Splunk Search

Community Activity

How to count event by chosen month Hi, I have a list of events span across more than a year, the event will contain type of card, transaction status. I ... by phamxuantung Communicator in Splunk Search 01-04-2022 0 2	0	2
splunk search query for CPU usage Hi i am new to splunk.i have splink event like this" system CPU \| 6.039 % \| system time \| 0.009 % \|how can i get avg ... by Atul1507 Loves-to-Learn Lots in Splunk Search 01-03-2022 0 10	0	10
Extracting port number from url field Hello,Suppose I've got the following url among lot of others : (logs come from something close to Squid but not index... by lauMarot Path Finder in Splunk Search 01-03-2022 0 1	0	1
Truncate characters after a specific character using the Trim function Dear all, best wishes for 2022.Is it possible to use rtrim to remove all characters out of a search result that come ... by ASplunkDummy Engager in Splunk Search 01-03-2022 1 3	1	3
How to get the event count for the last 24 hours as a scheduled report? can you please tell us, how to get the last 24 hours event count to schedule the report? by dhavamanis Builder in Splunk Search 01-03-2022 1 2	1	2
Using single query with two sourcetypes? I have 2 sourcetypes, vpn & winevents, how do you write a single query to get winevents of the top 5 busiest machines... by brc55 Explorer in Splunk Search 01-03-2022 0 3	0	3
Dashboard to check index filled or not. Hello guys, Splunk newbie here. Hope someone can assist in my case, so index=*_whatever is expected to be filled with... by vxroot Loves-to-Learn in Splunk Search 01-03-2022 0 7	0	7
How to identify IIS Application Pool status changes I know similar questions have been asked a number of times but trying to follow the suggestions given I still cannot ... by jsmithn Path Finder in Splunk Search 01-02-2022 0 9	0	9
Joining Incident and SLA table creates multiple rows I have a join where there are 2 different SLAs (Active and E2E) that need to be linked to incidents on one row. How c... by DonBaldini Path Finder in Splunk Search 01-02-2022 0 1	0	1
csv file usage Hi,I need help in evaluation the csv files under "<Splunk directory>\etc\apps\search\lookups" folder. we have multipl... by shrinivaskittur Explorer in Splunk Search 01-02-2022 0 4	0	4
Specific query from Splunk SH to create a Dashboard Hi all, I'm trying to find the specific queries for the SH to create Splunk dashboard of the following info (example)... by splunk_luis12 Path Finder in Splunk Search 01-02-2022 0 2	0	2
Regex Help Hello,I'm attempting to use the regex command to filter out any records on the "user" field that do not match the wri... by bcanfield83 Engager in Splunk Search 01-02-2022 0 3	0	3
Pair events 4778 & 4779 How do I pair events 4778 & 4779 for the same Logon_ID when I have multi 4778 and multi 4779?I would like to pair the... by eranhauser Path Finder in Splunk Search 12-31-2021 0 1	0	1
Please Help Provide details about client purchase details 1. Total purchase split by product ID 2. Total Prod... by sumitp10797 New Member in Splunk Search 12-31-2021 0 2	0	2
JSON parsing problem Hello, My Splunk query an API and gets a JSON answer.Here is a sample for 1 Host (the JSON answer is very long ≈ 400 ... by incognito Explorer in Splunk Search 12-31-2021 0 6	0	6
Can I feed data directly into Excel? HelloI want to feed data directly into Excel but I do not have API access nor I can install custom connectors.Is ther... by SplnkUse Path Finder in Splunk Search 12-31-2021 0 2	0	2
Changing an ID to a name Hi,My search result brings back a GUID in the ID field. The GUID refers to a customer. I would like it to reflect the... by bazcurtis178 Explorer in Splunk Search 12-31-2021 0 9	0	9
Unable to create field using regex Hi Team, Need your help in creating regex to create a field. "User_Claim":("sub":"qweihaytej"; "login_id":"Abc@domai... by sagar_shubham Explorer in Splunk Search 12-30-2021 0 4	0	4
Search since beginning of yesterday HelloIf now, it is 30/12/2021 22:30, how can I search for timestamps from 29/12/2021 00:00:00 (i.e. beginning of 29/1... by SplnkUse Path Finder in Splunk Search 12-30-2021 0 2	0	2
Error from bring up the cluster captain (error=401 - call not properly authenticated) I use this guide to deploy my search head cluster. When I try to bring up the cluster captain (step 5): /opt/splunk... by MelnikovTimofey New Member in Splunk Search 12-30-2021 0 4	0	4
Comparing information based on _time and calculated value I have looked for solutions but I have mostly found results regarding only current and past time comparison which is ... by Brainstorms Explorer in Splunk Search 12-30-2021 0 2	0	2
Sort the top header from lowest to highest? Hey all,Just started learning Splunk this week, interesting so far. How can I sort the top header from lowest to high... by MarsBar Engager in Splunk Search 12-30-2021 1 5	1	5
Using stats instead of transaction Hello,Looking for some assistance in reconstructing my query, which is currently using \| transaction with a traceId v... by sonicZ Contributor in Splunk Search 12-30-2021 1 6	1	6
Consolidate data in table using Dedup command Hello, I am using the below query to output which of our Searches/Rules are mapped to which Mitre Technique IDs. \| i... by neerajs_81 Builder in Splunk Search 12-29-2021 0 3	0	3
Search result not in second with rex fields I want to look for requests in a service mesh ingest log which have no corresponding application log entries.My first... by drew_eckhardt Engager in Splunk Search 12-29-2021 1 3	1	3