Splunk Search

Community Activity

How to achieve proper search for timechart with where clause? Here is my search: source="WinEventLog:Security" EventCode=540 \| timechart span=1h count by User This gives me the co... by hartfoml Motivator in Splunk Search 09-21-2022 2 13	2	13
Can someone explain the parameters of ? Hi Team! Someone please explain to me what each parameter is responsible for in such a search tag: <search><query>sys... by NickGrava Engager in Splunk Search 09-21-2022 0 2	0	2
How to exclude results in search? I want to exclude duration results if greater than 7 days. So i used search NOT but it is not working. Can someone he... by alexspunkshell Contributor in Splunk Search 09-21-2022 0 1	0	1
How to fill sparse data in a table for alert? I have a query which results in a table: "some words" \| stats dc(host) as host_count by zone, region My end goal is... by charming_fish New Member in Splunk Search 09-21-2022 0 1	0	1
How to set x axis time interval for line chart every 1h? HI Team,I am getting 2 hr time span only if i mentioned the 1 or 3 or 4 hours span too in the visualization line char... by Anud Path Finder in Splunk Search 09-21-2022 0 1	0	1
How to create an eval metric based on a sequence of events? Hi all, I'm trying to create a "Fallback escalation rate" for a chatbot. This rate would be calculated by users that ... by KyleMcDougall Path Finder in Splunk Search 09-21-2022 0 7	0	7
How to delete Windows logs after it was read by Splunk? Hi All, I have a large number of Windows logs in directory. How can I automatically delete them from the disk space a... by PTIch Engager in Splunk Search 09-21-2022 0 2	0	2
To which index does the sourcetype belong? Greetings,I have been creating a search that collects all the sourcetypes that have not collected any information dur... by Neonbeeflash3 New Member in Splunk Search 09-21-2022 0 3	0	3
How to transform event data for table display? Hi, I would like display values of variables from an event as a Table. My data format is as follow: TimeEvent9/16/22... by dzyfer Path Finder in Splunk Search 09-21-2022 0 6	0	6
How to event break with by request ID? On my attached picture these many events should become one event by ID instead of so many, how can I break those even... by baljkastr Engager in Splunk Search 09-20-2022 0 1	0	1
How to create a subsearch based on parent search? I want to create subsearch based on parent fields search. I want to show only rows from cor_inbox_entry that in... by eitangabay New Member in Splunk Search 09-20-2022 0 2	0	2
How to write search to get the numbers in order for field? Hello Team, I am running below query to get the stats but I am looking to get the Store numbers in serial order, can... by pkumar9610 Explorer in Splunk Search 09-20-2022 0 2	0	2
How to search using a set of values? Hello All,I am relatively new to splunk and I am trying to search using sets. Sets here refers to a group of values t... by olawalePS Path Finder in Splunk Search 09-20-2022 0 3	0	3
How to pull data from Nested JSON Fields based on Field Value? Hello, I'm working on creating automated alerts from an email security vendor and would like for them to only includ... by cfloquet Path Finder in Splunk Search 09-20-2022 0 2	0	2
How can I sort results for previous week and current week in two seperate columns? Hi Folks,How can i display the results for 2022-09-02 in Result_Prev column and 2022-09-09 in Result column and keepi... by wanda619 Path Finder in Splunk Search 09-20-2022 0 6	0	6
Using search to find user using RDP and switch identities usage What's a good way to find user who logon to RDP with one user account then user another like privilege user account. ... by youngsuh Contributor in Splunk Search 09-20-2022 1 1	1	1
What are the differences between Splunk Cloud and Splunk Enterprise lispy? Hi, We are using both Splunk Cloud and Splunk Enterprise. We recently came across some issues/differences in search w... by aprice_q Observer in Splunk Search 09-20-2022 0 2	0	2
I tried accessing an API with the help of Splunk API Modular Input add on, but there is no option for bearer auth? I want to access an API and I can only use Bearer authentication to access that particular API. I searched a lot abou... by kgiri253 Explorer in Splunk Search 09-20-2022 0 1	0	1
Translate splunk data to json using cli search? I have a splunk container running on docker, and was hoping to translate the splunk index data into json using a cli ... by zsbbb Engager in Splunk Search 09-20-2022 0 1	0	1
Forescout nested json- How do I categorize the nested json objects into fields within the array? Hello, I am currently working on a use case which has complex ingested data with nested json. The data I am trying to... by Foss Engager in Splunk Search 09-20-2022 0 1	0	1
How to assign previous month's fetched result to current month's field? Considering 2022-06 as starting month, If month is 2022-07, i should assign 2022-06's corresponding field values " gr... by spoo Explorer in Splunk Search 09-19-2022 0 6	0	6
Help with join in searches HiNeed help with Left joinThere are two queries as belowQuery1index=abc sourcetype=123 \| table a.b.requestGUID E... by mailravi Loves-to-Learn in Splunk Search 09-19-2022 0 6	0	6
How to filter search by value from a json list? Hi Consider this event structure : {"result" : {"dogs" : [{"name" : "dog-a", "food":["pizza", "burger"] }, {"nam... by mottig Path Finder in Splunk Search 09-19-2022 0 4	0	4
Why is line chart color is not getting change? Hi Im trying to change the color of a line chart with: <option name="charting.seriesColors">[000000FF]</option> but ... by mottig Path Finder in Splunk Search 09-19-2022 0 2	0	2
How to extract values from existing field and reassign them to field? Hello, I currently have a field that contains a long string over 100+ events and in that field there are varying file... by wts408 Explorer in Splunk Search 09-19-2022 0 5	0	5