Splunk Search

Community Activity

How to count unique elements of an unstructured array? Hi! I have unstructured log in the following format, and I can't seem to figure out how I can count the number of occ... by aj_54321 Explorer in Splunk Search 03-25-2022 0 1	0	1
Using the Output from a Search in One Index to Search in a Second Index I am looking to search in one Index for a specific field name and then use a second field from that Index to search a... by JoeHubner Explorer in Splunk Search 03-25-2022 0 2	0	2
How to create a table that will combine search results based on SerialNumber and split them into 3 columns but one row? Hey there, pretty new to Splunk searching. I am trying to get a table created that will combine search results based ... by kr5345 Engager in Splunk Search 03-25-2022 0 2	0	2
How to set variable based on token value I'm looking to set a variable (customerLabel) depending on whether the user selects "framework" or "team" from a drop... by anthonyb90 New Member in Splunk Search 03-25-2022 0 1	0	1
How can I do a search to see if values of one index exists in other 2 indexes? Hi,I have 3 indexes. I need to extract hash_values from index 3 and do a search to see if similar files exists in ind... by Woodpecker Path Finder in Splunk Search 03-25-2022 0 1	0	1
How to make eval time minutes? What do I need to add to this search, to make this search \| where Need >= 60min \| tstats max(_indextime) AS Late whe... by troy44112 Explorer in Splunk Search 03-25-2022 0 8	0	8
How to search by user ID? My data consists of individual messages, tagged with the userID of the user who sent them. I want to count the number... by BenWilliamson1 New Member in Splunk Search 03-25-2022 0 2	0	2
How do I correlate time events from separate indexes? I want to create alert when user approve MFA from different IP than the one he used prior to connection to VPN. So I'... by dex31337 Loves-to-Learn Lots in Splunk Search 03-25-2022 0 8	0	8
How to query a lookup table using the REST API? Hi guys, I have a Splunk scheduled search which is producing a list of URLs that need to be used by another system. T... by raduand Explorer in Splunk Search 03-25-2022 1 4	1	4
How to join 2 searches based on time range? Hi all, We have events in a single index for flows into and out of a gateway, I’m trying to link an incoming event wi... by Mattjj Explorer in Splunk Search 03-25-2022 0 2	0	2
How to get average for some fields but not all? Hi, I would like to get the average of multiple fields in the same row but not all, would anyone be able to advise on... by huan_an Explorer in Splunk Search 03-25-2022 0 2	0	2
How to check which all logs are getting ingested and if there are any gaps in it? Hi, I have to do gap analysis on splunk in order to check which all logs are getting ingested and if there are any... by SonakshiRaiTH New Member in Splunk Search 03-25-2022 0 1	0	1
How to Parse EMR Log to generate table output? I have a log events (each about 260 lines) related to our AWS EMR Cluster 'performance' metrics. It seems it's just a... by edwinmae Path Finder in Splunk Search 03-24-2022 0 2	0	2
Can we base on trend percent to set Coloring with Dynamic Trend in Dashboard? With below setup, we can setup the single value dashboard with dynamic coloring change while trendValue change. "tre... by rally0321 Path Finder in Splunk Search 03-24-2022 0 0	0	0
How to write this cron? Hello Is it possible to use a cron that runs a seach every hour ten minutes after hour and just between 7 AM and 19PM... by jip31 Motivator in Splunk Search 03-24-2022 0 1	0	1
How to get list of users with user account created date and email associated to it? Hi All ,The requirement is to get all usernames , username created date and email associated to it as belowusername ... by testnoob New Member in Splunk Search 03-24-2022 0 5	0	5
How to display SPL to chart events? I have a search I can compose using multiple appends and sub-searches to accomplish, but I assume there's an easier w... by adamsmith47 Communicator in Splunk Search 03-24-2022 0 1	0	1
Where do I locate the Splunk default commands? What is the location of Splunk commands like inputlookup,lookup,mvexpand,multikv,split,stats,eval,chart,tstats in spl... by Saikat001 Explorer in Splunk Search 03-24-2022 0 1	0	1
How to get alerts when event X isn't followed by event Y within a certain length of time? I need an alert where you get this message "Attempting to send email to:<email>" but you don't ever get the message "... by andrew_burnett Path Finder in Splunk Search 03-24-2022 0 3	0	3
How to change colors of bars in bargraph chart based on their numerical value? I'm trying to create a column chart (bar graph) in my Splunk (v8.1.3) dashboard that shows the availabilities of a gi... by bsg273 Path Finder in Splunk Search 03-24-2022 0 2	0	2
Why is the Join Operation Is not working properly? I am seraching as below but my join operation is not bringing results from the join for only couple of imei/records. ... by sercankarvar Observer in Splunk Search 03-24-2022 0 4	0	4
How to able Formatting _time to be used in the timepicker? Hi everyone, Pretty new to Splunk and would really appreciate your insight on my current project. Currently creating ... by elomotanpru Path Finder in Splunk Search 03-24-2022 0 9	0	9
Does this mean that _raw cannot be used with tstats? Hi Splunkers,in my tasks I performed an exam of some already Splunk searches and one of these is about a Log4j vulner... by SIEMStudent Path Finder in Splunk Search 03-24-2022 0 1	0	1
Having trouble with rex command I have below raw string 03 Mar 2022 10:08:18,188 GMT ERROR [dbdiNotificationService,ServiceManagement] {} - Caught R... by bhaskar5428 Explorer in Splunk Search 03-24-2022 0 2	0	2
How to display the results matching the same fields as another fields? Hi All, I was working on a case where i have 2 fields extracted as "actordisplayName" & "targetUser" in the same raw ... by ChethanNP Explorer in Splunk Search 03-24-2022 0 6	0	6