Splunk Search

Community Activity

	How to extract events from logs Hi All, I have number of events with error srtring in event.I need to fetch al the events with error string except... by vineela Path Finder in Splunk Search 04-29-2022 0 1	0	1
	Correlate events from different indexes with different field names & values Hi, how can i correlate events from different indexes when both( field names and values) are different ?For example:... by neerajs_81 Builder in Splunk Search 04-29-2022 0 11	0	11
	Why is my Splunk query not working for certain time range? i have a query to pull out stats and counts based on incoming applictiond and request path it gave me stats when i t... by ram_splunk New Member in Splunk Search 04-28-2022 0 1	0	1
	How to search for an id where its column values does not include a certain value Hi everyone, I am new to SPLUNK and I am trying to search for distinct IDs where its PRODUCT column does not include ... by amanda_dg Engager in Splunk Search 04-28-2022 0 9	0	9
	How retrieve value of second matching word? In a log if there are two similar words with different value , how to retrieve value of second word using regex ? Exa... by Aks_PC_20 Engager in Splunk Search 04-28-2022 0 7	0	7
	How can I optimize my search to run faster? Hello Splunkers While running the attached query, results are populating very slow. From that query i want to achieve... by uagraw01 Motivator in Splunk Search 04-28-2022 0 5	0	5
	How to display only the result corresponding to the current time? hello From the search below, I need to display only the result corresponding to the current time It means that if it'... by jip31 Motivator in Splunk Search 04-28-2022 0 2	0	2
	How to search multiple values using wildcard in a field? I am producing some stats in splunk but I want to extract data for about 10 uri_method instead of 100s currently disp... by nbhat Explorer in Splunk Search 04-28-2022 0 4	0	4
	Bad passwords logged in the DC Netlogon logs: Bad passwords logged in the DC Netlogon logs:for a specific account name: index=cim sourcetype=netlogon host=dc "0... by Bis Loves-to-Learn Lots in Splunk Search 04-28-2022 0 0	0	0
	How to find time between similar events? Hello, We are looking to create a search that will return when two similar events occur within 1 second of each other... by dl-it-serveradm Engager in Splunk Search 04-28-2022 0 3	0	3
	Error auto-canceled search Dear professional,I want to get the log size of each service in an index.This is my search stringindex="hcg_oapi_prod... by lamnguyentt1 Explorer in Splunk Search 04-28-2022 0 1	0	1
	Search for multiple apperances of a pattern in a field Hi, is there a way to search for more than one appearance of a pattern in a string?For example:Commandcmd.exe c:\wind... by KMoryson Explorer in Splunk Search 04-28-2022 0 4	0	4
	Splunk Query about Port Scanning attack attempts Hi Team,Please help me out in this case.I am searching the Port Scanning attack attempts by the following query.Spoil... by zeeshantayyab Loves-to-Learn in Splunk Search 04-28-2022 0 3	0	3
	How to compare the results of 2 single panel between 2 different dates? Hi I need to compare the results of 2 single panel between 2 different dates The first single panel concerns the resu... by jip31 Motivator in Splunk Search 04-27-2022 0 7	0	7
	Where can I start a new Splunk Search Can you please point me to the start up screen , where I can start a new search. by gilbert3 Engager in Splunk Search 04-27-2022 0 1	0	1
	Why does tstats returns events by sourcetype, but search doesn't? I have been using tstats to get event counts by day per sourcetype, but when I search for events in some of the ident... by jeremyhagand61 Communicator in Splunk Search 04-27-2022 0 3	0	3
	How to get details of Windows servers which are not activated or failed to activate Windows via KMS server? How to get details of Windows servers which are not activated or failed to activate Windows via KMS server? I would... by afraanajam Loves-to-Learn Everything in Splunk Search 04-27-2022 0 0	0	0
	Use alternate field for time and filtering I am stuck. Have tried all of the options I have found. Most come close, but cannot make it work. I collect data f... by tlmayes Contributor in Splunk Search 04-27-2022 0 4	0	4
	How to Parse response string value? I have a log I am am trying to parse one of the responses Field Value Test Response Response Test Testing_Response Fo... by pmjoen Explorer in Splunk Search 04-27-2022 0 6	0	6
	How to get each where statement just to run the EVAL command that is right under the where statement? I have code \| eval m=case(minute>0 AND minute<15,15,minute>14 AND minute<30,15,minute>29 AND minute<45,30,minute>44,4... by pjon8allstate New Member in Splunk Search 04-27-2022 0 1	0	1
	Filtering on combination of 2 values Hi Splunk Community,I am currently working with a search but I am trying to filter certain events out. I am trying to... by jpfrancetic Path Finder in Splunk Search 04-27-2022 0 3	0	3
	How do I found max value of rex field? I have a splunk event as follow:request-id=123 STOP method TYPE=ABC, ID=[678] --- TIME_TAKEN=1281msI have lot of eve... by user9025 Path Finder in Splunk Search 04-27-2022 0 1	0	1
	Using search result as object of another search in same query I am learning Splunk (early stages). I have been playing around with this search for the past 2 hours with little suc... by kryshael Loves-to-Learn in Splunk Search 04-27-2022 0 1	0	1
	How to make table in Splunk Please provide different examples so that its very easy for us to understand.explaining the example with eval command... by logloganathan Motivator in Splunk Search 04-27-2022 0 5	0	5
	Could someone help me on a transpose header field hi I transpose header field time like this \| eval time=strftime(_time,"%H:%M") \| sort time \| fields - _time _span... by jip31 Motivator in Splunk Search 04-27-2022 0 4	0	4