Splunk Search

Community Activity

Lookup Table Modifying _time and timepicker ignoring Hi, Struggling trying to figure out what I'm doing wrong. I have the following SPL\| inputlookup append=t kvstore \| ev... by chrisboy68 Contributor in Splunk Search 01-24-2025 0 5	0	5
How to display zero for latest(values) The following is my query.index="xyz" host="*" \|fields host,messagevalue\| search "total payment count :"\|eval messag... by varsh_6_8_6 Explorer in Splunk Search 01-24-2025 0 4	0	4
How to get multiple values of earliest and latest in one search? Hi Splunkers, This is my first post as I am new to using splunk, but my issue arising when I am trying to pull specif... by CrossWordKnower Explorer in Splunk Search 01-23-2025 0 3	0	3
Regex to extract letters only Hi,Can any one please help in creating regex to extract 12 words(Words with characters/letters only) from beginning o... by poojak2579 Path Finder in Splunk Search 01-23-2025 0 8	0	8
ITSI thresholds: adaptive vs static Hello Splunkers,I was wondering if it's possible to combine adaptive and static thresholds in IT Service Intelligence... by djluke Path Finder in Splunk Search 01-23-2025 1 0	1	0
How to identify the login information from a lookup table users list Hello, I have lookup table which contain fields as below. user shortname email 1 ... by navan1 Explorer in Splunk Search 01-23-2025 0 1	0	1
How to stats count and still have all fields available afterwards? Dear expertsAccording to the documentation after stats, I have only the fields left used during stats. \| tabl... by Ste Path Finder in Splunk Search 01-23-2025 0 9	0	9
How to Create "Impossible Travel" Security Monitoring Use Case with pure SPL I have some reservations about the usefulness of this with so much more usage of IaaS/PaaS/SaaS these days...but sinc... by marycordova SplunkTrust in Splunk Search 01-22-2025 0 7	0	7
Add columns from lookup file Combing through firewall logs. I am extracting source, destination, dest_port. I have a csv lookup file with ports... by ronj_clark Explorer in Splunk Search 01-22-2025 0 2	0	2
multivalue field - missing a week I have a multivalue field called weeksum that contains the following values2024:47 2024:48 2024:49 2024:50 2024:51 2... by omcollia Engager in Splunk Search 01-22-2025 0 7	0	7
Stats command I am trying to get total traffic vs attack traffic splunk query in order to keep it in dashboard panel. We have a fie... by Karthikeya Communicator in Splunk Search 01-22-2025 0 2	0	2
How do I Exclude null/empty fields from a lookup result where I should get a single row back We have a lookup that has all kinds of domain (DNS) information in it with about 60 fields like create date, ASN, na... by donm Engager in Splunk Search 01-22-2025 0 3	0	3
Python 2.7 present and shouldn't be I am getting an integrity check error on /opt/splunk/bin/python2.7 that says present_but_shouldnt_be. I can find the ... by cmuesing Explorer in Splunk Search 01-22-2025 0 8	0	8
Block IP addresses by creating lookup file Hello,We have a field called client_ip which contains different IP addresses and in events different threat messages ... by Karthikeya Communicator in Splunk Search 01-21-2025 0 6	0	6
Logs i want to know in which index is microsoft defender logs getting stored , I know some important fields which are ther... by SN1 Path Finder in Splunk Search 01-21-2025 0 2	0	2
Capture similar strings in the logs Is there any way to search for similar strings dynamically in different logs?I want to group unique error string com... by poojak2579 Path Finder in Splunk Search 01-21-2025 0 13	0	13
return results even when the count of a field value is zero Stupid form editor adds extra CRs.Having trouble getting this search to work as desired. I've tried these 2 methods a... by JyPl4wNYu7GV1uL Explorer in Splunk Search 01-21-2025 0 2	0	2
Need Help with Splunk Alert I need help with below splunk query index=XXX_XXX_XXX \| eval job_status=if( 'MSGTXT' = "ABEND","ko","ok") \| where... by Amit79 Loves-to-Learn Everything in Splunk Search 01-21-2025 0 1	0	1
Limit to first 10 counts Hello community,I am having a problem displaying a graph. I have an index that contains incidents from several monito... by Rajaion Path Finder in Splunk Search 01-21-2025 0 3	0	3
How to Check the times from 2 Events and alert if over 15 mins So I have an Index which contains the following"Starting iteration"on 1 event and "Stopping iteration" on another eve... by LizAndy123 Path Finder in Splunk Search 01-21-2025 0 7	0	7
Use Lookup Table with IP addresses to search in Splunk and find hostnames that match the IPs I have a lookup table with a bunch of IP addresses (ipaddress.csv) and a blank column called hostname. I would like t... by Obsidian_RS400 New Member in Splunk Search 01-21-2025 0 1	0	1
Given variable as value of field and not token I have such a search and it works fine but not in Dashboard! index=unis \| search sarch \| eval name = coalesce(C_... by woodman2 Loves-to-Learn Everything in Splunk Search 01-21-2025 0 5	0	5
Splunk searches does not return expected values even though the data is completed Hi, We recently migrated from a standalone Search Head to a clustered one. However, we are having some issue running ... by josephp Loves-to-Learn Everything in Splunk Search 01-21-2025 0 3	0	3
Need stats count per host and process_name Right now a have a table list with fields populated where one process_name is repeating across multiples hosts with s... by deckard1984 Engager in Splunk Search 01-21-2025 0 3	0	3
Logs are showing raw, how do I get them to show as highlighted? When I click on the raw log and back out of it it shows up as highlighted. How do I default the sourcetype/source to ... by bryhoffman Explorer in Splunk Search 01-21-2025 0 4	0	4