Splunk Search

Community Activity

	Search for users Splunk login activity for * days Hello,I'm trying to search Splunk for user activity pertaining to logging into Splunk for X # of days. Everything I'v... by crlunde Loves-to-Learn Everything in Splunk Search 01-24-2022 0 2	0	2
	Need Help in regex expression Hi team, I need to fetch the 'InterfaceName' from the below payload. I built a regular expression but it is not wor... by rkishoreqa Communicator in Splunk Search 01-24-2022 0 1	0	1
	How do I fix my field extraction to account for whitespace in some paths Hello I have some data in a txt file that I am working on extractions for. It extracts fine except that in some of t... by tkw03 Communicator in Splunk Search 01-24-2022 0 3	0	3
	How to return stats from subsearch if first search returns no events I have created a search that will trigger if no events from the following search is being returnedindex=ipl_prod sour... by rune_hellem Contributor in Splunk Search 01-23-2022 0 2	0	2
	identify host not in a list... I have a query that returns a set of hosts that have an event string.index=anIndex sourcetype=aSourceType ("aString1"... by sjringo Contributor in Splunk Search 01-23-2022 0 12	0	12
	How to automatically initiate second search using the results of the first search index=logs appname="nameofapp " url=somewebsitenamestring \| stats count by user \| sort - count \| where count > ... by Itsecuser1 New Member in Splunk Search 01-23-2022 0 3	0	3
	how to add calculated fields into a chart I am trying to add 2 new fields into a chart, which is calculated by the exisiting columns in the following chart. Ba... by chongdong Explorer in Splunk Search 01-23-2022 0 6	0	6
	Splunk alert base on return code My file contains a line at the last where it mentions the return code. The format look like below mentioned. If the j... by LolabhattuA Loves-to-Learn in Splunk Search 01-23-2022 0 4	0	4
	How to combine two searches into one table?? Hello,everyone!At first, sorry for my bad English.I have a problem to join two result.The raw data is a reg file, lik... by feelcool Explorer in Splunk Search 01-22-2022 0 7	0	7
	How do you use a calculated "_time" field for a timechart query I have a Splunk query that does a lot of computation and eventually returns only two calculated fields: _time and ST... by jbrenner Path Finder in Splunk Search 01-22-2022 0 3	0	3
	result in single row Hi Guys I have a query like this <query>\| stats avg(CurrentConnections) as CC by host And the output is as below wit... by roopeshetty Path Finder in Splunk Search 01-22-2022 0 3	0	3
	fields.conf TOKENIZER breaks my event completely I'm trying to get a new sourcetype (NetApp user-level audit logs, exported as XML) to work, and I think my fields.con... by dsmith Path Finder in Splunk Search 01-22-2022 0 12	0	12
	display all values of JSON field in a table if you don't know the structure of the json I have a JSON with a field containing another object, but this object varies depending on type. For example, you may ... by dasaed Explorer in Splunk Search 01-22-2022 0 3	0	3
	Which timestamp is used when piping a transaction result into timechart command I have a transaction command which correlates two log entries. If I pipe this result into a timechart command, which ... by jbrenner Path Finder in Splunk Search 01-21-2022 0 2	0	2
	Eval If Multiple Date Values Match or Do Not Match Hello,I have a script gathering the last updated timestamp of three different files and I'm ingesting that data into ... by Razziq Explorer in Splunk Search 01-21-2022 0 1	0	1
	[Version 8.2.4] No longer able to use timestamps from return command in subsearch Hi,In the past (Splunk Enterprise v 7.x.x) I used the below search to run a report every few min. There were so many ... by steen Explorer in Splunk Search 01-21-2022 0 5	0	5
	case match command I am trying to use the case match command with more than one option. I keep getting an error message regarding the pa... by parkertctr Path Finder in Splunk Search 01-21-2022 0 2	0	2
	Create a table with different fields depending if their values match a condition I have a raw where each event looks like this (simplified for this exampel):{"time": "2022-01-20 16:40:02.325216", "n... by andres Loves-to-Learn Lots in Splunk Search 01-21-2022 0 2	0	2
	Hi Experts, I would like to count the multifield in the table where it has similar values I would like to count the multifield in the table where it has similar values. For Ex: I need output like below for ... by Ashwini_5 Explorer in Splunk Search 01-21-2022 0 2	0	2
	Date and time conversion Hi, in my index I have a couple time fields that are returned via a simple search_time = 1/20/2022 1:38:55.000 PM (th... by nate_washburn Engager in Splunk Search 01-21-2022 0 2	0	2
	How should we handle DB audit trails? We would like to ingest the Oracle's UNIFIED_AUDIT_TRAIL table and the SQL server's MSSQL\SQLAudit\*.sqlaudit files.H... by danielbb Motivator in Splunk Search 01-21-2022 0 2	0	2
	Extract and cleanse data into field for table Hi,In the following log entries, I wanted to extract uri in a specific format:log: a_level="INFO", a_time="null", a_t... by nbhat Explorer in Splunk Search 01-21-2022 0 1	0	1
	Date field comparison I need help regarding comparise a ISO 8601 date field with a specific date.Below is a simple example:index=devices \| ... by alexandrebas Explorer in Splunk Search 01-21-2022 0 1	0	1
	How to show data from TWO different sourcetypes ? I have,sourcetype_A (fields : ID, age, city, state)sourcetype_B (fields : ID, job, salary, gender)The fields "ID" i... by zacksoft_wf Contributor in Splunk Search 01-21-2022 0 2	0	2
	Extract raw data for URL into field Hi,In the following log, I wanted to extract Url, Method, ResponseTimeMs, StatusCode as a table:log: a_level="INFO", ... by nbhat Explorer in Splunk Search 01-21-2022 0 2	0	2