Splunk Search

Community Activity

How to try to search for new MFA factors with DUO? I'm trying to find any new MFA factors(DUO) used by any user in the past X days in order to create an alert. As an e... by JR_Akaviri Engager in Splunk Search 07-17-2022 0 1	0	1
How to compare and generate percentage from two lookup fields? file1.csv and file2.csv with a common field of "Tests". Wanting to compare File2 field "Tests" against file1.csv fiel... by Minasdad Path Finder in Splunk Search 07-17-2022 0 2	0	2
How to Extract multiple 10-digit numbers from field2 Hi, Novice splunker here. My search only extracts 1st 10-digit number and my data contains atleast 4 or more 10-digi... by Gzee Engager in Splunk Search 07-17-2022 0 1	0	1
How to calculate time difference from 2022-07-14T09:05:08.21-04:00 format Good Day,I need help to calculate the time difference for field "@timestamp" containing time format 2022-07-14T09:05:... by DPOIRE Path Finder in Splunk Search 07-15-2022 0 16	0	16
How to implement alert that need to consider state of past alert? I need to first issue an alert for overheat temperature 24 hours in advance for the affected locations, for their for... by yshen Communicator in Splunk Search 07-15-2022 1 3	1	3
Why does Xyseries drop duplicates? index=a host="b" source="0_R_S_C_ajf" OWNER=dw\|eval ODate=strptime(ODATE,"%Y%m%d")\|eval ODATE=strftime(ODate,"%Y-%m... by Veeru Path Finder in Splunk Search 07-15-2022 0 6	0	6
How to achieve field extraction to list domain admins from AD logs? I have been trying to extract a field to list domain admins from AD logs. The logs have all the admins starting with ... by ggilmore1 Explorer in Splunk Search 07-14-2022 0 8	0	8
How to transform above result into below table? index="dockerlogs" source="gps-request-processor-dev" OR source="gps-external-processor-dev" OR source="*gps-ar... by csahoo Explorer in Splunk Search 07-14-2022 0 1	0	1
How to achieve conditional eval/searchmatch or subsearch result based on the value of another field? I have a scenario where I am analyzing the format of a given string to determine what the name of the format is (e.g.... by mjones414 Contributor in Splunk Search 07-14-2022 0 3	0	3
How to add new fields to certain events via _meta? Hi Splunkers, I try to get a new internal field "_application" added to certain events. So i added a new field via th... by florianhh Explorer in Splunk Search 07-14-2022 0 3	0	3
Firewall logs going into separate index: Why the error "Searching - No results found. Try expanding the time range"? Hey everyone, I've got all our firewall logs going into separate index. When I perform a search just using the index ... by willspk Engager in Splunk Search 07-14-2022 0 1	0	1
Search Stats with _raw field Hello, In my search I'm trying to get a series of events (transact - which is in the _raw field) counted out by anoth... by mcscjlf Explorer in Splunk Search 07-14-2022 0 1	0	1
How to fix query to prevent Duplication of events when searching multi-value fields in Json using mvzip and mvexpand? Here is a reduced version of my JSON: {<!-- --> records: [ {<!-- --> errors: 4 name: name1 plugin: p1 t... by Marian Explorer in Splunk Search 07-14-2022 0 4	0	4
How to create a table with max and sum values I have a table like the below Category \| Time \| Count of string A \| t-5mins \| 18 A \| t-10mins \| 7 A \| t-15mins \|... by HelloItsMe76 Explorer in Splunk Search 07-14-2022 0 3	0	3
How to have multiple time series charts of multiple days' temperature measurements during the days stacked for 24 hours I want to compare the daily temperature measurements at the same period, but different days by a stacked temperature ... by yshen Communicator in Splunk Search 07-14-2022 0 2	0	2
How I can change color of the graph as per value Hi , I have created one graph for Success and failure result, but not able to change the color, How I can have the re... by Splunk3 Explorer in Splunk Search 07-14-2022 0 1	0	1
Remove segmenters in search (lispy) for Norwegian characters Hi folks. Whenever you do a search in Splunk you can review the lispy in search.log. For example, if I search for my ... by hettervik Builder in Splunk Search 07-14-2022 0 4	0	4
How to create aa chart using xyseries command syntax? Dears, i would like to create chart that contain two different x axis and one y axis using xyseries command but i cou... by Ahmedkhalil Communicator in Splunk Search 07-14-2022 0 3	0	3
How to get values from a Splunk field to particular decimals? Hi Team,I have a field like below :Cost :0.45655345534530.00004354634660.00213456677880.0000000005657I want to get va... by Poojitha Communicator in Splunk Search 07-14-2022 0 4	0	4
How to find comman value from multiple watchlist Hi below is one of the requirementI have multiple lookuptableexample number name lookuptable1 abc ... by akshayinnamuri Loves-to-Learn Lots in Splunk Search 07-14-2022 0 2	0	2
Can't get past subsearch limit I seem to be stuck with the 100 result limit for a subsearch. I've changed maxout= to 10000 in limits.conf (and resta... by msallman Explorer in Splunk Search 07-14-2022 3 5	3	5
Whats the splunk equivalent of SQL IN clause What is the Splunk equivalent of an SQL IN clause. I want to run a query where some field has a value which is presen... by jmc82 Explorer in Splunk Search 07-14-2022 5 14	5	14
Making sense of stats results for 1 source to multiple destination Hi All, I have this simple search that shows logins from same SRC IP to multiple Destination hosts. Can someone pls... by neerajs_81 Builder in Splunk Search 07-14-2022 0 4	0	4
How to find common values between two searches? I have two queries from the same set of index and app names using different search terms from which I am extracting a... by shyam_v New Member in Splunk Search 07-13-2022 0 2	0	2
Any idea about the query optimization with using join or subsearch? Hi, I am trying to get all events with two different kinds of objectname(A or B vs C) but with the same username and ... by mchuli934 Loves-to-Learn Lots in Splunk Search 07-13-2022 0 3	0	3