Splunk Search

Community Activity

How do I table multiple data into one cell? Hello I have a little problem with Splunk! I have a table that basically contains data in the following way number ... by fperalde Engager in Splunk Search 08-31-2022 0 2	0	2
Why does our Index firewall ingest more logs every Tuesday? Hello One of my company's firewall ingest more logs every tuesday to splunk which makes us go over the 10G limit per ... by Akdollar New Member in Splunk Search 08-31-2022 0 1	0	1
Help with regex - How to exclude multiple parentheses and slashes from a field? Is there a more elegant way to do this? New to using rex & I can’t seem to strip out the multiple parentheses and sla... by jalo23 Explorer in Splunk Search 08-31-2022 0 2	0	2
How to search multiple items from multiselect input in Dashboard studio? Hi everyone, When I search for multiple items from multiselect, it is not working. I can search for "ALL" or one ite... by amanda_dg Engager in Splunk Search 08-31-2022 0 0	0	0
How to make two searches in the same index but different event types? Hi! I have a log like this eventtype=000111 msg=malicious srcip=11.11.22.22 eventtype=123 msg=traffic srcip=11.11.22.... by olbapito New Member in Splunk Search 08-30-2022 0 3	0	3
Help with REX command Hi,I want to create a table from the sample log file entry by computing the field names based on the entries defined ... by mdyunusraza Observer in Splunk Search 08-30-2022 0 5	0	5
How to find values between two string I have this event:(pool-4-thread-1 18a68b34-f4af-4940-9339-6201b5004bb8) (********): do_SMSGW (Request) : &from=TULBU... by baljkastr Engager in Splunk Search 08-30-2022 0 1	0	1
When using appendcols, one column doesn't have events? My Query: index=test sourcetype=true AND private AND beta \|rex field=_raw "\[private]\s(?<category>\S+\s+\S+\s+\S+)"... by SS1 Path Finder in Splunk Search 08-30-2022 0 3	0	3
How to combine searches from multiple source files? I have the following 2 logs DRT.log: This consists of the following log lines: {"date_time":"20220823-13:11:11.622... by toernerg Observer in Splunk Search 08-30-2022 0 1	0	1
How to use the map command to add the total event times between created beginning and end times? I want to use the map command to add the total event times for each day during the time interval from 6am-6pm.For eac... by ichesla1111 Path Finder in Splunk Search 08-30-2022 0 2	0	2
How to not Display Data that is less than 10 days old? Hello all, I know this has been asked many different ways but, I cant seem to get the search correct. I am attempting... by IndyJones1345 Loves-to-Learn in Splunk Search 08-30-2022 0 1	0	1
How to get Splunk triggered alerts results url? Hi Splunkers , Im trying to build a dashboard to capture all the triggered alerts with some custom actions to be ap... by spl_unker Explorer in Splunk Search 08-30-2022 0 1	0	1
How to set up Alert setting, in case of a large interval between messages? Good afternoon!I receive messages from systems on splunk, several messages from one system line up in a message chain... by metylkinandrey Communicator in Splunk Search 08-30-2022 0 1	0	1
How to get pie chart value and name to be reflected in Available and Not Available name label? I need the count and count % to be reflected in Available and Not Available line with the value. Appreciate if i get ... by ShamGowda Loves-to-Learn Lots in Splunk Search 08-30-2022 0 1	0	1
How can I display a chain of all ten messages? I have a message thread, these messages are coming on splunk.The chain consists of ten different messages: five messa... by SajarKumarPat New Member in Splunk Search 08-30-2022 0 3	0	3
How to change the heigh of panels in XML ? Hi,How can I make both of these panels be the same height ? by Edwin1471 Path Finder in Splunk Search 08-30-2022 0 1	0	1
Why is timestamp not showing as the default in column1 when I load the dashboard? Hi Experts , i want to show Column1 timestamp selected as default in Date/Time Range From not sure what i am doing wr... by vamsi354 Explorer in Splunk Search 08-30-2022 0 2	0	2
How to write search to find error percentage for each group? My data looks as follows: host col2 ---- ---- A SUCCESS A ERROR B ERROR B SUCCESS B SUCCESS C ERROR Here ... by kimberlytrayson Path Finder in Splunk Search 08-30-2022 0 1	0	1
How to write correlation search to show these alerts? Hi Community, I have these alerts on EDR and I want to create a correlation search to show these alerts on the Splu... by m_khatibo88 New Member in Splunk Search 08-30-2022 0 1	0	1
How to display field value into column? status=Auto, Manual car= BMW, Honda, Audi index * \| stats count(status) as Total by car Is there anyway I can get the... by Khuzair81 Path Finder in Splunk Search 08-29-2022 0 2	0	2
How do list multiple sources in a query: sourcetype=xml source="/wealthsuite/tti/current/"? How do list multiple sources in a query: sourcetype=xml source="/wealthsuite/tti/current/"? by mcristinzio New Member in Splunk Search 08-29-2022 0 3	0	3
How do I change the title text on the tabs from default text to a custom text? I want to change the title text on the tabs from, for example, "Login\|Splunk" or "Dashboards \| Splunk 7.1.2" to a tex... by sh254087 Communicator in Splunk Search 08-29-2022 0 4	0	4
Formalizing MAC address to XX:XX:XX:XX:XX:XX format I was searing for a simple way to convert all types of mac address to "more" standard format. Found various solution... by jotne Builder in Splunk Search 08-29-2022 1 0	1	0
How to create a search for BST ( British Summer Time) Search Time Interval Change? Hi I have a SPL query that needs to adjust at search time when we are falling in and out of BST. During BST, the se... by djcascione Explorer in Splunk Search 08-29-2022 0 7	0	7
How can I rename the value of the policy name from = to "contains"? How can i rename the value of the policy name from = to "contains". Instead of saying "index=tenable* sourcetype="*"... by marceldera Explorer in Splunk Search 08-29-2022 0 1	0	1