Splunk Search

Community Activity

How do I use mstats and changing aligntime to set up this alert I had a situation where I wanted to know if the mstats p90(cpu) over 5 minutes of a host was above a certain value; b... by JustinSC Explorer in Splunk Search 03-18-2022 0 0	0	0
How to include results where count is 0 in a an existing search using a csv file? Currently I have a search query that will show when an event happens with the device_id, count, and the device name. ... by Rapidz Explorer in Splunk Search 03-18-2022 0 1	0	1
How to search number of active VPN users over time Hi all, I've been working on getting the number of active VPN users from our ASA logs by a simple query to get the la... by trajedy New Member in Splunk Search 03-18-2022 0 2	0	2
How to track Windows Login failure from expired or disabled account Hi Splunkers,I'm performing some searches to monitor Windows user failure attempts. The failure itself is not a probl... by SIEMStudent Path Finder in Splunk Search 03-18-2022 0 3	0	3
How do I get unique within each group? Team, Can you please help me with the splunk query for the below? Thank you Splunk query returns the below 1 1 1 2 2... by msg4sunil Path Finder in Splunk Search 03-18-2022 0 8	0	8
How to display charts based on condition by some field Hi , I want to display two charts , one column and line chart in single panel based on condition. For example, if re... by avni26 Explorer in Splunk Search 03-18-2022 0 5	0	5
How to add average column to timewrap table for multiple fields? Hi there! I want to add columns to this table that I copied from the docs about timewrap. I want to add columns that ... by michaelsplunk1 Path Finder in Splunk Search 03-18-2022 0 1	0	1
How to include several unique IP address in the search command with src=or can I use src IN(ip,ip,ip)? How can I include several unique IP address in the search command with src= or can I use src IN(ip,ip,ip) by lakaras1s New Member in Splunk Search 03-18-2022 0 1	0	1
How to change stats on optional field? Hello Folks, I have the below query on one of my dashboard panel. Here I pass the IN_BUSINESSDATE field value from da... by rangarbus Path Finder in Splunk Search 03-18-2022 0 1	0	1
How to check if multiple conditions are true? I am looking for a way to check for multiple conditions to match, and if they are met, output a specific word... such... by iomega311 Explorer in Splunk Search 03-18-2022 0 2	0	2
How to create a lookup subsearch with NOT IN I am facing following challenge. I have a lookup table myids.csv with ID's in it: ID123 I have and index also with ID... by ub_ik Explorer in Splunk Search 03-17-2022 0 2	0	2
How to create a search for when User visits url, do a transaction, and get the data based on time? Hi Everyone, I am trying to pull a result per customer, where he/she has visited url based on time_order I did someth... by bijodev1 Communicator in Splunk Search 03-17-2022 0 15	0	15
How to find the number of days between two dates? Hi All, I have logs as below to check certificate validity:Valid from: Tue Jul 13 02:51:21 EDT 2021 until: Thu Jul 13... by Mrig342 Contributor in Splunk Search 03-17-2022 0 6	0	6
Why is Cluster Count not working? Hi Everyone, I have created the below query in Splunk to fetch the Error messages index=abc ns=blazegateway-c2 CASE(E... by aditsss Motivator in Splunk Search 03-17-2022 0 5	0	5
Why is there Circular dependency Issue in Data Model? Error: Error in 'SearchProcessor': Found circular dependency when expanding from.Network_Traffic.All_Traffic Backgrou... by kashz Explorer in Splunk Search 03-17-2022 0 1	0	1
How to use Splunk AND command to find field 3? ++EXT-ID[05] FLD[Wallet Provider Device..] FRMT[TLV] LL[1] LEN[32] DATA[4AD74D9421FE60B5688EF727F1BC7488] ++EXT-ID[... by jayeshrajvir Explorer in Splunk Search 03-17-2022 0 17	0	17
How to pass lookup table to search? Hello Team, I have a lookup table with 1000 employees data into it, like email, id and other I have an search which ... by Try_harder New Member in Splunk Search 03-17-2022 0 4	0	4
How to display a single value trend from 2 different relative time? HiI would like to dis play a trend indicator between these 2 different relative timeIs it possible? index=toto sourc... by jip31 Motivator in Splunk Search 03-16-2022 0 5	0	5
Will the data model acceleration enabled for the first search head automatically be enabled for the next search head? We are currently using a Splunk Enterprise environment with one search head and one indexer.We enabled data model acc... by AHA-0114 Explorer in Splunk Search 03-16-2022 0 4	0	4
How to extract Splunk rex field? Hi There, I have a query that I use to extract all database modifications. However, I want to exclude SELECT from ca... by GRC Path Finder in Splunk Search 03-16-2022 0 26	0	26
KVStore Field returning Invalid result- How do I fix this? Hello. I have some KVStore collections in our cloud environment. In some of those collections, there are boolean fie... by rjscholl New Member in Splunk Search 03-16-2022 0 1	0	1
How to create an alert based on lookup file Hi, I need to set up an alert with the query like below. index=abc sourcetype=bcd “abc” File_name=maple.txt earliest=... by prettysunshinez Explorer in Splunk Search 03-16-2022 0 2	0	2
How do I create a new field time? I have an alert table with certain values:Time (alert occurrence) \| Alert Name \| Severity.... Would it be possible to... by MagicCerbero New Member in Splunk Search 03-16-2022 0 3	0	3
Why am I unable to REX out a subset of a field? I've got an alert I put together and am trying to REX multiple pieces of it out to their own columns. This is against... by arist0telis Explorer in Splunk Search 03-16-2022 0 3	0	3
How do I split a string which contains a path so I'm only getting the first two directories? I have several thousand events with a path such as d:\RNREDINFFTP01-AVREDINFWFS01\ebtest1\foo\bar\filename2.txt. The... by DamageSplunk Explorer in Splunk Search 03-16-2022 1 7	1	7