Splunk Search

Community Activity

How to find duration between multiple events for multiple occurrences? Hi all, I'm hoping that someone can help / point me in the right direction. I have two events which are being fed int... by MLL9 Explorer in Splunk Search 09-02-2022 0 5	0	5
How can I get just one avg count per day? (With time span = 3h I get 3 counts per day) Using the below query to get the daily avg user in during biz hours: index=pan_logs sourcetype=json_no_timestamp met... by imsidrai Explorer in Splunk Search 09-02-2022 0 4	0	4
How can I modify the search to show only the host_name and the sum total of the avg_kWh column? I have borrowed a search from an earlier question to help give kWh information on a given month. How can I modify the... by mallaht Loves-to-Learn in Splunk Search 09-02-2022 0 3	0	3
How to find changing serial numbers? Hello Splunk Enjoyers! I have problem Information about routers arrives every minute, so What I have: name_of_route... by splunk_enjoyer Explorer in Splunk Search 09-02-2022 0 6	0	6
How do I replace sourcetype? Finally we migrated away for Microsoft Azure Add-on for Splunk to Splunk Add-on for Microsoft Cloud Services. In Micr... by Kalnins Observer in Splunk Search 09-02-2022 0 1	0	1
How to search across all my data for any public IP addresses? Hello all, I've been hoping to play around with some of the iplocation functionality and see if I could leverage it ... by j4adam Communicator in Splunk Search 09-02-2022 0 3	0	3
How to customize x-axis and y-axis? I want to create a chart that show all the services being executed and the percentage of cpu used. I tried this after... by coolUsername Explorer in Splunk Search 09-02-2022 0 10	0	10
How to get the count based on sub_group? platfrom bkc_name domain testcase_id tnl abzke hef gh_1... by ramkyreddy Explorer in Splunk Search 09-01-2022 0 6	0	6
How to add new Lookup? I am working to leverage the below query for 'Stale Account Usage' from Splunk Security Essentials Docs, which uses l... by Sven1 Path Finder in Splunk Search 09-01-2022 0 2	0	2
Search for certain adjacent events in IIS log Greetings, I've been asked to provide log data for a specific form that has been accessed over a certain time period.... by seekay Engager in Splunk Search 09-01-2022 0 2	0	2
How to write rex to extract string? Hi, REX command rex mode=sed to remove quotation marks and numbers inside of them OUTPUT file "19214132.IKU" copied... by Edwin1471 Path Finder in Splunk Search 09-01-2022 0 2	0	2
How to calculate the difference between two dates? I have 2 dates first_found: 2022-08-23T21:08:54.808Z last_fixed:2022-08-30T12:56:58.860Z I am trying to calculate the... by marceldera Explorer in Splunk Search 09-01-2022 0 3	0	3
How to create a count down? Hello, I need to create a single value panel that displays a countdown from today's date until a target date, how ... by Anesthet1ze Explorer in Splunk Search 09-01-2022 0 4	0	4
Why am I getting the last Value column? Dear Splunk community: So i have the following SPL that has been running fine for the last week or so however, all of... by djoobbani Path Finder in Splunk Search 09-01-2022 0 2	0	2
Why is my auto lookup not working as intended? I have some searches that do not appear to be enhancing properly using the asset_lookup_by_str lookup table. In this ... by XOJ Path Finder in Splunk Search 09-01-2022 0 0	0	0
Will Limits.conf on an app level overwrite the default for all apps for just the one? Hi All If I apply a limits.conf for subsearch - maxout and searchresults - maxresultsrow for an app im deploying, wil... by ZubairBMW Engager in Splunk Search 09-01-2022 0 2	0	2
Help with Heartbeat check Good afternoon!I have six Heartbeat messages coming from the system. All messages from the chain are connected by one... by metylkinandrey Communicator in Splunk Search 09-01-2022 0 1	0	1
Which Condition Function for \| seach based on Token should I use? Case Scenario: Dashboard A is clicked, thus sending a token whose value is hostname ($hostnameToken$) to Dashboard B.... by time2200 Explorer in Splunk Search 09-01-2022 0 6	0	6
How to append a row and a column of averages? Hi, I have a search that uses the chart command to split by 2 fields, such that the results are shown below. The data... by dzyfer Path Finder in Splunk Search 09-01-2022 0 6	0	6
Using multiple time range on the same index to return different row values Hello all, I have a report that searches for differents time range like Year to now, Month to now, Last 5 days and l... by egonstep Path Finder in Splunk Search 08-31-2022 1 5	1	5
How to compare average between two non-adjacent time periods? Hello,what' the best way to compare averages between two non-adjacent time periods. I have bunch of api call events w... by BenTreeser Explorer in Splunk Search 08-31-2022 0 2	0	2
Thinkst Canary Alerts Picking up my first project for SOAR detections. Asking if anyone knows groups or sites that helped them when they we... by user2023rd Engager in Splunk Search 08-31-2022 1 1	1	1
How do I table multiple data into one cell? Hello I have a little problem with Splunk! I have a table that basically contains data in the following way number ... by fperalde Engager in Splunk Search 08-31-2022 0 2	0	2
Why does our Index firewall ingest more logs every Tuesday? Hello One of my company's firewall ingest more logs every tuesday to splunk which makes us go over the 10G limit per ... by Akdollar New Member in Splunk Search 08-31-2022 0 1	0	1
Help with regex - How to exclude multiple parentheses and slashes from a field? Is there a more elegant way to do this? New to using rex & I can’t seem to strip out the multiple parentheses and sla... by jalo23 Explorer in Splunk Search 08-31-2022 0 2	0	2