Splunk Search

Community Activity

search with sub search doesnt get the correct defined time range Hey, lately i was working on an SPL and wondered why this aint working. This is simplified index IN(anonymized_inde... by splunkinator53 Explorer in Splunk Search 01-20-2025 0 4	0	4
Howto escape double quote in regex when using rex I have the following regex that I (currently) use at search time (it will be a field extraction once I get it ironed ... by jmartens Path Finder in Splunk Search 01-20-2025 0 3	0	3
Loop through splunk search for multiple values I want to get the below search executed and display the results in a table for all comma separated values that gets p... by anmohan0 Explorer in Splunk Search 01-19-2025 0 3	0	3
Using Machine Learning Toolkit to detect auth abuse Hello,I’m trying to tune Machine Learning Toolkit in order to detect authentication abuse on a web portal (based upon... by patpro Path Finder in Splunk Search 01-19-2025 0 0	0	0
How can we show events prior to the one that matches the criteria? We have a case where we can search and find events that match the search criteria. The client would like to see the e... by danielbb Motivator in Splunk Search 01-19-2025 0 3	0	3
How to refresh multiselect options with Javascript (re-execute the mutliselect search) We have a custom dashboard in Splunk that has a few filters, one of which is a multiselect. This dashboard allows use... by Afterimage Engager in Splunk Search 01-17-2025 0 3	0	3
Search using IF statement Hi All, Could you please help me with " if "query to search a condition is true then need to display some values f... by tech_soul New Member in Splunk Search 01-16-2025 0 4	0	4
List of the indexes that do not have attached a self-storage Hi,I'm trying to get a query for a table containing all the indexes that do not have a self storage attached, but I c... by esteban593 Explorer in Splunk Search 01-16-2025 0 4	0	4
Use Case for Privileged Users, SPL Question I'm trying to create a search in which the following should be done: - look for a user creation process (ID 4720) - ... by avoelk Communicator in Splunk Search 01-16-2025 0 3	0	3
Why does tstats command alter time stamps when I run it by _time? I am wondering why tstats command alters time stamps when I run it by _time. \| tstats values(text_len) as text_len v... by LIS Path Finder in Splunk Search 01-16-2025 0 8	0	8
Monitoring email status Hi everyone!My goal is to create an alert to monitor in ALL saved search if there's any email that no longer exist (m... by nonno_pinto Explorer in Splunk Search 01-16-2025 0 1	0	1
Make table column header indicate the sort order of data in underlying search results? I want the sort indicators (up/down arrowheads) in table visualization column headings to reflect the default sort or... by Graham_Hanningt Builder in Splunk Search 01-16-2025 0 7	0	7
Decode base64 into any charset Is there a command or app that will decode base64 and detect the correct charset to output to?Currently, I'm currentl... by antoniolamonica SplunkTrust in Splunk Search 01-15-2025 0 1	0	1
how to search in array inside a foreach loop This is an example of the structure of my data and the query I am currently using. I have tried around 10 different s... by mrsampson Explorer in Splunk Search 01-15-2025 0 11	0	11
How would I build a table of all metrics and their dimensions in splunk My splunk server is receiving metrics from collectd. I want to build a table showing the metrics, dimensions, and ... by charliesfx Explorer in Splunk Search 01-15-2025 5 8	5	8
Splunk Cloud: How to Collect Data in JSON Format from Splunk Cloud? Hello everyone,I'm trying to collect data in JSON format from Splunk Cloud, and I understand that one of the options ... by franraf180 Engager in Splunk Search 01-15-2025 0 1	0	1
Help with conditional event count. Hi, I have json data structured as follows: { "payload": { "status": "ok", # or "degraded" } } I'm trying t... by AFKunc Explorer in Splunk Search 01-15-2025 0 6	0	6
How to write a search to get the week number of the month from the given _time? We need to extract the week number of the month for matching the SLA. Have SLA such as 2nd or 4th week of a month. So... by prachisaxena Explorer in Splunk Search 01-14-2025 0 6	0	6
How to join multiple condition In my logs I am getting 4 events for 1 id. 1)Updating DB record with displayId=ABC0000000; type=TRANSFER2)Updating DB... by Swati Engager in Splunk Search 01-14-2025 0 15	0	15
How to use conditional search Hi All,I have a main search where name1 filed will have multiple valuesI need to run sub search based on the value of... by nelaturivijay Observer in Splunk Search 01-14-2025 0 3	0	3
mvmap command after migrate from 9.0.5 to 9.3.1 Mvmap has different results on different versionsleft screen is 9.3.1 version right is 9.0.5 if field will have more ... by pavellr Loves-to-Learn in Splunk Search 01-13-2025 0 4	0	4
Apply a trendline to a chart of Unique User Sessions span 30 I've got to be close. But having issues trying to figure out how to get a distinct count of user sessions to show up ... by JeffV Explorer in Splunk Search 01-13-2025 0 4	0	4
AWS Config data in Splunk I am trying to query AWS config data in Splunk to identify the names of all S3 buckets in AWS. Is there a way to writ... by amitshrigoel Explorer in Splunk Search 01-13-2025 0 3	0	3
Two syslogs usually together but need to report when only one is seen I have two log messages "%ROUTING-LDP-5-NSR_SYNC_START" and "%ROUTING-LDP-5-NBR_CHANGE" which usually accompany each ... by rish_raw New Member in Splunk Search 01-11-2025 0 2	0	2
Correlating values in different index Hi,I have two indexes - "cart" and "purchased" . In "cart" index there is a field "cart_id" and in "purchased" there ... by Souradip11 Explorer in Splunk Search 01-11-2025 0 2	0	2