box and another is Actual box. I would like to make Percentage/Avera... by alakdam Path Finder in Splunk Search 10-06-2022 0 7	0	7
Report results to event summary index, why value with hyphen (-) is double quoted? Isn't hyphen a minor breaker so I'm wondering why the values with hyphen get double quoted when doing summary indexin... by JykkeDaMan Path Finder in Splunk Search 10-06-2022 0 3	0	3
How to make comparison of a field with a digit with a field where there are alphabetic characters? Prompt as I can make arithmetic comparison of two fields. Comparison: more, less.The first field consists of numbers:... by metylkinandrey Communicator in Splunk Search 10-06-2022 0 7	0	7
Merge 3 Splunk field into 1? Hi, I am trying to concatenate 3 fields into 1 field but I am unable to do so.I tried: and this: Can someone help? ... by POR160893 Builder in Splunk Search 10-06-2022 0 4	0	4
How to create a new field? Tell me, what should I do in my case, I need from the field: 1.SAPS-SIS.TO.LSP.SEND, or: "12.SAPS-SIS.TO.LSP.RECEIVEG... by metylkinandrey Communicator in Splunk Search 10-06-2022 0 2	0	2
Could someone assist on converting Azure Sentinel to SPL? Hi all. It might sound weird but I need assistance converting Azure Sentinel queries to SPL. The main goal is to use ... by NizanCohen Explorer in Splunk Search 10-06-2022 0 0	0	0
How to use substr to extract the first 3 letters of a field and use it as a grouping field? I'm not sure I asked the right question, but I'd like to use substr to extract the first 3 letters of a field and use... by chq_alanf Explorer in Splunk Search 10-06-2022 2 9	2	9