Splunk Search

Community Activity

How to send Windows log to Splunk? new splunk useri installed my splunk on my windows machine and i want to receive logs and how to find a logon event?i... by rockzers Path Finder in Splunk Search 08-14-2022 0 9	0	9
How to join two search using condition if ,case, or where? Hi there, I am new to splunk and struggling to join two searches based on conditions .eg. left join with field 1 fr... by Cs80 Loves-to-Learn Lots in Splunk Search 08-13-2022 0 4	0	4
Why are similar rows not grouping together? For some reason there are entries that are not grouped together, but obviously look like they should be. In the follo... by scaparelli Explorer in Splunk Search 08-13-2022 1 2	1	2
How to write a Field Extraction using PROPS Configuration File for Nested JSON Events? Hello, I have done field extraction for the nested JSON event using props.conf file. Everything is working as expect... by SplunkDash Motivator in Splunk Search 08-12-2022 0 3	0	3
How to sum up multiple fields without using foreach? I am using the below search query which contains multiple fields. All the fields (DATA_MB, INDEX_MB, DB2_INDEX_MB, et... by akarivaratharaj Communicator in Splunk Search 08-12-2022 0 14	0	14
How to create a query as below, but I would like to get the latest data for a field within span? Latest data within a time span. I have a query as below, but I would like to get the latest data for a field within s... by vgiri8 Path Finder in Splunk Search 08-12-2022 0 14	0	14
How to create new field? how can solve this ::: (Create a new field called "StartTime" and set the value to seven days ago from today, snapped... by mananzeh New Member in Splunk Search 08-12-2022 0 2	0	2
How to delete logs at the web interface with out using \| delete? Hello, i need to de delete some old logs on my cloud instance because i run out of space is there any way to rem... by NicolásMilans Explorer in Splunk Search 08-12-2022 0 4	0	4
How do I remove Fields "values"? I am new to splunk and still wokring out the kinks however im wondering as to why i have the iplocation of clients an... by HarperWCurran Engager in Splunk Search 08-12-2022 0 2	0	2
which overrides first either time modifier or time range picker? I have created Splunk query with time modifiers "earliest" and "latest" ( for eg. earliest="15/01/2022 8 am" latest="... by jmohan1984 New Member in Splunk Search 08-12-2022 0 1	0	1
What is the average of occurrence of string in the log files? Hi, I have a log file in which I have two things functionality and different repositories which use this functionalit... by tankhanandita Explorer in Splunk Search 08-12-2022 0 2	0	2
How to extract field name containing as table? Hello All, I have data like below. How do I extract the field names like prefix:field1, prefix:field2, prefix:field3... by msg4sunil Path Finder in Splunk Search 08-11-2022 0 9	0	9
How do I extract only endpoints and ignore the ID of API endpoints? Hi, I have a bunch of failure events of different api endpoints. The field is called RequestPath and some examples ar... by labaningombam Explorer in Splunk Search 08-11-2022 0 7	0	7
How to remove Duplicate values in different field? How to remove duplicate values in a different field \|stats count by src dest by alexspunkshell Contributor in Splunk Search 08-11-2022 0 5	0	5
How to exclude NULL lines in query for table results? Hello Team, Trying to exclude NULL fields from results to avoid gaps in table. Currently using this query:<my base... by karlpena Loves-to-Learn in Splunk Search 08-11-2022 0 1	0	1
How to extract the timestamp from a filename at index-time to use as _time? I have searched answers high & low to try and extract the timestamp from my filename at index-time, but I'm still una... by ahartge Path Finder in Splunk Search 08-11-2022 2 18	2	18
Why is sendalert not working with makeresults? Hello! I am trying to use makeresults + eval inside a sendalert parameters, but it doesn't return what i need. Follow... by uchoavaz Explorer in Splunk Search 08-11-2022 0 1	0	1
How to return value from specific key within an object? Dear Community, I am new to Splunk so apologies for the newbie question: Basic Problem I have a field which holds an ... by bmohammadi Explorer in Splunk Search 08-11-2022 0 2	0	2
How to configure splunk HF to route the events which does not include a keyword? Hello Community,We have 2 target groups to route events.(2 indexers, one is ours and other 3rd party)i want to config... by SK_ New Member in Splunk Search 08-11-2022 0 0	0	0
How to compare column from two searches and find the difference between them and print all rows? Hi Thanks for your time. Im using splunk to parse the log. I have two search. the columns i got from A is as below... by hakusama1024 New Member in Splunk Search 08-11-2022 0 7	0	7
How to import mulitple host csv file to fetch data in splunk? I am trying to download vulnerability report for a 1000 hosts. Instead of providing them in the splunk query. I thoug... by shariz New Member in Splunk Search 08-11-2022 0 1	0	1
How to view dashboard subsearches using HiddenSearch? Hi, I am creating a custom view dashboard. In that I'm trying to utilize the same search to extract a single value an... by pravusnex Explorer in Splunk Search 08-11-2022 1 9	1	9
Search for Universal Forwarder getting dropped by the firewall? Hi Splunkers, I am trying to do a search that gives me a list of forwarders that cannot contact the Deployment serv... by max_ruas Explorer in Splunk Search 08-10-2022 0 3	0	3
Is there a way to rename subfields based on a condition? Is there a way to rename subfields based on a condition? Some of our applications log into fields, say message.messag... by OliverG91 Explorer in Splunk Search 08-10-2022 0 2	0	2
Can I make a drill down report on one page? I have 2 searches from two individual log files with Txid in common (could be outerjoin): The first search I get the ... by rilee Explorer in Splunk Search 08-10-2022 0 7	0	7