Splunk Search

Community Activity

How to build a correlation search for direct web traffic without proxy? Hi Splunkers, I'm facing the following task: I have to build a correlation search that check users that go on a web ... by SIEMStudent Path Finder in Splunk Search 04-21-2022 0 1	0	1
How to write a Query to identify Splunk notable rule triggers with change in urgency? Hello, I am trying write a query to identify if any Splunk notable rule triggers with change in Urgency (i.e. from... by Manoj8888 Engager in Splunk Search 04-21-2022 0 1	0	1
Why does Splunk values() return swapped counts? I want to use the values() function because I want to group by fields. If I just use count by I get the correct resul... by Zoblou Engager in Splunk Search 04-21-2022 0 4	0	4
Why am I receiving this Error while using the \|rest in the splunk rest API? Hi Team, I am trying to run a search and get the searchId, I will use this searchId later to fetch the results. ... by smaran06 Path Finder in Splunk Search 04-20-2022 0 3	0	3
Need Help with Splunk Query- Titles in chart Hi, Can any one please help me with the query currently iam using " \| rename * AS \\|*\\| " but i don't want \ in t... by kc_prane Communicator in Splunk Search 04-20-2022 0 1	0	1
How to Color all my dynamic column to min max scale color? I would like to perform coloring in mindmidmax based on each column value. However, the column is dynamic, it is quit... by PeiYing15 Loves-to-Learn Everything in Splunk Search 04-20-2022 0 0	0	0
Using timechart to get count, why is returning null values as 0? Already using a query with below to get total number: \| timechart span=1d count What can I add to return, show a "0" ... by csquared Engager in Splunk Search 04-20-2022 1 2	1	2
How to connect consumers and providers based on ID between logs and display their server names too? I am hoping you could help me out with this query, as I am quite stuck.I want to be able to retrieve the name of the ... by ana Engager in Splunk Search 04-20-2022 0 2	0	2
How to join the indexes to show the changed information and the status of the PIR? I have 3 indexes that I need to join. One index is the changes that we have in created in our Service Management to... by servus_kkozoriz Engager in Splunk Search 04-20-2022 0 11	0	11
How to extract new field IP with regex? This is a log example: 2022-04-19 11:33:41 Local1.Info 10.0.6.1 Apr 19 12:34:20 FireboxM470_HA2 801002AA8CC3A Firebo... by Madys Engager in Splunk Search 04-20-2022 0 1	0	1
How to extract a field from my raw data using rex? Below is my raw logs. I want to extract "analystVerdict" & its corresponding result from raw logs. can someone please... by alexspunkshell Contributor in Splunk Search 04-20-2022 0 6	0	6
Why is iplocation showing incorrect data ? In my ES App, I have a rule where I noted some discrepancy regarding the source country for the src ip 112.196.162.... by zacksoft_wf Contributor in Splunk Search 04-20-2022 0 3	0	3
Extract the meaningful fields from the logs I want to get an API usage report per user and I am struggling with the Splunk Query for this, can someone please hel... by amitru Engager in Splunk Search 04-20-2022 0 1	0	1
Carrying tokens in another token that are prone to updates Hi All,the topic might sound very mystic but is actually rather straight forward.I have a timechart displaying the cu... by Software-Simian Path Finder in Splunk Search 04-20-2022 0 7	0	7
Eval () not creating a new field for timestamp extraction Hi All,In my raw events, there is a field called "dv_last_login_time" ( already indexed) as shown below that shows t... by neerajs_81 Builder in Splunk Search 04-20-2022 0 3	0	3
Why am I getting No results when when using "stats"? I'm attempting to run a query and I've run into a really weird situation where if I run a query with "head 10 \| field... by Liran Observer in Splunk Search 04-19-2022 0 3	0	3
How to format 86401 seconds as 24:00:01 I am trying to display a duration result to a dashboard and when I try to use the function to convert seconds to HH:M... by SammyDavis Explorer in Splunk Search 04-19-2022 3 13	3	13
Quick SPL help with Windows Logs! Good day all,I come to seek guidance from the experts My team and I have been tasked with creating an alert that wil... by dfurtaw Path Finder in Splunk Search 04-19-2022 0 1	0	1
How to omit consecutive same results and remove it? Hello Splunkers, I have a query where I did a \|stats values(abc) as abc command over time .I got the below results .... by vrmandadi Builder in Splunk Search 04-19-2022 0 13	0	13
How to write Field Extractions from Complex/inconsistence Event Structure Hello, I have events with complex/inconsistence data structure. Need to extract field 2 values under 2 different fiel... by SplunkDash Motivator in Splunk Search 04-19-2022 0 1	0	1
How to get the percentage increase of threshold value and to build a dashboard out of it? To get the percentage increase of threshold value and to build a dashboard out of it to show as red if it is increase... by PavanSeerapu Explorer in Splunk Search 04-19-2022 0 2	0	2
Data model _time field format We are trying to create a data model with a custom _time field. We created the data model, and added a calculated fie... by BernardEAI Communicator in Splunk Search 04-19-2022 0 1	0	1
How to use Transaction command with two extracted join fields? I have two Splunk queries, each of which uses the _rex command to extract the join field. Example: QUERY 1 inde... by jbrenner Path Finder in Splunk Search 04-19-2022 0 3	0	3
How to Monitor Java Application MEM/CPU/DISK usage with splunk? Hi How can I monitor java applications with splunk, I try nmon but it only give whole java process, not specific pid!... by indeed_2000 Motivator in Splunk Search 04-19-2022 0 3	0	3
How to extract key-value pairs from log and visualize them My logs are in the format: My-Application Log: Some-Key= 99, SomeOtherKey= 231, SomeOtherKey2= 1231, Some Different K... by arnavkumarsaxen Explorer in Splunk Search 04-19-2022 0 6	0	6