Splunk Search

Community Activity

How to send reports to email addresses in the query results? Hello Splunkers!!As per the below results. I want to send individual report to each manager on their email id. Likewi... by uagraw01 Motivator in Splunk Search 10-11-2022 0 1	0	1
How to determine and compare current time? Friends, tell me how to be in the next task.I have an alert time every two minutes.I need to use this time, apparentl... by metylkinandrey Communicator in Splunk Search 10-11-2022 0 3	0	3
What is the difference between min() max() and earliest() latest() for _time manipulations? If i only want to use the field "_time" of a log to get first and latest occurrence of an event, which commands shoul... by edefIo1937 Engager in Splunk Search 10-11-2022 1 4	1	4
How to calculate the percentage of IP CIDR? Hi, Kindly assist me as I am not getting the results I anticipate.I wish to have a table like this ClientIPCountPerce... by Lye Path Finder in Splunk Search 10-10-2022 0 12	0	12
How to achieve grouping the results using field present inside a json array? I have below format log messages. At the end I want to group the messages by BID.{ "details" : [ { "BID" : "123" }, {... by ghostrider Path Finder in Splunk Search 10-10-2022 0 1	0	1
How to index combination with different event structure? Hi all, I would like to create a table with details involved from two different index created. I'm facing difficulty ... by aa0 Path Finder in Splunk Search 10-10-2022 0 3	0	3
Where are the strange text artifacts included in search results coming from? Hey folks, Here's a weird one... I just added a new data source (Windows share permissions) into our Splunk env... by bensec01 Explorer in Splunk Search 10-10-2022 0 3	0	3
How to count events when hour is finished? Hi everyone, I am doing a search to find all the events that sent from different servers by hour, to find if any serv... by Julia1231 Communicator in Splunk Search 10-10-2022 0 5	0	5
How to calculate the number of times the same event has occured in an index? How to calculate the number of times the same event has occured in an index by MG Engager in Splunk Search 10-10-2022 0 2	0	2
How to extract fields from bluecoat logs? How to extract the log example below: 2010-09-29 16:23:44 2 172.16.106.54 exam.ple Filter-ID==4 - OBSERVED "Search E... by TheGU Path Finder in Splunk Search 10-10-2022 0 3	0	3
Why is multi column join not working whereas single column join is working fine? single column join is working index=* source=jar columns.path="/log4j-core" NOT columns.path=/log4j2.17* host... by pmittal Engager in Splunk Search 10-10-2022 0 6	0	6
How to lookup the best matching ingress url for url field in log? Dear Splunk community, I'm new to Splunk, so excuse my incompetence... What I'm trying to do is enriching my web acce... by tgravvold Engager in Splunk Search 10-10-2022 0 6	0	6
Dynamic saved search - How do I initialize search tokens in spl? I like to use savedsearches with token inside a classic xml dashboards e.g. <form>...<search><query>\| savedsearch "m... by hschuhkn Engager in Splunk Search 10-10-2022 0 3	0	3
How to add a column to count for consecutive occurrences? Hello, I have a monthly report that produce a table like this Violation list EmployeemonthA8-2022B8-2022 I want to ... by phamxuantung Communicator in Splunk Search 10-10-2022 0 8	0	8
How to search for Dst_ip and Src_ip NOT in lookup table? Hi, I need your help i have a lookup table as vcs_ip.csv. inside the table, i have a column named as ip. This table i... by 7ryota Explorer in Splunk Search 10-09-2022 0 1	0	1
How can I create an alert for long running jobs? Hi there,Search to trigger an alert when the particular job (scheduled jobs) is running more than the threshold time ... by thejasplunk67 Engager in Splunk Search 10-09-2022 0 8	0	8
Syntax help to get distinct results from two queries from two different timeframes Hello all,I would like a single splunk query that does the following:Query "APP_A" for a specific log message, return... by JHorst New Member in Splunk Search 10-07-2022 0 2	0	2
How to optimize my base search for syslog? Hello Splunkers , I have the below source code and using the base search as index=syslog process!=switchd but its tak... by vrmandadi Builder in Splunk Search 10-07-2022 0 5	0	5
How do I use regex to select a string between two symbols? Splunk logs looks like below:userid=234user\|rwe23\|dwdwd --userid=id123\|34lod\|2323 textHow can I get value between "="... by ss394546910 Engager in Splunk Search 10-07-2022 0 3	0	3
How to use the splunk ldapsearch app to list all users' memberships with in a group? I am having no luck listing users' memberships with in a group, using ldapsearch.I am not an AD LDAP expert, either.L... by Glasses2 Communicator in Splunk Search 10-07-2022 0 4	0	4
Infoblox reporting splunk question: How to pull into first search query? Hi, I'm using the following search string in Infoblox reporting: sourcetype=ib:audit index=ib_audit \| sort -_time... by DDIGuy Explorer in Splunk Search 10-07-2022 0 4	0	4
Is there a way to identify/search what SMB version is being used across the network? Hello Splunkers, Is there a way to identify/search what SMB version is being used across the network? I am looking to... by faizshir Loves-to-Learn in Splunk Search 10-07-2022 0 2	0	2
How to join lookups? Hello everyone! I have 2 lookups - 1.csv and 2.csv 1.csv contains such table hostuserresulthost1Alexsuccesshost2Micha... by bosseres Contributor in Splunk Search 10-07-2022 0 1	0	1
Why does it say there are events but then it says "No results found"? After running a search, I have the below results: 112,471 events (9/20/17 2:00:00.000 PM to 9/21/17 2:10:07.000 PM B... by frizzoS3 New Member in Splunk Search 10-07-2022 0 8	0	8
Timechart - Is there a way to define the area in-code? Hello, I'm using a timechart with the following block for allowing the user to select a specific area and see stats o... by nsassine Explorer in Splunk Search 10-07-2022 0 4	0	4