Splunk Search

Community Activity

How to Add multiple field values for the matching value of another field I want to create a query, that would combine all the duration values into one by adding them for each Time Date. The... by Edwin1471 Path Finder in Splunk Search 07-12-2022 0 3	0	3
CISCO ESA - simple search email query (sender, recipient,subject) Hi,I have Splunk 8.1.4 with Splunk Add-on for CISCO ESA 1.5.0. I also have the old app Cisco Secuirty Suite that eve... by corti77 Contributor in Splunk Search 07-12-2022 0 1	0	1
How to display search with multiple lookup? [SOLVED] HelloI have several lookups and I would like to display the details on a date range but I can't really do itI have tr... by brad_ Engager in Splunk Search 07-12-2022 0 4	0	4
How to use (event-)stats and calculations to predict how many unique customers do I have by product group Hi everyone, basically I am trying to count how many unique customers I had in a period and that worked well with d... by nord_nikon Engager in Splunk Search 07-12-2022 0 2	0	2
Is there any reason why syntax highlighting is not working by default for splunk logs? Is there any reason why syntax highlighting is not working by default for splunk logs?. While clicking on the Syntax ... by vjsplunk Loves-to-Learn Everything in Splunk Search 07-11-2022 0 1	0	1
Why were some events removed by Timeliner when they were missing _time? Hi, When I run a search against an index in smart/verbose mode, I am getting the below error with zero results, "Some... by bsanjeeva Explorer in Splunk Search 07-11-2022 0 0	0	0
How to exclude last 2 parts of the URL in Splunk? I have a URL as below 1.aa/bb/cc/dd 2.nbcn/hbd/hvhd/hbxn Need to regular expression to get the below output 1.aa/bb... by bharath999 Observer in Splunk Search 07-11-2022 0 3	0	3
Can Splunk read inside a file and filter based on a word inside? Hi all.I want to create an alert for hosts file modification.Found the build in one here on the forums but I would li... by NizanCohen Explorer in Splunk Search 07-11-2022 0 4	0	4
How to calculate Raw data for API endpoints and count? I don't have a ton of experience with Splunk yet but I've been asked to find API endpoints (which appear to be in our... by mcscjlf Explorer in Splunk Search 07-11-2022 0 3	0	3
How to write timechart output that drops most recent week but keeps in the initial query? I have a query that must search 9 weeks of data, and then applies a filter against a single field (dv_opened_at) look... by tlmayes Contributor in Splunk Search 07-11-2022 0 5	0	5
How to display pool down on two cluster server? index=idx_rdap source="f5" "member" "RO1B4-0JLSM4000S" "/Common/pool_d2i_*gkrgkl" \| rex field=member "\/Common\/(... by elmadi_fares Loves-to-Learn Everything in Splunk Search 07-11-2022 0 3	0	3
How to Pull Unique Records from JSON I have read a lot of different threads and docs but still having trouble pulling what I need out of the below JSON. E... by morgantay96 Path Finder in Splunk Search 07-10-2022 0 9	0	9
Setting up Enterprise Security as a SOC detection- Alert Investigation Hi all, I am currently configuring Splunk Enterprise Security for Alerts. I have a doubt in the implementation of thi... by Yadukrishnan Explorer in Splunk Search 07-09-2022 0 1	0	1
I need a different way to join two searches Hi, I know this is a hot topic and there is answers everywhere, but i couldn't figure out by my self what to do. Sudd... by rodolfotva Engager in Splunk Search 07-09-2022 0 2	0	2
Is there a way to get Sum BytesSent by IP? I need to get the list of the IPs that have generated the most outgoing traffic. When the query is generated I find t... by splunkcol Builder in Splunk Search 07-09-2022 0 2	0	2
How can i find difference b/w each MV Item? How can i find difference b/w each MV Item? So far i was able to do only one difference ... by reverse Contributor in Splunk Search 07-08-2022 1 9	1	9
Help with stats count comma delimited field Hello all, I have an event that looks similar to the following: field_A="US", field_B="true", field_C="AB/CD,XYZ, <>D... by mebra1 Loves-to-Learn in Splunk Search 07-08-2022 0 8	0	8
How to select one of two event fields in stats? Hi, I have two event fields with the same name "timestamp". I just want to display (in stats) the "timestamp" field ... by user33 Path Finder in Splunk Search 07-08-2022 0 2	0	2
Multiline field search: How to print multiple events? In logs there are multiple lines printed like below and I want to print all of them in a table but my search query o... by jimish Explorer in Splunk Search 07-08-2022 0 2	0	2
How to filter out one field events base on other field with two events? Hi All,I have this report My requirement is only show in table those event that do not have the Plugin Name = "TL... by Rithekakan Path Finder in Splunk Search 07-08-2022 0 1	0	1
Can I index into array in my search to pull two specific displayName and result values out and use stats command? Hello folks, I'm trying to write a drill-down search for a correlation search in Enterprise Security, and I'm having ... by meliaolsen Loves-to-Learn Lots in Splunk Search 07-08-2022 0 2	0	2
How do I convert Duration field in sec to day Hr Min Sec? Base query: index=jenkins* teamcenter \|search event_tag=job_event \|search build_url=TC_Active \|where isnotnull(job_... by Abhineet Loves-to-Learn Everything in Splunk Search 07-08-2022 0 7	0	7
How to filler a Field base on other two field? host="SPL-SH-DC" sourcetype="ABCSW"......\| search "Plugin Name" != "TLS Version 1.1 Protocol Deprecated" AND Port != ... by Rithekakan Path Finder in Splunk Search 07-08-2022 0 8	0	8
Make sure Value from one specific event is not in any other events I can't wrap my head around how to do this search. It's like I need an array or variable.Example Data:HostnameStorag... by splunk219783 Path Finder in Splunk Search 07-08-2022 0 8	0	8
How can I use * in eval if statement? \| eval RouteLatency = if (Name="ABC" AND HTTP="https://.net..com*" , bckLatency ,RouteLatency ) by ashidhingra Path Finder in Splunk Search 07-08-2022 0 2	0	2