Splunk Search

Community Activity

How to Sort JSON Data by field value? I have a base query which yield the field result, result can be either "Pass" or "Fail"Sample query result is attache... by nkavouris Path Finder in Splunk Search 01-25-2025 0 1	0	1
isnum() vs. NaN Has anyone run into the interesting effect that isnum() thinks that "NaN" is a number? So isnum("NaN") is true "NaN" ... by bochmann Path Finder in Splunk Search 01-24-2025 0 7	0	7
Count # of sensors by host and dashboard Calculating metrics. I need to count the number of sensors that are created and monitored for each host. I have the i... by ksheikh786 Loves-to-Learn Lots in Splunk Search 01-24-2025 0 9	0	9
How to check MQ reconnects after a connection is dropped Hi All,I am rather hoping someone can assist me in creating a search that can be used for an alert to detect when a c... by bennch68 Engager in Splunk Search 01-24-2025 0 2	0	2
Lookup Table Modifying _time and timepicker ignoring Hi, Struggling trying to figure out what I'm doing wrong. I have the following SPL\| inputlookup append=t kvstore \| ev... by chrisboy68 Contributor in Splunk Search 01-24-2025 0 5	0	5
How to display zero for latest(values) The following is my query.index="xyz" host="*" \|fields host,messagevalue\| search "total payment count :"\|eval messag... by varsh_6_8_6 Explorer in Splunk Search 01-24-2025 0 4	0	4
How to get multiple values of earliest and latest in one search? Hi Splunkers, This is my first post as I am new to using splunk, but my issue arising when I am trying to pull specif... by CrossWordKnower Explorer in Splunk Search 01-23-2025 0 3	0	3
Regex to extract letters only Hi,Can any one please help in creating regex to extract 12 words(Words with characters/letters only) from beginning o... by poojak2579 Path Finder in Splunk Search 01-23-2025 0 8	0	8
ITSI thresholds: adaptive vs static Hello Splunkers,I was wondering if it's possible to combine adaptive and static thresholds in IT Service Intelligence... by djluke Path Finder in Splunk Search 01-23-2025 1 0	1	0
How to identify the login information from a lookup table users list Hello, I have lookup table which contain fields as below. user shortname email 1 ... by navan1 Explorer in Splunk Search 01-23-2025 0 1	0	1
How to stats count and still have all fields available afterwards? Dear expertsAccording to the documentation after stats, I have only the fields left used during stats. \| tabl... by Ste Path Finder in Splunk Search 01-23-2025 0 9	0	9
How to Create "Impossible Travel" Security Monitoring Use Case with pure SPL I have some reservations about the usefulness of this with so much more usage of IaaS/PaaS/SaaS these days...but sinc... by marycordova SplunkTrust in Splunk Search 01-22-2025 0 7	0	7
Add columns from lookup file Combing through firewall logs. I am extracting source, destination, dest_port. I have a csv lookup file with ports... by ronj_clark Explorer in Splunk Search 01-22-2025 0 2	0	2
multivalue field - missing a week I have a multivalue field called weeksum that contains the following values2024:47 2024:48 2024:49 2024:50 2024:51 2... by omcollia Engager in Splunk Search 01-22-2025 0 7	0	7
Stats command I am trying to get total traffic vs attack traffic splunk query in order to keep it in dashboard panel. We have a fie... by Karthikeya Communicator in Splunk Search 01-22-2025 0 2	0	2
How do I Exclude null/empty fields from a lookup result where I should get a single row back We have a lookup that has all kinds of domain (DNS) information in it with about 60 fields like create date, ASN, na... by donm Engager in Splunk Search 01-22-2025 0 3	0	3
Python 2.7 present and shouldn't be I am getting an integrity check error on /opt/splunk/bin/python2.7 that says present_but_shouldnt_be. I can find the ... by cmuesing Explorer in Splunk Search 01-22-2025 0 8	0	8
Block IP addresses by creating lookup file Hello,We have a field called client_ip which contains different IP addresses and in events different threat messages ... by Karthikeya Communicator in Splunk Search 01-21-2025 0 6	0	6
Logs i want to know in which index is microsoft defender logs getting stored , I know some important fields which are ther... by SN1 Path Finder in Splunk Search 01-21-2025 0 2	0	2
Capture similar strings in the logs Is there any way to search for similar strings dynamically in different logs?I want to group unique error string com... by poojak2579 Path Finder in Splunk Search 01-21-2025 0 13	0	13
return results even when the count of a field value is zero Stupid form editor adds extra CRs.Having trouble getting this search to work as desired. I've tried these 2 methods a... by JyPl4wNYu7GV1uL Explorer in Splunk Search 01-21-2025 0 2	0	2
Need Help with Splunk Alert I need help with below splunk query index=XXX_XXX_XXX \| eval job_status=if( 'MSGTXT' = "ABEND","ko","ok") \| where... by Amit79 Loves-to-Learn Everything in Splunk Search 01-21-2025 0 1	0	1
Limit to first 10 counts Hello community,I am having a problem displaying a graph. I have an index that contains incidents from several monito... by Rajaion Path Finder in Splunk Search 01-21-2025 0 3	0	3
How to Check the times from 2 Events and alert if over 15 mins So I have an Index which contains the following"Starting iteration"on 1 event and "Stopping iteration" on another eve... by LizAndy123 Path Finder in Splunk Search 01-21-2025 0 7	0	7
Use Lookup Table with IP addresses to search in Splunk and find hostnames that match the IPs I have a lookup table with a bunch of IP addresses (ipaddress.csv) and a blank column called hostname. I would like t... by Obsidian_RS400 New Member in Splunk Search 01-21-2025 0 1	0	1