Splunk Search

Community Activity

Help on a REX extract - and count So I have an IndexIndex= xxxxxx "Stopping iteration"I have the rex for getting the unique IdEvent Sample : Stopping i... by LizAndy123 Path Finder in Splunk Search 01-27-2025 0 6	0	6
Manual Search and Alert providing different number of events searched/output as result Hi Splunkers! The issue I am having is regarding different results from alerts when some condition is met, compared t... by CrossWordKnower Explorer in Splunk Search 01-27-2025 0 6	0	6
How to search a string Hi Community, please help me how to extract BOLD/underlines value from below string:[2025-01-22 13:33:33,899] INFO Se... by RGullur New Member in Splunk Search 01-26-2025 0 5	0	5
custom aggregation function for stats command Hello,I am building a splunk app , where I want to have my own custom aggregate function for stats command. Below is ... by welcomerrr Observer in Splunk Search 01-26-2025 0 6	0	6
How to get alert result through API? I'm calling the API from BTP IS and want to get the result of an alert that I created from before. My alert name is P... by BrianLam Engager in Splunk Search 01-26-2025 0 3	0	3
Map column from another table to my currently used table Hi all,I have the following issue. I have a table A col1col2AaaBbbCaa And a table BcolAcolBaaFYIbbLOL I need to add t... by Jimenez Explorer in Splunk Search 01-26-2025 0 6	0	6
How to Sort JSON Data by field value? I have a base query which yield the field result, result can be either "Pass" or "Fail"Sample query result is attache... by nkavouris Path Finder in Splunk Search 01-25-2025 0 1	0	1
isnum() vs. NaN Has anyone run into the interesting effect that isnum() thinks that "NaN" is a number? So isnum("NaN") is true "NaN" ... by bochmann Path Finder in Splunk Search 01-24-2025 0 7	0	7
Count # of sensors by host and dashboard Calculating metrics. I need to count the number of sensors that are created and monitored for each host. I have the i... by ksheikh786 Loves-to-Learn Lots in Splunk Search 01-24-2025 0 9	0	9
How to check MQ reconnects after a connection is dropped Hi All,I am rather hoping someone can assist me in creating a search that can be used for an alert to detect when a c... by bennch68 Engager in Splunk Search 01-24-2025 0 2	0	2
Lookup Table Modifying _time and timepicker ignoring Hi, Struggling trying to figure out what I'm doing wrong. I have the following SPL\| inputlookup append=t kvstore \| ev... by chrisboy68 Contributor in Splunk Search 01-24-2025 0 5	0	5
How to display zero for latest(values) The following is my query.index="xyz" host="*" \|fields host,messagevalue\| search "total payment count :"\|eval messag... by varsh_6_8_6 Explorer in Splunk Search 01-24-2025 0 4	0	4
How to get multiple values of earliest and latest in one search? Hi Splunkers, This is my first post as I am new to using splunk, but my issue arising when I am trying to pull specif... by CrossWordKnower Explorer in Splunk Search 01-23-2025 0 3	0	3
Regex to extract letters only Hi,Can any one please help in creating regex to extract 12 words(Words with characters/letters only) from beginning o... by poojak2579 Path Finder in Splunk Search 01-23-2025 0 8	0	8
ITSI thresholds: adaptive vs static Hello Splunkers,I was wondering if it's possible to combine adaptive and static thresholds in IT Service Intelligence... by djluke Path Finder in Splunk Search 01-23-2025 1 0	1	0
How to identify the login information from a lookup table users list Hello, I have lookup table which contain fields as below. user shortname email 1 ... by navan1 Explorer in Splunk Search 01-23-2025 0 1	0	1
How to stats count and still have all fields available afterwards? Dear expertsAccording to the documentation after stats, I have only the fields left used during stats. \| tabl... by Ste Path Finder in Splunk Search 01-23-2025 0 9	0	9
How to Create "Impossible Travel" Security Monitoring Use Case with pure SPL I have some reservations about the usefulness of this with so much more usage of IaaS/PaaS/SaaS these days...but sinc... by marycordova SplunkTrust in Splunk Search 01-22-2025 0 7	0	7
Add columns from lookup file Combing through firewall logs. I am extracting source, destination, dest_port. I have a csv lookup file with ports... by ronj_clark Explorer in Splunk Search 01-22-2025 0 2	0	2
multivalue field - missing a week I have a multivalue field called weeksum that contains the following values2024:47 2024:48 2024:49 2024:50 2024:51 2... by omcollia Engager in Splunk Search 01-22-2025 0 7	0	7
Stats command I am trying to get total traffic vs attack traffic splunk query in order to keep it in dashboard panel. We have a fie... by Karthikeya Communicator in Splunk Search 01-22-2025 0 2	0	2
How do I Exclude null/empty fields from a lookup result where I should get a single row back We have a lookup that has all kinds of domain (DNS) information in it with about 60 fields like create date, ASN, na... by donm Engager in Splunk Search 01-22-2025 0 3	0	3
Python 2.7 present and shouldn't be I am getting an integrity check error on /opt/splunk/bin/python2.7 that says present_but_shouldnt_be. I can find the ... by cmuesing Explorer in Splunk Search 01-22-2025 0 8	0	8
Block IP addresses by creating lookup file Hello,We have a field called client_ip which contains different IP addresses and in events different threat messages ... by Karthikeya Communicator in Splunk Search 01-21-2025 0 6	0	6
Logs i want to know in which index is microsoft defender logs getting stored , I know some important fields which are ther... by SN1 Path Finder in Splunk Search 01-21-2025 0 2	0	2