Splunk Search

Community Activity

	How to compare multiple value in lookup to single value in index? HI all, I have lookup table with 5 colon that contains IPs I want to create a search that exclude the IPs from my res... by Shakira1 Explorer in Splunk Search 04-05-2022 0 20	0	20
	How we can extract Windows Event description instead of Raw data which only give info of Event ID? How we can extract Windows Event description instead of Raw data which only give info of Event ID..Is it possible t... by afraanajam Loves-to-Learn Everything in Splunk Search 04-05-2022 0 5	0	5
	How to Add Total along with Percentage in result? I am calculating percentage for each https status code. But i also would like to display the total number of requests... by smrutiphadke Engager in Splunk Search 04-05-2022 0 2	0	2
	How to improve search performance with join alternative? Query frequently times out due to subsearch time limit I have a query that frequently times out due to the subsearch time limit. I'd like to improve it's performance but I'... by JackNY07 Explorer in Splunk Search 04-04-2022 0 3	0	3
	How to pivot from tstats data to a regular search? I don't know what the best way to word the subject, so if anyone has a better recommendation after reading my questio... by redhonda03_2 Engager in Splunk Search 04-04-2022 0 1	0	1
	How to search Eval field to get total count and plot the chart? We want to get the number of successful login, multiple successful login, multi-fail logins and also number the of h... by anu1729 Loves-to-Learn Lots in Splunk Search 04-04-2022 0 10	0	10
	How to count distinct items in nested fields? Hi! I can't seem to figure out how to get a count of each operation in a document like below: { [-] request_id: 1... by aj_54321 Explorer in Splunk Search 04-04-2022 0 8	0	8
	How to give matching fields the same number ? Hello, I have data that look like this :Month Key Value Number ------------------------------ Jan Key1 ... by Newser703 Explorer in Splunk Search 04-04-2022 0 1	0	1
	How to filter a multivalue field using a subsearch? I found a close answer to what I'm looking for here:https://community.splunk.com/t5/Splunk-Search/Why-cant-i-supply-a... by chrids Explorer in Splunk Search 04-04-2022 0 4	0	4
	How do I exclude events based on lookup file contents? I have a lookup file that has 5 columns. Those are src_ip, dest_ip, dest_port, signature and active. src_ip has 18 v... by bt149 Path Finder in Splunk Search 04-03-2022 0 4	0	4
	How to join 2 tables by field and closest table2 _time before table1 _time? Hello, Let's say I have the following tables index=events _timeevent_idip index=connections _timeip_addressuser Whe... by warlitos Explorer in Splunk Search 04-03-2022 0 5	0	5
	How to join with multiple matches? Im trying to join the correct source hostname to my Event from where a RDP Connection was innitiated.Since the Event ... by Hendrik2509 Engager in Splunk Search 04-03-2022 0 4	0	4
	Why is table listing not in reverse _time order? If I do an index search, raw events are listed in reverse _time order, which is often also the reverse _indextime ord... by yuanliu SplunkTrust in Splunk Search 04-03-2022 0 6	0	6
	How to use bonnie++ results to calculate IOPS? Hello, I have install bonnie++ Ver 1.03e on Ubuntu 20.04.4, try to run Command bonnie++ , attached please fine the... by NSCKevinSplunk Engager in Splunk Search 04-02-2022 0 7	0	7
	How to Create a search to find a user who made a change to an outlook account? Hi, please bear with me, I'm VERY new to Splunk. I've been googling trying to find the proper search, but I'm coming ... by EMDurks New Member in Splunk Search 04-02-2022 0 2	0	2
	How to extract value from JSON then declare a variable? I have HEC to send an event to Splunk in JSON format: { Status: Down Source: GCP URL: url_1 } { Sta... by yiweishih Explorer in Splunk Search 04-02-2022 0 2	0	2
	Error when searching log text that contains a line break Sample text from a log that I'm searching: "store license for Store 1234562022-03-27 02:01:59,649 [XNIO-2 task-3] ERR... by jymmitch Path Finder in Splunk Search 04-01-2022 0 11	0	11
	Why is Splunk search returning additional results not specified in Lookup table? I have a query to search particular event id's from Active Directory and see what Targets these apply to. Instead of... by hillsmtb7 Explorer in Splunk Search 04-01-2022 0 5	0	5
	Is there a way to timechart format like this? Is there a way to make a timechart like this in splunk? I really don't need the number values on the y axis I mostly ... by JP2022 New Member in Splunk Search 04-01-2022 0 1	0	1
	How to escape special character through regex Hi experts, I wanted to escape the backslash "\" from the below logs, and capture the status code. The output should... by mrmanishsharma New Member in Splunk Search 04-01-2022 0 6	0	6
	After splunk job failed, we are unable to fetch the every 5 mins history data. @links to members'search earliest=-10m latest=now index= 'xyz'(host=abcd123 or host=abcd345)TxnStart2End\| rex "Avg=(?... by DKR1 New Member in Splunk Search 04-01-2022 0 1	0	1
	Why is my search returning error? I'm trying to run the following commands on an index: \| eval elast=strptime(lastSeen,"%Y-%m-%d %H:%M:%S") \| eval da... by parkz Explorer in Splunk Search 04-01-2022 0 1	0	1
	Help with Splunk query for battery status, cpu usage, disk space Hi, Please indulge me as I am relatively new to Splunk. I wish to create a query or report I can run on demand to pro... by boxenberg Explorer in Splunk Search 04-01-2022 0 4	0	4
	How to only show only unique values over timeseries data with stats I have a time series data source where an alert writes an event indicating that the number of systems an account is l... by mjones414 Contributor in Splunk Search 04-01-2022 0 2	0	2
	Querying when the last time, an event was seen from various hosts in the system How to know the last event's time from each of the hosts in the system?. The output can be of the below format?host1... by msg4sunil Path Finder in Splunk Search 04-01-2022 0 5	0	5