Splunk Search

Community Activity

How do you parse two time formats in Splunk? The first time format is Fri Dec 21 11:17:30 2018 the other one is 2018-12-21T11:17:31.051061 I was wondering how... by bobojesus Engager in Splunk Search 12-23-2024 0 14	0	14
How to find empty indexes in Splunk Cloud? I'm trying to create an alert that looks through a given list of indexes and triggers an alert for each index showing... by StephenD1 Path Finder in Splunk Search 12-23-2024 0 8	0	8
Time comparison different results in search and dashboar Dear expertsWhy is the following line \| where my_time>=relative_time(now(),"-1d@d") AND my_time<=relative_time(now(),... by Ste Path Finder in Splunk Search 12-23-2024 0 6	0	6
How to compare events from two sourcetypes in the same index without using join I am trying to track file transfers from one location to another. Flow: Files are copied to File copy location -> Tar... by t_splunk_d Path Finder in Splunk Search 12-22-2024 0 4	0	4
How to generate a regular expression on a URL to capture a resource path and end on a optional parameter? Hi all, I am looking for some help for the following use case. I have a series of endpoints represented by full URL... by bcatwork Path Finder in Splunk Search 12-22-2024 0 6	0	6
How to write a search to find if a field contains a valid IPv4 or IPv6 address? Hi all, as a splunk newbie I'm not sure what direction to go with the following. Basically I have two Interesting fi... by hcastell Path Finder in Splunk Search 12-22-2024 0 5	0	5
How to extract ip address using regex? index="testd" \| rex field=_raw "Remote host:(?.*):" \|dedup Remotehost \|stats count by Remotehost My events: Remote... by karthi2809 Builder in Splunk Search 12-22-2024 0 4	0	4
Upgrade to 5.x, some of my existing searches are taking longer to return results. Not as many scheduled searches are running on time. Could fetch_remote_search_log setting be a factor? After upgrading to 5.x, I noticed that some of my searches are taking a longer time to return results than prior. Sea... by Ellen Splunk Employee in Splunk Search 12-22-2024 1 2	1	2
How to send hard coded message as an email from Splunk Hi Everyone,I need to send a hard coded message to the users just before every daylight savings of the year saying "D... by devsru Explorer in Splunk Search 12-21-2024 0 5	0	5
Concatenating values from one field How can we concatenate values from one field and put it in a new variable with commas.e.g If I run a search , I get n... by Sailesh6891 Engager in Splunk Search 12-20-2024 0 6	0	6
eval in stats with max Hi at all,I have a data structure like the following: title1 title2 title3 title4 value and I need to group by titl... by gcusello SplunkTrust in Splunk Search 12-20-2024 0 11	0	11
Account locked there is a user lets say ABC and I want to check why his AD account is locked . by SN1 Path Finder in Splunk Search 12-20-2024 0 6	0	6
timechart count and stats count are not matching I am using same index for both stats disctinctcount and timechart distinctcount. But the results from timechart is al... by anooshac Communicator in Splunk Search 12-20-2024 0 1	0	1
How to get time from two different sourcetypes I am trying to track file transfers from one location to another. Flow: Files are copied to File copy location -> Tar... by t_splunk_d Path Finder in Splunk Search 12-19-2024 0 8	0	8
get the values in each line Hi i have a below query where I'm calculating the total prod server count in first dataset and in second dataset I'm ... by secure Path Finder in Splunk Search 12-19-2024 0 1	0	1
Need help on Regex for a field Hello, I am just trying to do a regex to split a single field into two new fields.The original field is:alert.alias ... by tdavison76 Path Finder in Splunk Search 12-19-2024 0 4	0	4
Splunk table query I've piped a Splunk log query extract into a table showing disconnected and connected log entries sorted by time.NB r... by CCP_tech Loves-to-Learn Lots in Splunk Search 12-18-2024 0 8	0	8
Combine two table searches into 1 to compare the results, but one has an inputlookup for inventory and the other is sear I currently have 2 different tables where the first one shows the number of firewalls each location has (WorkDay_Loca... by brglaze New Member in Splunk Search 12-18-2024 0 1	0	1
want to add extra details to the number display Would anyone be able to help me on one more thing please !!! I have a Number display dashboard which represent the BG... by Ashish0405 Path Finder in Splunk Search 12-18-2024 0 6	0	6
Regex matching in a Splunk search query that involves a lookup table I have created a lookup table in Splunk that contains a column with various regex patterns intended to match file pat... by frankeke Loves-to-Learn in Splunk Search 12-17-2024 0 5	0	5
Want to ignore some fields Hi Team, In below query I don't want to show up the result as "Up" in state_to field, I just want to see data with d... by Ashish0405 Path Finder in Splunk Search 12-17-2024 0 10	0	10
Intermittent log data ingestion with Packetbeat JSON file Hello, I am experiencing intermittent log ingestion issues on some servers and have observed potential queue saturati... by s_s Observer in Splunk Search 12-17-2024 0 1	0	1
How to replace Join to search large data sets I've been working on a search that I finally managed to get working that would look for events generated by a provi... by dtaylor Path Finder in Splunk Search 12-17-2024 0 2	0	2
How to search and monitor Splunk user logins that are using LDAP based authentication? I have been going through several answers about how to get and track user logons and logoffs. Tried many of the searc... by anoopambli Communicator in Splunk Search 12-17-2024 1 12	1	12
data and lookup field problem Hi All i have a csv look up with below data Event_Code AUB01 AUB36 BUA12 i want to match it with a dataset which has ... by secure Path Finder in Splunk Search 12-17-2024 0 2	0	2