Splunk Search

Community Activity

Can someone help with a sample search to find Stale Active Users in Active Directory? Hello, I'm a bit new to Splunk and I'm trying to run a query that shows me users in Active directory that are still e... by Bobmc Observer in Splunk Search 09-09-2022 0 6	0	6
How to display number of search results as single value? I want to display the number of sent data in certain time in the dashboard. I think the best way is with "Single Valu... by SimonSchoppel Explorer in Splunk Search 09-09-2022 0 3	0	3
How to find out if a URL contains a specific IP or host name? I'm using lookup but don't know how to do a partial match instead of an exact match Example: 10.20.30.40 is in the li... by Toki Explorer in Splunk Search 09-09-2022 0 4	0	4
Can these Splunk queries be modified using tstats? Hi all, I have few queries to be modified using tstats:I am new to splunk, please let me know whether these queries c... by mahesh27 Communicator in Splunk Search 09-08-2022 0 15	0	15
How do I get search start time and end time value ? How do I get the job-execution start time and job execution endtime of my query as output of the query.index = some... by zacksoft Contributor in Splunk Search 09-08-2022 0 5	0	5
How to combine counts within a search? My current search is: `index`\| search source="Main Source" \| fields identifier, status_label\| chart count over identi... by bro_coded101 Loves-to-Learn Lots in Splunk Search 09-08-2022 0 3	0	3
Can I use catch alls (wildcards) in Splunk lookups if an exact match is not found? We have alert events coming into Splunk & Splunk ITSI that we open Service Now incidents for, but depending on the ev... by mark_cet Path Finder in Splunk Search 09-08-2022 0 4	0	4
How to leave date (in a field) is before today? I'm extremely new to Splunk and finding learning SPL very frustrating. I'm trying to look for windows log on events/ ... by KH Engager in Splunk Search 09-08-2022 0 2	0	2
Issue with foreach in multivalue <> not recognized I have encountered an issue with the foreach command on mv-fields.When I execute my search, Splunk says: "Error in 'e... by Finn Explorer in Splunk Search 09-08-2022 0 2	0	2
What is the difference between now() and _time? What is the difference between now() and _time? by smanojkumar Contributor in Splunk Search 09-08-2022 0 2	0	2
How to replace digits in regex? Hi, Below is the example for raw log: 20220906T23:43:58+03:00#0115dummyvalue.com#01110.111.169.11:51868#01110.45.38.1... by Dharani Path Finder in Splunk Search 09-08-2022 0 2	0	2
Time stamp Start_Time=092659Start_Date=20220908My requirement is to find the job amount many jobs that runs longer than a day, t... by smanojkumar Contributor in Splunk Search 09-08-2022 0 3	0	3
How can I identify the longest string in a multivalued field? I'm trying to make the Linux audit daemon data play nice. One of the challenges is that a particular action can trig... by responsys_cm Builder in Splunk Search 09-08-2022 0 2	0	2
Determining the max value of a multivalue field containing comma delimited text and number I have a comma delimited multivalue field that contains text and a digit in each value pair that I am trying to find ... by mydog8it Builder in Splunk Search 09-08-2022 1 14	1	14
How to extract multiple values to same field? Hello,I have logs like : samples={'xxxxxxx' : {'111' :{'222' :{'333'}}}}{'yyyyyyy'{'444'}}{'zzzzzzz'}I need to take a... by CybSec1 New Member in Splunk Search 09-08-2022 0 2	0	2
Is it possible to exclude any events with multi value fields and only table ones with single value? Hi, Is there any way to exclude any events that has more than one value of a field from end result. index=X statu... by FGAnders Explorer in Splunk Search 09-08-2022 0 2	0	2
Why does my SPLUNK RETS API return 0 eventCount? Hello, I've been using SPLUNK search REST API for a while now and just today i've run into the following issue. W... by PepposChris Observer in Splunk Search 09-07-2022 0 4	0	4
How to create a search for multiple earliest dates for 7day output? Hi All, Am looking for query to have multiple earliest days index=something sourcetype=something earliest=-7d@d late... by kpavan Path Finder in Splunk Search 09-07-2022 0 3	0	3
How to split the JSON array into multiple new events? Hey all, Can someone help me out with a JSON related question! Many many thanks!  I have a JSON arrays field in this... by jhcbazinga95 Loves-to-Learn Everything in Splunk Search 09-07-2022 0 3	0	3
Combining 2 searches but need help with dedup strategy Hi, I have 2 searches where the dedup strategy is different, i want to combine the 2 searches but need help with dedu... by SS1 Path Finder in Splunk Search 09-07-2022 0 1	0	1
How to Count appearance of containers per company? Hi,I want to count the numbers of containers per company. Each data point has a container id, company id, and much mo... by janderhungrige Observer in Splunk Search 09-07-2022 0 1	0	1
Is it possible to merge two searches (inner+outer)? Greetings. Is it possible merge 2 search? If there is any common value than connect it. If there is no match keep the... by Kislac Engager in Splunk Search 09-07-2022 0 4	0	4
Compare x hours vs last 1 week ago @ITWhisper As per the Below Screenshot I want to add Custom time frame. Where user can able to select any time frame ... by uagraw01 Motivator in Splunk Search 09-07-2022 0 9	0	9
How to extract second field between quotes and add url? I have logs of the format... 2022-09-07T01:42:06.321624+00:00 micro.service 2867ce23-bdfd-48eb-ba5a-40e1e8a93987[[APP... by Mick_OBrien Path Finder in Splunk Search 09-07-2022 0 5	0	5
How to merge two message threads into one? I have two message threads, each thread consists of ten messages. I need to request to display these two chains in on... by metylkinandrey Communicator in Splunk Search 09-07-2022 0 6	0	6