Splunk Search

Community Activity

How to extract values from existing field and reassign them to field? Hello, I currently have a field that contains a long string over 100+ events and in that field there are varying file... by wts408 Explorer in Splunk Search 09-19-2022 0 5	0	5
How to write regex to read all the value in all the lines? Hi Everyone, I am desperately seeking help for my new query in SPLUNK. The search result will look like the below: ... by fajri1203 Loves-to-Learn in Splunk Search 09-19-2022 0 3	0	3
How to search for different events on the same day, with different time frames? Hi all! I have been absolutely stumped by this and hoping you can help me out. I am trying to find users that have 2 ... by Southy567 Explorer in Splunk Search 09-19-2022 0 3	0	3
How to exclude matching results from Lookup? Hi all - I am trying to exclude matching results from a lookup and can't get it to work. I've tried multiple searches... by mistydennis Communicator in Splunk Search 09-19-2022 0 1	0	1
How to add URL Link to Alert Email? I have a search that is run as a cron and creates an email. It is very simple; index=my_index host=* logon Event... by OldManEd Builder in Splunk Search 09-19-2022 0 5	0	5
How to count number of applications associated with a given user and report if less than 10? I'm working on a search that evaluates events for a specific index/sourcetype combination; the events reflect SSO inf... by beetlegeuse Path Finder in Splunk Search 09-19-2022 0 3	0	3
How would I configure CyberArk TA, Search Head, and Syslog Server? Hello, Data in CyberArk comes through the Syslog Server and CyberArk TA needs to be installed into Search head (or se... by SplunkDash Motivator in Splunk Search 09-19-2022 0 13	0	13
Nested Search and Map Search- Is there a way to make this search more efficient? Dear all, I want to combine 2 search job into 1 job.My first search job is to search all the alert_id occur in the pa... by chteh Explorer in Splunk Search 09-19-2022 0 5	0	5
How to filter on multiple events? Hello, I have a search that outputs table data that looks like this: hst code type hosta 01 master hosta 02 mas... by harryvdtol Path Finder in Splunk Search 09-19-2022 0 3	0	3
How to make a new row in a table based on one of the tables column value? Hello!!!I am doing calculations for the time it takes when a machine is undergoing maintenance. Right now, I calculat... by ichesla1111 Path Finder in Splunk Search 09-18-2022 0 3	0	3
How can get an alert for each host in a lookup? I currently have a lookup that contains two columns. Hostnames and Location. I can use the following formula to sear... by weddi_eddy Explorer in Splunk Search 09-18-2022 0 3	0	3
Could someone help me with inputlookup within a search? Hi all, I am quite new to Splunk and now trying to create a dashboard panel using a query that does the following: pu... by desperate Engager in Splunk Search 09-18-2022 0 3	0	3
How to write case statement for below log? Hi Splunkers. I have two level of logs (NOTICE,ERROR), for Error logs(json), method_name and message is automatically... by Emyamy Explorer in Splunk Search 09-18-2022 0 2	0	2
How to find Abuse of GitHub? Hi Team,I'm new to Splunk Tool, I just have a question how to hunt below things in Splunk:1). Investigate net connect... by Gani New Member in Splunk Search 09-17-2022 0 0	0	0
How do I use rex to remove everything after a specific character, but not said character Hello, I am using rex to remove everything after a specific character, but i need to keep the specific character. Cur... by superisk Explorer in Splunk Search 09-17-2022 0 2	0	2
How do I add search results to lookup AND send entire lookup by email? I was asked to archive search results in a CSV then send those results periodically by email. My solution is to do th... by spadler Explorer in Splunk Search 09-16-2022 0 5	0	5
How to join search based on multiple values? Hi, I am trying to build a correlation that matches traffic to threat intel to figure out if it has been blocked or n... by KMoryson Explorer in Splunk Search 09-16-2022 0 1	0	1
How to filter out timestamp without miliseconds? We have 2 types of orders in the system, some are entered manually by phone and some are processed automatically as t... by DPOIRE Path Finder in Splunk Search 09-16-2022 0 2	0	2
How to create multisearch with different transactions times and find a distinct average time for each transaction? Hello Friends, I have an interesting query that I would like help on. I have three transactions that we are tracking ... by amaralt808 Path Finder in Splunk Search 09-16-2022 0 4	0	4
How to compare 2 Search's percentage results? Hey Team, I am trying to generate a search which returns a complete set of results from today and then compares it wi... by EBVanguard Engager in Splunk Search 09-16-2022 0 1	0	1
Why is my Splunk index showing "0"? I push the logs to splunk using hec method using this end point "/services/collector" that index data showing in 1 ... by tcsec2user Explorer in Splunk Search 09-16-2022 0 6	0	6
Why is timechart with where and streamstat not retrieving same results as where and stats? I am running a query where the following fetches the latency above 1000 milliseconds: As you can see the query uses ... by kimsej Explorer in Splunk Search 09-16-2022 0 4	0	4
How to create an eval and use of like? I am trying to an eval with like to assign priority to certain IPs/hosts and running into an issue where the priority... by jwalzerpitt Influencer in Splunk Search 09-16-2022 0 8	0	8
How to insert checkboxes in a simple statistics results table? Hello Splunkers, I have a situation where I have to replace the first cell in each row in a statistics table with a ... by allan_newton Path Finder in Splunk Search 09-16-2022 1 10	1	10
How do I compare times to find the closest to time in a column? Hi everyone, From dbxquery, I retrieve this table: idstart_time1end_time1start_time2end_time2123413/09/2022 21:46:43.... by Julia1231 Communicator in Splunk Search 09-16-2022 0 1	0	1