Splunk Search

Community Activity

	How can I filter all events to exclude this string? Hi, I have an index of log events and I have been asked to exclude all events with a certain string in it. The String... by POR160893 Builder in Splunk Search 04-11-2022 0 4	0	4
	How to split events in multiline raw data and extract fields? I have some data and I am trying to extract fields from multi line raw data. TIMESTAMP=23-12-2021,Eligible_to_be_... by vangal_sandeep New Member in Splunk Search 04-11-2022 0 2	0	2
	How to extract fields from JSON data and create a table using fields? 2022-04-11 05:46:26 POST /BestMarket.Internal.Market.Transactions/MarketTransactionService ContractName="BestMarket.... by Kisame27 Explorer in Splunk Search 04-11-2022 0 1	0	1
	How to Get the list of success values in 'If' condition? Hi, I need list of all the successful events details in the 'If' condition. For those successful list I need to extra... by kiran007 Explorer in Splunk Search 04-11-2022 0 4	0	4
	Simple search not working but search for NOT != does work. Hi All,I hope someone can enlighten me with this seemingly simple problem.I have this very simple search return 32 ro... by KeithH Communicator in Splunk Search 04-11-2022 0 6	0	6
	How to convert a field value of single line to displayed as multilines? Hi Splunkers, I have defined a filed as follows using eval condition \| eval body = "Sample Example :-" . " -... by pavanae Builder in Splunk Search 04-10-2022 0 2	0	2
	How to Round in a stats command? Hi, I'm trying to round the average of my response_time but still getting undesirable results (all the decimal places... by ebs Communicator in Splunk Search 04-10-2022 0 7	0	7
	Could you please help me with using REX/REGEX inside eval? Hi Could you please help me with using REX/REGEX inside eval? Here is what I'm trying to do \| makeresults \| eval Use... by usscommunity Loves-to-Learn Lots in Splunk Search 04-09-2022 0 2	0	2
	Splunk search error "Indexers error Could not load lookup=LOOKUP-XXXX " I cant find these LOOKUP anywhere I have created a lookup for a threat feed CSV file we are using. After deleting all the Lookup CSV files and removing... by aamer86 Path Finder in Splunk Search 04-09-2022 0 1	0	1
	What is wrong with my tstats command? This search works fine but is slow: host=host1 sourcetype="WinEventLog:Security" EventCode=5156 \| timechart span=1d... by wcooper003 Communicator in Splunk Search 04-08-2022 0 7	0	7
	How to create cumulative field for duplicated results? I have the following events in splunk: company,name,email,status Acme,John Doe,john.doe@example.com,inactive Comp... by JChris_ Path Finder in Splunk Search 04-08-2022 0 4	0	4
	How to view host disk encryption status I need a query to view disk encryption (DAR) of all my hosts, be it Bit Locker, LUKS, etc.index=* host=* \| ???Thank y... by dfiore42 New Member in Splunk Search 04-08-2022 0 1	0	1
	Help to convert date using strftime Currently I have a field holding a Julian date. I am trying to convert it using strftime but i'm having issues. Date ... by Marco_Develops Path Finder in Splunk Search 04-08-2022 0 2	0	2
	Why is my Search not returning results? Here's the text string from the log I'm searching: store license for Store 1234562022-04-07 19:17:44,360 ERROR path n... by jymmitch Path Finder in Splunk Search 04-08-2022 0 12	0	12
	How to search two reports when one report doesn't have a timestamp? Hi Team, There is a two reports one report(1st report) has timestamp other report(2nd report) doesn't have timesta... by Borntowin Loves-to-Learn Everything in Splunk Search 04-08-2022 0 3	0	3
	Regex for extracting a xml node from a xml feild Hello Expert,Please help me arrive on a regex to extract a xml node in a xml field.I have a field value like below<Re... by ssekar Engager in Splunk Search 04-08-2022 0 4	0	4
	How to set up a search to Retrieve Office 365 audit event property retrieval? I'm trying to set up a search to return Office 365 role change events for specific roles, such as the Global Administ... by JohnMoeVita New Member in Splunk Search 04-08-2022 0 1	0	1
	How do I find the time events have been sent in for the last 3 days? How do I find the time events have been sent in for the last 3 days. I want to see the time 53 different events came ... by Fats120 Loves-to-Learn Lots in Splunk Search 04-08-2022 0 10	0	10
	Why is Search not working but search for NOT != does work? Hi All, I am doing a very simple search over All Time of: index=index=orafin sourcetype=ORAFIN2 It retur... by KeithH Communicator in Splunk Search 04-07-2022 0 1	0	1
	How do you use multiple thresholds from a timechart for a single alert for an arbitrary number of devices? _timedevice1_avgdevice2_avgdevice3_avgdevice4_avg2022-04-07 00:0034311222022-04-07 01:00217641872022-04-07 02:0021832... by michaelsplunk1 Path Finder in Splunk Search 04-07-2022 0 1	0	1
	How can I list a single attribute and sort based on its value? Hi,I have documents similar to the one below: request_id: 12345 revision: 123 other_field: stuff my_preciou... by aj_54321 Explorer in Splunk Search 04-07-2022 0 2	0	2
	SubSearch with different index and pass the fields to MainSearch and only use one filed from it for query purpose Hey Community, I am trying to get my head around this query My subsearch below, The query will look for the api path,... by adeshreddy Engager in Splunk Search 04-07-2022 0 4	0	4
	Could someone provide regex help? Hey all , just need a little regex help trying to pull an IP address out and its not working. here is my rex \| rex... by tkerr1357 Path Finder in Splunk Search 04-07-2022 0 4	0	4
	Grouping multiple results from a search in to the same name I'm trying to make a visualization showing our number of signatures, but the data is not very organized because I hav... by bb10 Engager in Splunk Search 04-07-2022 0 2	0	2
	How to get the count of a specific value? How would you return the count of only the Reachable devices?In the picture above you would return 8.When using the q... by apignata Explorer in Splunk Search 04-07-2022 0 6	0	6