Splunk Search

Community Activity

How to get the event count for the last 24 hours as a scheduled report? can you please tell us, how to get the last 24 hours event count to schedule the report? by dhavamanis Builder in Splunk Search 01-03-2022 1 2	1	2
Using single query with two sourcetypes? I have 2 sourcetypes, vpn & winevents, how do you write a single query to get winevents of the top 5 busiest machines... by brc55 Explorer in Splunk Search 01-03-2022 0 3	0	3
Dashboard to check index filled or not. Hello guys, Splunk newbie here. Hope someone can assist in my case, so index=*_whatever is expected to be filled with... by vxroot Loves-to-Learn in Splunk Search 01-03-2022 0 7	0	7
How to identify IIS Application Pool status changes I know similar questions have been asked a number of times but trying to follow the suggestions given I still cannot ... by jsmithn Path Finder in Splunk Search 01-02-2022 0 9	0	9
Joining Incident and SLA table creates multiple rows I have a join where there are 2 different SLAs (Active and E2E) that need to be linked to incidents on one row. How c... by DonBaldini Path Finder in Splunk Search 01-02-2022 0 1	0	1
csv file usage Hi,I need help in evaluation the csv files under "<Splunk directory>\etc\apps\search\lookups" folder. we have multipl... by shrinivaskittur Explorer in Splunk Search 01-02-2022 0 4	0	4
Specific query from Splunk SH to create a Dashboard Hi all, I'm trying to find the specific queries for the SH to create Splunk dashboard of the following info (example)... by splunk_luis12 Path Finder in Splunk Search 01-02-2022 0 2	0	2
Regex Help Hello,I'm attempting to use the regex command to filter out any records on the "user" field that do not match the wri... by bcanfield83 Engager in Splunk Search 01-02-2022 0 3	0	3
Pair events 4778 & 4779 How do I pair events 4778 & 4779 for the same Logon_ID when I have multi 4778 and multi 4779?I would like to pair the... by eranhauser Path Finder in Splunk Search 12-31-2021 0 1	0	1
Please Help Provide details about client purchase details 1. Total purchase split by product ID 2. Total Prod... by sumitp10797 New Member in Splunk Search 12-31-2021 0 2	0	2
JSON parsing problem Hello, My Splunk query an API and gets a JSON answer.Here is a sample for 1 Host (the JSON answer is very long ≈ 400 ... by incognito Explorer in Splunk Search 12-31-2021 0 6	0	6
Can I feed data directly into Excel? HelloI want to feed data directly into Excel but I do not have API access nor I can install custom connectors.Is ther... by SplnkUse Path Finder in Splunk Search 12-31-2021 0 2	0	2
Changing an ID to a name Hi,My search result brings back a GUID in the ID field. The GUID refers to a customer. I would like it to reflect the... by bazcurtis178 Explorer in Splunk Search 12-31-2021 0 9	0	9
Unable to create field using regex Hi Team, Need your help in creating regex to create a field. "User_Claim":("sub":"qweihaytej"; "login_id":"Abc@domai... by sagar_shubham Explorer in Splunk Search 12-30-2021 0 4	0	4
Search since beginning of yesterday HelloIf now, it is 30/12/2021 22:30, how can I search for timestamps from 29/12/2021 00:00:00 (i.e. beginning of 29/1... by SplnkUse Path Finder in Splunk Search 12-30-2021 0 2	0	2
Error from bring up the cluster captain (error=401 - call not properly authenticated) I use this guide to deploy my search head cluster. When I try to bring up the cluster captain (step 5): /opt/splunk... by MelnikovTimofey New Member in Splunk Search 12-30-2021 0 4	0	4
Comparing information based on _time and calculated value I have looked for solutions but I have mostly found results regarding only current and past time comparison which is ... by Brainstorms Explorer in Splunk Search 12-30-2021 0 2	0	2
Sort the top header from lowest to highest? Hey all,Just started learning Splunk this week, interesting so far. How can I sort the top header from lowest to high... by MarsBar Engager in Splunk Search 12-30-2021 1 5	1	5
Using stats instead of transaction Hello,Looking for some assistance in reconstructing my query, which is currently using \| transaction with a traceId v... by sonicZ Contributor in Splunk Search 12-30-2021 1 6	1	6
Consolidate data in table using Dedup command Hello, I am using the below query to output which of our Searches/Rules are mapped to which Mitre Technique IDs. \| i... by neerajs_81 Builder in Splunk Search 12-29-2021 0 3	0	3
Search result not in second with rex fields I want to look for requests in a service mesh ingest log which have no corresponding application log entries.My first... by drew_eckhardt Engager in Splunk Search 12-29-2021 1 3	1	3
Need to filter out latest one year date for the particular field in table Hello Experts, Kindly help to filter out latest one year date for the particular field. For ex: index="abc" sourcet... by Ashwini_5 Explorer in Splunk Search 12-29-2021 0 1	0	1
Open ended question - beginner here Hey all,I've got an interview and I need to show some level of competency at using Splunk, I'm doing a short presenta... by MarsBar Engager in Splunk Search 12-29-2021 0 1	0	1
Hung Job Monitoring via Logs I have a search string that details the last log entry for all running jobs [shown in ascending order] bar a few jobs... by Mick_OBrien Path Finder in Splunk Search 12-29-2021 0 1	0	1
Use Case sAMAccountName changes in domain controller Hi,want to create a search to find anyone who does changes to the sAMAccountName So sAMAccountName could be sAMAccoun... by shanaz Engager in Splunk Search 12-29-2021 0 1	0	1