Splunk Search

Community Activity

Splunk search error "Indexers error Could not load lookup=LOOKUP-XXXX " I cant find these LOOKUP anywhere I have created a lookup for a threat feed CSV file we are using. After deleting all the Lookup CSV files and removing... by aamer86 Path Finder in Splunk Search 04-09-2022 0 1	0	1
What is wrong with my tstats command? This search works fine but is slow: host=host1 sourcetype="WinEventLog:Security" EventCode=5156 \| timechart span=1d... by wcooper003 Communicator in Splunk Search 04-08-2022 0 7	0	7
How to create cumulative field for duplicated results? I have the following events in splunk: company,name,email,status Acme,John Doe,john.doe@example.com,inactive Comp... by JChris_ Path Finder in Splunk Search 04-08-2022 0 4	0	4
How to view host disk encryption status I need a query to view disk encryption (DAR) of all my hosts, be it Bit Locker, LUKS, etc.index=* host=* \| ???Thank y... by dfiore42 New Member in Splunk Search 04-08-2022 0 1	0	1
Help to convert date using strftime Currently I have a field holding a Julian date. I am trying to convert it using strftime but i'm having issues. Date ... by Marco_Develops Path Finder in Splunk Search 04-08-2022 0 2	0	2
Why is my Search not returning results? Here's the text string from the log I'm searching: store license for Store 1234562022-04-07 19:17:44,360 ERROR path n... by jymmitch Path Finder in Splunk Search 04-08-2022 0 12	0	12
How to search two reports when one report doesn't have a timestamp? Hi Team, There is a two reports one report(1st report) has timestamp other report(2nd report) doesn't have timesta... by Borntowin Loves-to-Learn Everything in Splunk Search 04-08-2022 0 3	0	3
Regex for extracting a xml node from a xml feild Hello Expert,Please help me arrive on a regex to extract a xml node in a xml field.I have a field value like below<Re... by ssekar Engager in Splunk Search 04-08-2022 0 4	0	4
How to set up a search to Retrieve Office 365 audit event property retrieval? I'm trying to set up a search to return Office 365 role change events for specific roles, such as the Global Administ... by JohnMoeVita New Member in Splunk Search 04-08-2022 0 1	0	1
How do I find the time events have been sent in for the last 3 days? How do I find the time events have been sent in for the last 3 days. I want to see the time 53 different events came ... by Fats120 Loves-to-Learn Lots in Splunk Search 04-08-2022 0 10	0	10
Why is Search not working but search for NOT != does work? Hi All, I am doing a very simple search over All Time of: index=index=orafin sourcetype=ORAFIN2 It retur... by KeithH Communicator in Splunk Search 04-07-2022 0 1	0	1
How do you use multiple thresholds from a timechart for a single alert for an arbitrary number of devices? _timedevice1_avgdevice2_avgdevice3_avgdevice4_avg2022-04-07 00:0034311222022-04-07 01:00217641872022-04-07 02:0021832... by michaelsplunk1 Path Finder in Splunk Search 04-07-2022 0 1	0	1
How can I list a single attribute and sort based on its value? Hi,I have documents similar to the one below: request_id: 12345 revision: 123 other_field: stuff my_preciou... by aj_54321 Explorer in Splunk Search 04-07-2022 0 2	0	2
SubSearch with different index and pass the fields to MainSearch and only use one filed from it for query purpose Hey Community, I am trying to get my head around this query My subsearch below, The query will look for the api path,... by adeshreddy Engager in Splunk Search 04-07-2022 0 4	0	4
Could someone provide regex help? Hey all , just need a little regex help trying to pull an IP address out and its not working. here is my rex \| rex... by tkerr1357 Path Finder in Splunk Search 04-07-2022 0 4	0	4
Grouping multiple results from a search in to the same name I'm trying to make a visualization showing our number of signatures, but the data is not very organized because I hav... by bb10 Engager in Splunk Search 04-07-2022 0 2	0	2
How to get the count of a specific value? How would you return the count of only the Reachable devices?In the picture above you would return 8.When using the q... by apignata Explorer in Splunk Search 04-07-2022 0 6	0	6
How to use a different field for time? Hi All! The data I am pulling is coming from nodes in multiple time zones. I want to use that time zone instead of Sp... by HWalk1 Explorer in Splunk Search 04-07-2022 0 4	0	4
Fields vs table vs nothing? Thought there was an answer on this already but can't find it, but for something like this, which is the most perform... by aberkow Builder in Splunk Search 04-07-2022 1 3	1	3
How to modify Splunk search only for logon_name users that are inside CSV? HelloHelloI have the following Splunk search syntax which returns me detailed log connection for a all user to the VP... by sbatino Observer in Splunk Search 04-07-2022 0 3	0	3
How to Disable auto-run when changing mode or time in Search view? Context: New Search View. I am not referring to Dashboards (which have many auto-run posts). I often develop searche... by rajbeerdhatt Explorer in Splunk Search 04-07-2022 2 1	2	1
How to make another field date and time field before and after indexing Hello Splunkers,I have data where the index time is different from the actual file.The source has the correct date an... by vrmandadi Builder in Splunk Search 04-07-2022 0 6	0	6
Why does the time field show up in the transpose header? hello I use a transpose command in a table panel \| eval time=strftime(_time,"%H:%M") \| sort time \| fields - _ti... by jip31 Motivator in Splunk Search 04-07-2022 0 3	0	3
How to exclude some indexes from search? Hi, I am encountering issue with 1 particular index. I am unable to use index!= to exclude the results from that part... by Thomas19 New Member in Splunk Search 04-07-2022 0 3	0	3
How can I exclude a value if it is equal or less than the number of char? I need to exclude the field values if it is less than or equal to 8 characters. For eg: In the field abc, I have the ... by innoce Path Finder in Splunk Search 04-07-2022 1 2	1	2