Splunk Search

Community Activity

How to pass a user ID to a new query? I'm attempting to build a search around Okta authentication logs. I want to run a query to check for any Multi facto... by rip_leroi Explorer in Splunk Search 03-02-2022 0 1	0	1
how to search for event matching lookup table hi, i a total newbiei need to do a search in splunk matching the domain in my lookup table (master_lookup.csv)my tabl... by 7ryota Explorer in Splunk Search 03-02-2022 0 5	0	5
How to display a message when a specific host is not ingesting? My dilemma. index=prod_s3 sourcetype=My_Sourcetype earliest=-30m(host=2016) OR (host=2018) OR(host=2015) OR (host=20... by auzark Communicator in Splunk Search 03-02-2022 0 12	0	12
Why doesn't Web app search and REST API on Postman consistently return the same results? Hello, I have a search that runs in the web application interface (Splunk Enterprise). It returns results as and when... by Stuartb_ New Member in Splunk Search 03-01-2022 0 0	0	0
How to create a calculated field eval coalesce follow by case statement? I'm trying to create a calculated field (eval) that will coalesce a bunch of username fields, then perform match() an... by ejwade Contributor in Splunk Search 03-01-2022 0 0	0	0
Most efficient way to filter results matching a list of values in either of two(+) fields? Hello everyone. I'm trying to find the most efficient way to filter results for a list of values that may have a matc... by hackwerks Engager in Splunk Search 03-01-2022 1 3	1	3
How to compare the columns values against another column Hi Guys,I am having a query which would result as below,The above shows count by xyz for the user selected timerange.... by sangs8788 Communicator in Splunk Search 03-01-2022 0 5	0	5
How can I get the rate of a transaction which run in a specific way BackgroundIn my system, every visit consist of one or more transactions and every has its global serial number, which... by Jackiifilwhh Path Finder in Splunk Search 03-01-2022 0 7	0	7
How to put extracted REX values in single row in table while using transaction? I am performing theSplunk query on following result, The following field repeats 100 times with different values ran... by mrunalaghara Loves-to-Learn in Splunk Search 03-01-2022 0 8	0	8
Is it possible to create an alert only if a certain condition is not met? So I want to create an alert if one of our server is not connected, but the server disconnects automatically for ever... by santosh1 Explorer in Splunk Search 03-01-2022 0 2	0	2
How to get stats by hour and calculate percentage for each hour? Hi There, I am trying to get the an hourly stats for each status code and get the percentage for each hour per status... by bijodev1 Communicator in Splunk Search 03-01-2022 0 6	0	6
Can anyone explain what does these lookup statements mean ? \| lookup update=true SpamIntel_by_email_subject subject OUTPUT\| lookup update=true SpamIntel_by_email_subject_wildcar... by zacksoft_wf Contributor in Splunk Search 03-01-2022 0 5	0	5
Retrieve values from json file Hi,I need to filter my query for a specific field_value. The working query is as follow:index=_index (field_value="va... by sdhiaeddine Explorer in Splunk Search 03-01-2022 0 3	0	3
Why did request in search head fail to apply delete to some metadata? Hello dear colleagues, has anyone encountered this error, I checked search.log for inconsistent metadata. Help me dec... by gitingua Communicator in Splunk Search 03-01-2022 0 2	0	2
How to set up an alert that will show when someone other than those 3 are trying to log in? I have a small environment. I have 3 users that are allowed to login to a particular server. If I search: index=<in... by kbohlken Observer in Splunk Search 02-28-2022 0 3	0	3
How to link to search in query? Hi I have a panel with query below index=int_166167 env = SIT appName="GCR" message="Post Login*"\| bucket _time span... by sahana Engager in Splunk Search 02-28-2022 0 1	0	1
How to Extract JSON format as fields? Need to extract json file in fields { "AAA": { "modified_files": [ "\"b/C:\\\\/HEAD\"", "\"b/C:\\\\/dev\"", "\"b... by karthi2809 Builder in Splunk Search 02-28-2022 0 8	0	8
How to do a stats count by abc \| where count > 2? Hey there, I have a field let's say "abc" with values as such : 1,3,5,7,5,3,2,1,5,7,8,5,1,1,2,2,3,2,1,1,2,3,2,3 here ... by bijodev1 Communicator in Splunk Search 02-28-2022 0 4	0	4
Aligning Multivalue field from XML nodes with multiple attributes Hi, I'm trying to create a table as below:methodlatlonblue35781144960035red green yellow35781134960032I tried using... by RedHeron Engager in Splunk Search 02-28-2022 0 1	0	1
How to get rid of the the spaces in token output? Trying to run a query that has a token field. The output injects a space before and after the token provided keyword... by tlmayes Contributor in Splunk Search 02-28-2022 0 5	0	5
How to multiply one event value by another event value? Might be simple, but i run a search for tags and values and i get the information. What is the proper syntax to multi... by Thail Explorer in Splunk Search 02-28-2022 0 7	0	7
How to convert array of json in multiple split lines? Any help is greatly appreciated. How to convert the following json into a table? {<!-- -->"Summary":{<!-- -->"jobType":"jobA","summ... by felipesodre Path Finder in Splunk Search 02-28-2022 0 1	0	1
How to group by without aggregation? Hi I'm trying to group items by a specific field, and get all the values returned (i.e. without aggregation). I have ... by BernardEAI Communicator in Splunk Search 02-28-2022 0 1	0	1
How to string search for the empty value Dear professional, I have a search like this index="hcg_oapi_prod" relatedPersons And the search value is store in a... by lamnguyentt1 Explorer in Splunk Search 02-28-2022 0 2	0	2
How to get the results of a report after the execution? I am running a very big report which is on 95% after 36 hours and I see that the results size is ~ 2GB and the result... by rayar Contributor in Splunk Search 02-26-2022 0 1	0	1