Splunk Search

Community Activity

Suggestions for Tenable .csv field extraction Within the tenable:sc:vuln sourcetype there is a particular field "PluginText" that has a value for hardware serial n... by Minasdad Path Finder in Splunk Search 07-18-2022 0 3	0	3
How do I modify x-axis values to display date only for each column? Hi, how can I modify x-axis in order to display date only for each column. query \| eval finish_time_epoch = strftim... by Edwin1471 Path Finder in Splunk Search 07-18-2022 0 1	0	1
How to add field from a lookup in an index search and displaying the result Hello, I have a lookup on which we have two columns, one with the computer name and the other with the OS version. Wh... by darphboubou Explorer in Splunk Search 07-18-2022 0 10	0	10
Host field missing in events coming from a particular machine- How do I find host field information? I am not able to find the host field information for the events coming from a particular machine. This is related to... by sambitmahantaes Explorer in Splunk Search 07-18-2022 0 7	0	7
How to concatenate Dynamic multivalue fields to single value fields? Hi all, I have events coming in that have multivalue fields, but not always the same fields are multivalue. I want al... by wealot Explorer in Splunk Search 07-18-2022 0 2	0	2
How to convert at InfluxDB SQL query to a Splunk SPL search? We have a FIG (fluentD/InfluxDB/Grafana) setup in which we want to change the IG part to Splunk. We have several das... by registration9 New Member in Splunk Search 07-17-2022 0 2	0	2
Is there any way to use all returned values under a certain field in a search? Let's say I have a multivalue fieldA and a fieldB. I know you can do something like "\| where field=value" in a search... by cxm0u4e Engager in Splunk Search 07-17-2022 0 2	0	2
Why are Tokens not getting recalculated on changing the form value? Hi team, As per my requirement, on changing a particular form element [Token 1] , a set of other tokens [Token2,Token... by Ashwin3 Engager in Splunk Search 07-17-2022 0 2	0	2
How to try to search for new MFA factors with DUO? I'm trying to find any new MFA factors(DUO) used by any user in the past X days in order to create an alert. As an e... by JR_Akaviri Engager in Splunk Search 07-17-2022 0 1	0	1
How to compare and generate percentage from two lookup fields? file1.csv and file2.csv with a common field of "Tests". Wanting to compare File2 field "Tests" against file1.csv fiel... by Minasdad Path Finder in Splunk Search 07-17-2022 0 2	0	2
How to Extract multiple 10-digit numbers from field2 Hi, Novice splunker here. My search only extracts 1st 10-digit number and my data contains atleast 4 or more 10-digi... by Gzee Engager in Splunk Search 07-17-2022 0 1	0	1
How to calculate time difference from 2022-07-14T09:05:08.21-04:00 format Good Day,I need help to calculate the time difference for field "@timestamp" containing time format 2022-07-14T09:05:... by DPOIRE Path Finder in Splunk Search 07-15-2022 0 16	0	16
How to implement alert that need to consider state of past alert? I need to first issue an alert for overheat temperature 24 hours in advance for the affected locations, for their for... by yshen Communicator in Splunk Search 07-15-2022 1 3	1	3
Why does Xyseries drop duplicates? index=a host="b" source="0_R_S_C_ajf" OWNER=dw\|eval ODate=strptime(ODATE,"%Y%m%d")\|eval ODATE=strftime(ODate,"%Y-%m... by Veeru Path Finder in Splunk Search 07-15-2022 0 6	0	6
How to achieve field extraction to list domain admins from AD logs? I have been trying to extract a field to list domain admins from AD logs. The logs have all the admins starting with ... by ggilmore1 Explorer in Splunk Search 07-14-2022 0 8	0	8
How to transform above result into below table? index="dockerlogs" source="gps-request-processor-dev" OR source="gps-external-processor-dev" OR source="*gps-ar... by csahoo Explorer in Splunk Search 07-14-2022 0 1	0	1
How to achieve conditional eval/searchmatch or subsearch result based on the value of another field? I have a scenario where I am analyzing the format of a given string to determine what the name of the format is (e.g.... by mjones414 Contributor in Splunk Search 07-14-2022 0 3	0	3
How to add new fields to certain events via _meta? Hi Splunkers, I try to get a new internal field "_application" added to certain events. So i added a new field via th... by florianhh Explorer in Splunk Search 07-14-2022 0 3	0	3
Firewall logs going into separate index: Why the error "Searching - No results found. Try expanding the time range"? Hey everyone, I've got all our firewall logs going into separate index. When I perform a search just using the index ... by willspk Engager in Splunk Search 07-14-2022 0 1	0	1
Search Stats with _raw field Hello, In my search I'm trying to get a series of events (transact - which is in the _raw field) counted out by anoth... by mcscjlf Explorer in Splunk Search 07-14-2022 0 1	0	1
How to fix query to prevent Duplication of events when searching multi-value fields in Json using mvzip and mvexpand? Here is a reduced version of my JSON: {<!-- --> records: [ {<!-- --> errors: 4 name: name1 plugin: p1 t... by Marian Explorer in Splunk Search 07-14-2022 0 4	0	4
How to create a table with max and sum values I have a table like the below Category \| Time \| Count of string A \| t-5mins \| 18 A \| t-10mins \| 7 A \| t-15mins \|... by HelloItsMe76 Explorer in Splunk Search 07-14-2022 0 3	0	3
How to have multiple time series charts of multiple days' temperature measurements during the days stacked for 24 hours I want to compare the daily temperature measurements at the same period, but different days by a stacked temperature ... by yshen Communicator in Splunk Search 07-14-2022 0 2	0	2
How I can change color of the graph as per value Hi , I have created one graph for Success and failure result, but not able to change the color, How I can have the re... by Splunk3 Explorer in Splunk Search 07-14-2022 0 1	0	1
Remove segmenters in search (lispy) for Norwegian characters Hi folks. Whenever you do a search in Splunk you can review the lispy in search.log. For example, if I search for my ... by hettervik Builder in Splunk Search 07-14-2022 0 4	0	4