Splunk Search

Community Activity

How to capture multiple lines in rex HI all, I am trying to capture multiple lines between two strings in my log data. But so far have not been able to fi... by sid1808 Loves-to-Learn in Splunk Search 04-21-2022 0 3	0	3
How to merge two Splunk queries ? Hi All, I need help with Splunk Query for below scenario: Query 1:index =abc \| table src, dest_name, severity, actio... by nilbak88 Explorer in Splunk Search 04-21-2022 0 4	0	4
Enterprise Search: Can we delete or clone correlation searches in the Content Management section? Under the Content Management section, we only see the Enable and Disable options for the correlation searches. Is the... by danielbb Motivator in Splunk Search 04-21-2022 0 3	0	3
After installing license and restart , splunk is still reflecting the trial license of 500MB Hello Experts, I have splink enterprise up with trial version installed. The license group was trail license grou;p,... by divyaa New Member in Splunk Search 04-21-2022 0 2	0	2
How to write search with CASE and MATCH function? Hi peeps, I need help to fine tune this query; index=network sourcetype=ping\| eval pingsuccess=case(match(ping_statu... by syazwani Path Finder in Splunk Search 04-21-2022 0 3	0	3
Why does search with subsearch fail if earliest and latest is used? The following search does not produce any results: index=* earliest="04/19/2022:15:00:00" latest="04/19/2022:17:00:00... by FritzWittwer Path Finder in Splunk Search 04-21-2022 0 6	0	6
How to build a correlation search for direct web traffic without proxy? Hi Splunkers, I'm facing the following task: I have to build a correlation search that check users that go on a web ... by SIEMStudent Path Finder in Splunk Search 04-21-2022 0 1	0	1
How to write a Query to identify Splunk notable rule triggers with change in urgency? Hello, I am trying write a query to identify if any Splunk notable rule triggers with change in Urgency (i.e. from... by Manoj8888 Engager in Splunk Search 04-21-2022 0 1	0	1
Why does Splunk values() return swapped counts? I want to use the values() function because I want to group by fields. If I just use count by I get the correct resul... by Zoblou Engager in Splunk Search 04-21-2022 0 4	0	4
Why am I receiving this Error while using the \|rest in the splunk rest API? Hi Team, I am trying to run a search and get the searchId, I will use this searchId later to fetch the results. ... by smaran06 Path Finder in Splunk Search 04-20-2022 0 3	0	3
Need Help with Splunk Query- Titles in chart Hi, Can any one please help me with the query currently iam using " \| rename * AS \\|*\\| " but i don't want \ in t... by kc_prane Communicator in Splunk Search 04-20-2022 0 1	0	1
How to Color all my dynamic column to min max scale color? I would like to perform coloring in mindmidmax based on each column value. However, the column is dynamic, it is quit... by PeiYing15 Loves-to-Learn Everything in Splunk Search 04-20-2022 0 0	0	0
Using timechart to get count, why is returning null values as 0? Already using a query with below to get total number: \| timechart span=1d count What can I add to return, show a "0" ... by csquared Engager in Splunk Search 04-20-2022 1 2	1	2
How to connect consumers and providers based on ID between logs and display their server names too? I am hoping you could help me out with this query, as I am quite stuck.I want to be able to retrieve the name of the ... by ana Engager in Splunk Search 04-20-2022 0 2	0	2
How to join the indexes to show the changed information and the status of the PIR? I have 3 indexes that I need to join. One index is the changes that we have in created in our Service Management to... by servus_kkozoriz Engager in Splunk Search 04-20-2022 0 11	0	11
How to extract new field IP with regex? This is a log example: 2022-04-19 11:33:41 Local1.Info 10.0.6.1 Apr 19 12:34:20 FireboxM470_HA2 801002AA8CC3A Firebo... by Madys Engager in Splunk Search 04-20-2022 0 1	0	1
How to extract a field from my raw data using rex? Below is my raw logs. I want to extract "analystVerdict" & its corresponding result from raw logs. can someone please... by alexspunkshell Contributor in Splunk Search 04-20-2022 0 6	0	6
Why is iplocation showing incorrect data ? In my ES App, I have a rule where I noted some discrepancy regarding the source country for the src ip 112.196.162.... by zacksoft_wf Contributor in Splunk Search 04-20-2022 0 3	0	3
Extract the meaningful fields from the logs I want to get an API usage report per user and I am struggling with the Splunk Query for this, can someone please hel... by amitru Engager in Splunk Search 04-20-2022 0 1	0	1
Carrying tokens in another token that are prone to updates Hi All,the topic might sound very mystic but is actually rather straight forward.I have a timechart displaying the cu... by Software-Simian Path Finder in Splunk Search 04-20-2022 0 7	0	7
Eval () not creating a new field for timestamp extraction Hi All,In my raw events, there is a field called "dv_last_login_time" ( already indexed) as shown below that shows t... by neerajs_81 Builder in Splunk Search 04-20-2022 0 3	0	3
Why am I getting No results when when using "stats"? I'm attempting to run a query and I've run into a really weird situation where if I run a query with "head 10 \| field... by Liran Observer in Splunk Search 04-19-2022 0 3	0	3
How to format 86401 seconds as 24:00:01 I am trying to display a duration result to a dashboard and when I try to use the function to convert seconds to HH:M... by SammyDavis Explorer in Splunk Search 04-19-2022 3 13	3	13
Quick SPL help with Windows Logs! Good day all,I come to seek guidance from the experts My team and I have been tasked with creating an alert that wil... by dfurtaw Path Finder in Splunk Search 04-19-2022 0 1	0	1
How to omit consecutive same results and remove it? Hello Splunkers, I have a query where I did a \|stats values(abc) as abc command over time .I got the below results .... by vrmandadi Builder in Splunk Search 04-19-2022 0 13	0	13