Splunk Search

Community Activity

What is the most accurate metric to track Windows login times? Greetings fellow Splunkers, I was wondering if anyone has figured out what seems the most accurate metric to track wh... by JustAnotherITG Explorer in Splunk Search 10-03-2022 0 2	0	2
How to pass multiple values from inner search to outer search? Hi Folks, I could use some help with this query. index=address_index earliest=-30m address [ search index=registra... by Allene139 Explorer in Splunk Search 10-03-2022 0 14	0	14
How to create a list of first X values based on another field's value? I have a set of results for the search with id="base_metrics_search" which provide 3 panels with data. The events ea... by rberman Path Finder in Splunk Search 10-03-2022 0 1	0	1
Why am I getting this concact msg from multiple event for after apply a regex? Hello All , thanks for the help, my exemple: logStreamName: _timemessage09bfc06d1ff10cb79/config_Ec2_CECIO_Linux/... by Hugues Path Finder in Splunk Search 10-03-2022 0 3	0	3
How can I change the owner of the alert in alert manager action ? Hello How can I change the owner of the alert in alert manager action ? I have only unassigned by SplunkySplunk Explorer in Splunk Search 10-03-2022 0 2	0	2
How to achieve grouping the results using field present inside a json array? I have below format log messages. At the end I want to group the messages by BID. I tried using the below query but I... by ghostrider Path Finder in Splunk Search 10-03-2022 0 3	0	3
How do I dedup duplicate values including that value itself? Hi everyone, I am new to splunk. I am looking at windows event logs for the EventCode=4725 for all usernames within a... by charlottelimcl Explorer in Splunk Search 10-03-2022 0 3	0	3
Could someone help me with parsing JSON to a table? I have the following JSON object which contains certificates expreation date: {<!-- --> "certificate-one.crt": 2022-11... by Roei_Rom Engager in Splunk Search 10-02-2022 0 2	0	2
Is there any function works like group by grouping sets in Mysql? is there any function works like group by grouping sets in Mysql?So that I can get a value from each group and a tota... by krim Explorer in Splunk Search 10-02-2022 0 3	0	3
How to run an "if" argument in a search? Hi. I'm trying to get only failed login attempts but while I could find the correct field, it's not as accurate as th... by NizanCohen Explorer in Splunk Search 10-02-2022 0 3	0	3
How to specify time with rest command? Hello,I have a rest query with a field that contain date and time Is it possible to limit the search by this field so... by sarit_s Communicator in Splunk Search 10-02-2022 0 40	0	40
How to convert date How to convert Windows lastLogonTimestamp from this format 07:17.45 PM, Fri 09/30/2022 to 09/30/2022 19:17:45Thank yo... by hank72 Path Finder in Splunk Search 10-01-2022 0 5	0	5
Help with spath aws:metadata sorucetype tag.key{} vs Tag.value{}. index=aws sourcetype="aws:metadata" InstanceId=i-* \| spath Tags{}.key.Name output=Hostname \| mvexpand Hostna... by youngsuh Contributor in Splunk Search 10-01-2022 0 3	0	3
Splunkd crash after some time with below errors- How do I fix? ERROR HttpListener [97417 TcpChannelThread] - Exception while processing request from x.x.x.x:63596 for /en-US/splunk... by vikasg Loves-to-Learn Lots in Splunk Search 10-01-2022 0 6	0	6
Help with Timechart command I have an SPL which gives a result. I want to get a trend of the result. So I tried using timechart command, but it i... by alexspunkshell Contributor in Splunk Search 09-30-2022 0 2	0	2
Why are results from multisearch not combining? The below search is intended to get status codes from two different sources and put them together in a table. It work... by spadler Explorer in Splunk Search 09-30-2022 0 7	0	7
How to to extract field from the "textPayload" value? I am trying to extract field from the "textPayload" value which is log message and it has "status" as key. I want to... by vp New Member in Splunk Search 09-30-2022 0 1	0	1
Getting error "Streamed search execute failed because: JournalSliceDirectory: Cannot seek to 0" when running a search An internal customer got the following error on a dashboard when I running any search: Streamed search execute faile... by ddrillic Ultra Champion in Splunk Search 09-30-2022 4 5	4	5
How to update KV Store with consecutive values from a search? Hi, I'm trying to update a KV store so that the only entries in it will be for consecutive returns from a search. F... by Tomb Engager in Splunk Search 09-30-2022 0 2	0	2
Re: Help on removing the double quotes and reading a substring Hi @gcusello Need one more help, from the below log, i am able to remove all the wild characters using below script, ... by manojchacko78 Path Finder in Splunk Search 09-30-2022 0 7	0	7
How to split by comma and use values as field names? I have the following fields, where some of them might be null, empty, whatnot values.I would like to split the Servic... by JykkeDaMan Path Finder in Splunk Search 09-30-2022 0 3	0	3
How to create a dashboard using graph from response time count of application logs? Hi Team, I wanted to count response time for each hours from application logs, wanted to create dashboard using lin... by Amol1300 New Member in Splunk Search 09-30-2022 0 1	0	1
How to compare close date with start date? Hi there, I am new to this kind of analysis within Splunk but i've been asked to create a filter on events where the ... by vishalduttauk Communicator in Splunk Search 09-30-2022 0 2	0	2
Can someone help with my Splunk search to find new events in 2 week periods? Hello Splunkers!! I have two weeks events week 1 & week 2. Here I need to compare event of Week 1 & Week 2. The highl... by uagraw01 Motivator in Splunk Search 09-30-2022 0 2	0	2
How to escape equal signs (=) in key value data? Some of our data is logged in key value format separated by an equal sign (=), e.g.: field1=data1 field2=data2 Spl... by helge Builder in Splunk Search 09-29-2022 2 6	2	6