Splunk Search

Community Activity

	Do we have any Tarrask Malware detection queries for Splunk Enterprise? Do we have any Tarrask Malware detection queries for Splunk Enterprise? by Tomu521 New Member in Splunk Search 04-26-2022 0 3	0	3
	How to Bind 2 events? Hello, I have the following 2 events : 1st event : { [-] dimensionMap: { [-] User type: Real users ... by incognito Explorer in Splunk Search 04-26-2022 0 0	0	0
	How to do regex Extraction on multiple lines? I have been avoiding RegEx for quite sometime in Splunk but I now I really need to deal with it and understand it. I ... by chidiuchegbu Loves-to-Learn Everything in Splunk Search 04-26-2022 0 16	0	16
	How to optimize my SPL? Hello Splunkers, I want to optimize my splunk search. I have attached the screenshot of my search. From the raw data ... by uagraw01 Motivator in Splunk Search 04-26-2022 0 11	0	11
	How do you transform table values like this? Is there a way or command to make the table results something like on the expected output.current data: hostnameipdat... by splunkelz Engager in Splunk Search 04-26-2022 0 3	0	3
	How to bring the deepest data in multiple subsearch Hi Splunk experts!!Please tell me about how to bring the deepest data in multiple subsearches. Of course, if there is... by tehong Explorer in Splunk Search 04-25-2022 0 2	0	2
	How to convert time string to timestamp in 24 hour format? Hi Suppose the time zone is in string format like 100403, need to convert this in 24 hour format. Output should be li... by ashu1702 New Member in Splunk Search 04-25-2022 0 3	0	3
	How to get pattern recognition in Splunk Hi, I want to get my event patterns to be recognized automatically. The pattern is not uniform but Splunk should ide... by MousumiChowdhur Contributor in Splunk Search 04-25-2022 0 8	0	8
	How do I extract a multivalued field from a windows event I don't know why I'm finding it so hard, but I want to put the accessess from Windows Event 5145 into a multivalued f... by MonkeyK Builder in Splunk Search 04-25-2022 0 2	0	2
	How to use outlier command? In Splunk documentation for the outlier command, it say: " The transform option truncates the outlying values to the ... by jeelong Explorer in Splunk Search 04-25-2022 0 5	0	5
	Conditionally Omit Bin from Chart Hi, I’m trying to make a stacked bar chart visualization where my y axis is milliseconds, my x axis is a task ID, and... by rpecka Explorer in Splunk Search 04-25-2022 0 1	0	1
	Why is my Lookup search not returning results correctly? Hello all, I am having trouble with a search that is not returning results as it should. The search is below and I h... by tkerr1357 Path Finder in Splunk Search 04-25-2022 0 9	0	9
	How to get the difference between 2 date fields? Hi All thank you all so much for helping me. this is a great forum to learn. I have 2 date fields and I'd like to get... by ajdyer2000 Path Finder in Splunk Search 04-25-2022 0 3	0	3
	How to customize length of value with an added prefix? Hello Community, I would like to add trailing zeros in front of a value, but only display 5 characters for the value.... by nolejj Explorer in Splunk Search 04-25-2022 0 2	0	2
	How to send splunk alert msg to WebEx chat to individual person? Hi team, I have a query related to splunk alert msg send to WebEx chat to individual person. If there is any process,... by Anud Path Finder in Splunk Search 04-25-2022 0 5	0	5
	How to subtract dates from two iso 8601 date fields in order to find the duration? Hey, I am working on making a dashboard and wanted to know how can I subtract two dates that are in iso 8601 format. ... by aahmad Loves-to-Learn Everything in Splunk Search 04-25-2022 0 3	0	3
	How to get the new errors that don't appear yesterday? Hi everyone! We want to get the new errors that don't appear yesterday. For example, if an action named A. Its yester... by Jackiifilwhh Path Finder in Splunk Search 04-25-2022 0 5	0	5
	Why Splunk filter data NOT IN subquery? index=xt DONT_MATCH \| spath input=log path=message.extra.dj output=dj \| spath input=log output=fname path=message.msg... by marcosjags Explorer in Splunk Search 04-25-2022 0 14	0	14
	How can I search abnormal user behaviour? Background informationIn our system, every visit consists of one or more actions. Every action has its own name and i... by Jackiifilwhh Path Finder in Splunk Search 04-25-2022 0 9	0	9
	Why query with wildcard works, but not with actual value? If I query with a wildcard, I get the expected result, but if I query with the actual field value, I get no results. ... by thomasmuellergr Engager in Splunk Search 04-25-2022 0 4	0	4
	How to achieve stats count by field showing fields with zero? Let's suppose I have the following search: \| makeresults \| eval name="Denis", age=34 \| append [\| makeresults ... by denissotoacc Path Finder in Splunk Search 04-25-2022 0 3	0	3
	How to find the time difference between the event and the current time? I have " threatInfo.updatedAt" information in my logs. I want to get an alert if the time difference between "threatI... by alexspunkshell Contributor in Splunk Search 04-25-2022 0 3	0	3
	How to change timechart axis? Hello dears, How can i change timechart _time axis y to x ? <base search> \| timechart span=1h sum(REQUESTNAME) as Si... by corehan Explorer in Splunk Search 04-25-2022 0 6	0	6
	Regarding eval operations on the fields having special characters I wanted to add this chaining command with my search and display total of the values under fields(columns) "a-b-1" a... by sudhir_norway Engager in Splunk Search 04-25-2022 0 5	0	5
	How to extract data at specific position from url? Hello Everyone, I am new to splunk. I am searching the logs and I am getting my url like this /api/sns/exts/djs/3102... by marcosjags Explorer in Splunk Search 04-25-2022 0 6	0	6