Splunk Search

Community Activity

Search with _time Hello,I am monitoring a csv file using universal forwarder and the first column in the csv file is Last_Updated_Date.... by madhav_dholakia Contributor in Splunk Search 01-17-2022 1 7	1	7
csvfile search in values Hi,I have csv file containing emailID and domain and I would like to search the email exchanges between these two(em... by shrinivaskittur Explorer in Splunk Search 01-17-2022 0 10	0	10
Looking for regex help in parsing data from curl output I'm using curl in Spluk to download some data from an API and to build a lookup of the downloaded data. The data come... by bowesmana SplunkTrust in Splunk Search 01-16-2022 0 7	0	7
Blacklist line not blacklisting events Hi Everyone. I'm expanding my blacklist and i'm having issues with a seemingly simple blacklist line.Here is my curr... by icewolf69 Loves-to-Learn Everything in Splunk Search 01-16-2022 0 1	0	1
Removing field from _raw field generated by collect for summary index I am using a scheduled report to save data to a summary index with the following query:index=_internal \| stats count ... by klim Path Finder in Splunk Search 01-16-2022 0 1	0	1
How to develop Regex to find invalid pattern in a skill level expression string. Hi， Splunkers，I have some skill expression as below:Orange > 5 & apple < 0 & ( Peach = 0 \| Tomato >) & (Strawberry ... by wangkevin1029 Communicator in Splunk Search 01-16-2022 0 12	0	12
Error of Problem replicating config (bundle) to search peer ' 10.10.x.79:8089 ', Greetings!! I need help!!! am experiencing an error while am doing search, the error is:Search peer Splkidx04 has the... by pacifikn Communicator in Splunk Search 01-16-2022 0 3	0	3
multivalue fields Hi I'm trying to count the number of times of a specific values "not match" exist in a multi-value field, search for ... by poladbank New Member in Splunk Search 01-16-2022 0 2	0	2
How do I group 2 attributes for line graph Splunk I'm trying to do a line graph using this command:source="filename.csv" sourcetype="csv" \| stats sum(intake), values(g... by Rayzer Engager in Splunk Search 01-16-2022 0 3	0	3
Human or Google web requests We use Palo Alto, Barracuda, and McAfee WGs.All perform some form of Web Filtering / Blocking, which I'm now being as... by DaveBunn Path Finder in Splunk Search 01-15-2022 0 0	0	0
Look up value from one log line in another log line I have a log line for when the ip is added to the blacklist and another log line with ips that were removed from the ... by carinahOliveira Explorer in Splunk Search 01-15-2022 0 1	0	1
Excluding internal to addresses from the from field using regex I am trying to create a dash which uses tokens for different clients capturing any attachments sent externally. I h... by emcglade Engager in Splunk Search 01-15-2022 0 1	0	1
Create dashboard for hosts that have no results from a specific sourcetype Hey guys I'm trying to create a dashboard that shows any host with a group of specified hosts that are not returning ... by croseberry Engager in Splunk Search 01-14-2022 0 1	0	1
Measure time between two log events Hi,I have an SBC (Session Board Controller) which is doing LDAP search and write the syslog of that. I'm trying to ge... by Petri-X Explorer in Splunk Search 01-14-2022 0 4	0	4
Find Any windows login from a source IP other than the known one Hi , I have a list of allowed IP addresses and want to use splunk to find any windows login from a source Ip other th... by websplunk01 Engager in Splunk Search 01-14-2022 0 3	0	3
split string with square brackets into individual fields Hello,I'm new to Splunk and I'm looking for some advice.My search, e.g. <mysearch> \| table attributes returns a val... by plcd63 Explorer in Splunk Search 01-14-2022 0 5	0	5
How to match on value NOT in lookup table I have a list of IP addresses in a lookup table that are network scanners.I am trying to build a search that excludes... by DEADBEEF Path Finder in Splunk Search 01-14-2022 0 5	0	5
Getting last of a column value in a table I have a splunk query that returns results like this. I want to modify the query such that I get the latest row for ... by AruBhende Explorer in Splunk Search 01-13-2022 0 1	0	1
props.conf : regex in source stanza Hi, I am trying to filter out events using props.conf and transforms.conf . I have requirement where there are multip... by rashiagrawal Loves-to-Learn Lots in Splunk Search 01-13-2022 0 5	0	5
What's the best way to search for a list of MD5? Where can I find User Instructions for searching for a block of hashes on a regular basis, and emailing an alert if a... by SupD0cTr Engager in Splunk Search 01-13-2022 0 1	0	1
Chart Visualization Updates Hi,Could you help me why the values for the Y-Axis is not being set correctly? I specified 6000 with interval of 500 ... by aquinojason Path Finder in Splunk Search 01-13-2022 0 8	0	8
Search a lookup with wildcard in values Hi,I am stuck implementing below use case , please help me on this :I have a lookup say url_requested.csv. http_urlho... by Poojitha Communicator in Splunk Search 01-13-2022 0 3	0	3
Check if csv files have been updated to latest versions Is there a way of checking if the latest csv updates were successful and if they were the most up to date versions (a... by robnewman666 Path Finder in Splunk Search 01-13-2022 0 6	0	6
Compare values in two different json objects Hello, This question has probably been asked and answered, but, I just can't seem to find a best solution; I have a s... by vadim_osipov Engager in Splunk Search 01-13-2022 0 4	0	4
What is the difference between action.lookup and action.populate_lookup? https://docs.splunk.com/Documentation/Splunk/latest/admin/savedsearchesconf mentions two lookup-generating actions: a... by ruman_splunk Splunk Employee in Splunk Search 01-12-2022 0 1	0	1