Splunk Search

Community Activity

	How do I extract multiple fields from a json array? I'm having issues properly extracting all the fields I'm after from some json. The logs are from a script that dumps... by user_303_user Observer in Splunk Search 08-18-2022 0 4	0	4
	Help with Spath for Nested Json Hi All, Can someone pls assist me in extracting the different Recipients out this nested Json ? This is from O365 lo... by neerajs_81 Builder in Splunk Search 08-18-2022 0 13	0	13
	How do I create a dashboard to log any New Firewall rule that has been committed to Panorama? Creating A dashboard to log any New Firewall rule that has been committed to Panorama. How do i go about this? Any as... by SPLKwame28 Engager in Splunk Search 08-18-2022 0 6	0	6
	Is it possible to modify a portion of CSV file in inputlookup? Hi Every one, Is it possible to modify a portion of CSV file in inputlookup? Cheers. by majilan1 Path Finder in Splunk Search 08-17-2022 0 5	0	5
	Join and calculate difference in time using an unique key? I have the following queries query 1 : index1 .... \| table _time uniqueID query 2 : index2 .... \| table _time... by yk010123 Path Finder in Splunk Search 08-17-2022 0 7	0	7
	How to filter multiple values in a given field? Hi all, I am new at Splunk and trying to evaluate this query. I have some accounts, dates(week starting) and number ... by hmohta Path Finder in Splunk Search 08-17-2022 0 6	0	6
	How to use timestamp as x axis in chart? Currently I have used a similar query to what is below to plot data on a 24 hour graph. index=mock_index source=mock_... by firstname Explorer in Splunk Search 08-17-2022 0 1	0	1
	How to search for failed login then success with sourcetype="o365:management:activity"? Currently using a manual verification of non US logins:sourcetype="o365:management:activity"\| iplocation ActorIpAddre... by Nickbshaw Observer in Splunk Search 08-17-2022 0 1	0	1
	How to check the universal forwarder's metrics.log to get instantaneous_kbps and average_kbps? From Documentation: To verify how often the forwarder is hitting this limit, check the forwarder's metrics.log. (Loo... by kteng2024 Path Finder in Splunk Search 08-17-2022 0 3	0	3
	How to calculate previous week results? Hi community, I have to calculate previous week result, based on that, I calculate Percent difference with this weeks... by wanda619 Path Finder in Splunk Search 08-17-2022 0 5	0	5
	Using a lookup to filter sourcetype Hi all,I have a lookup instance_list, which I'm trying to use to filter my flow logs to only show the logs with the s... by Mattjj Explorer in Splunk Search 08-17-2022 0 2	0	2
	Why are Splunk Fields showing 200%? Hi, i am doing a search and noticing that i am getting 200% on the fields i troubleshooted and used this line at the ... by HarperWCurran Engager in Splunk Search 08-17-2022 0 2	0	2
	How do you visualize 'zero' value in an area? Hello, I'm a Korean beginner, Splunkerindex=my sourcetype=my2 sernder_ip=my3 \| table _time \| stats count by _time \| s... by hyeongn Engager in Splunk Search 08-17-2022 0 2	0	2
	How to sort by a certain pattern of number occurring in a text? Hi, This is my first time starting a discussion. Please pardon my mistakes. So I am trying to perform a search where ... by Siva04 Engager in Splunk Search 08-17-2022 0 5	0	5
	How can we find dns long sessions? Hi,Can someone please help me with a query to find Long DNS sessions? by Woodpecker Path Finder in Splunk Search 08-16-2022 0 1	0	1
	What is accelerate_search vs search in _audit index? Hello, When I ran index=_audit NOT user="splunk-system-user" \|stats count by action I find that accelerat... by phamxuantung Communicator in Splunk Search 08-16-2022 0 1	0	1
	How to show count & percentage of the total count in a chart command? Dear splunk community: So i am using the following chart command: <base search> \| chart count by url_path, http_statu... by djoobbani Path Finder in Splunk Search 08-16-2022 0 3	0	3
	How do I Display a graph with search? My search looks similar to the one below: index=mock_index source=mock_source.log param1 param2 param3 \| rex field=_r... by firstname Explorer in Splunk Search 08-16-2022 0 1	0	1
	How to split the result of max_match? The values I need are located in the field "msg". Each msg contains 3 records. I run this query and get the result as... by haiweichen Explorer in Splunk Search 08-16-2022 0 2	0	2
	Why is special characters changed to HTML name? The special characters of the result of my question is converted to HTML Name and output like " and &lt.What are... by staymini Explorer in Splunk Search 08-16-2022 0 3	0	3
	How to get the time elapsed between these two fields? Guys, can you help me ? I need to know the elapsed time between this two fields: CREATED_TS: 20220816182818.215CURREN... by Clecimar Explorer in Splunk Search 08-16-2022 0 1	0	1
	REST API Leverage Existing Field Extractions Hi,I've run into an issue while working with the Splunk Rest API, specifically when trying to leverage extracted fiel... by kalebh New Member in Splunk Search 08-16-2022 0 0	0	0
	How to build a query to audit file access on specific files? New to Splunk. Have been tasked with finding a query to audit access to specific files. Any ideas? by kymenope Explorer in Splunk Search 08-16-2022 0 1	0	1
	How to calculate percentage and percent difference? Hi community, I am stuck on a problem where i have to calculate percentage and Percent Difference. I have 3 column... by wanda619 Path Finder in Splunk Search 08-16-2022 0 4	0	4
	REX - How can these two REX commands be merged? I have two REX strings that work independently... ^\S+\s(?<microService>\S+).* [supplied by previous SPLUNK answer] .... by Mick_OBrien Path Finder in Splunk Search 08-16-2022 0 5	0	5