Splunk Search

Community Activity

timechart count and stats count are not matching I am using same index for both stats disctinctcount and timechart distinctcount. But the results from timechart is al... by anooshac Communicator in Splunk Search 12-20-2024 0 1	0	1
How to get time from two different sourcetypes I am trying to track file transfers from one location to another. Flow: Files are copied to File copy location -> Tar... by t_splunk_d Path Finder in Splunk Search 12-19-2024 0 8	0	8
get the values in each line Hi i have a below query where I'm calculating the total prod server count in first dataset and in second dataset I'm ... by secure Path Finder in Splunk Search 12-19-2024 0 1	0	1
Need help on Regex for a field Hello, I am just trying to do a regex to split a single field into two new fields.The original field is:alert.alias ... by tdavison76 Path Finder in Splunk Search 12-19-2024 0 4	0	4
Splunk table query I've piped a Splunk log query extract into a table showing disconnected and connected log entries sorted by time.NB r... by CCP_tech Loves-to-Learn Lots in Splunk Search 12-18-2024 0 8	0	8
Combine two table searches into 1 to compare the results, but one has an inputlookup for inventory and the other is sear I currently have 2 different tables where the first one shows the number of firewalls each location has (WorkDay_Loca... by brglaze New Member in Splunk Search 12-18-2024 0 1	0	1
want to add extra details to the number display Would anyone be able to help me on one more thing please !!! I have a Number display dashboard which represent the BG... by Ashish0405 Path Finder in Splunk Search 12-18-2024 0 6	0	6
Regex matching in a Splunk search query that involves a lookup table I have created a lookup table in Splunk that contains a column with various regex patterns intended to match file pat... by frankeke Loves-to-Learn in Splunk Search 12-17-2024 0 5	0	5
Want to ignore some fields Hi Team, In below query I don't want to show up the result as "Up" in state_to field, I just want to see data with d... by Ashish0405 Path Finder in Splunk Search 12-17-2024 0 10	0	10
Intermittent log data ingestion with Packetbeat JSON file Hello, I am experiencing intermittent log ingestion issues on some servers and have observed potential queue saturati... by s_s Observer in Splunk Search 12-17-2024 0 1	0	1
How to replace Join to search large data sets I've been working on a search that I finally managed to get working that would look for events generated by a provi... by dtaylor Path Finder in Splunk Search 12-17-2024 0 2	0	2
How to search and monitor Splunk user logins that are using LDAP based authentication? I have been going through several answers about how to get and track user logons and logoffs. Tried many of the searc... by anoopambli Communicator in Splunk Search 12-17-2024 1 12	1	12
data and lookup field problem Hi All i have a csv look up with below data Event_Code AUB01 AUB36 BUA12 i want to match it with a dataset which has ... by secure Path Finder in Splunk Search 12-17-2024 0 2	0	2
Need help in some formatting the result Hi Team,I am Firewall engineer and working on creation of some dashboard.I have created one dashboard whenever our fi... by Ashish0405 Path Finder in Splunk Search 12-16-2024 0 6	0	6
Sum values fields How can I get the total sum of the Duration fields?Regards. by Miguel3393 Path Finder in Splunk Search 12-16-2024 0 8	0	8
Splunk Regex never works when entered second folder HiSo I ran into a very odd and specific issue. I trx to regex-Filter a field, lets call it "parent". The field has th... by Cramery_ New Member in Splunk Search 12-16-2024 0 2	0	2
Alert on table with custom email subject field value I got an alert working "for each result" by using a query that creates the following table:errorType coun... by rmiller3 Engager in Splunk Search 12-16-2024 0 2	0	2
Data Model custom timerange check How to pass earliest and latest values to a data model search? Example if I select a time range picker of last 30 mi... by vn_g Path Finder in Splunk Search 12-16-2024 0 4	0	4
How to detect "now" and turn it into a real date? Dear expertsIn my dashboard I have a time picker providing the token t_time. My searchindex="abc" search_name="def" ... by Ste Path Finder in Splunk Search 12-16-2024 0 6	0	6
how to replace wc-l on a query from splunk I need to replace the command wc-l because I want to saw a dashboard of the total of messages on a source. by chrystianguille New Member in Splunk Search 12-13-2024 0 1	0	1
Identifying compliant logins - including last login time. Working on supplementing a search we are using to implement conditional access policies. The search identifies succes... by DLevine_ Explorer in Splunk Search 12-13-2024 0 5	0	5
RegEx I am trying to regex out eligible with the answer field true, when i do it in the regex builder this works eligible\\... by CPrimoR Observer in Splunk Search 12-13-2024 0 6	0	6
Chart over time by multiple fields Hi there! I want to create a scorecard by Manager and Region counting my Orders over Month. So the chart would look s... by YuliyaVassilyev Explorer in Splunk Search 12-13-2024 0 4	0	4
Proactively stream data to different index after CIM Mapping Hello guys.Hope someone can help us out.I am using the Enterprise and am trying to store the events after CIM mapping... by sshostak New Member in Splunk Search 12-13-2024 0 0	0	0
Can you create/modify a lookup file via REST API? Hi, Is it possible to create/modify a lookup file via Splunk's REST API? I don't see anything that addresses this fun... by a212830 Champion in Splunk Search 12-12-2024 3 40	3	40