Splunk Search

Community Activity

Pair events 4778 & 4779 How do I pair events 4778 & 4779 for the same Logon_ID when I have multi 4778 and multi 4779?I would like to pair the... by eranhauser Path Finder in Splunk Search 12-31-2021 0 1	0	1
Please Help Provide details about client purchase details 1. Total purchase split by product ID 2. Total Prod... by sumitp10797 New Member in Splunk Search 12-31-2021 0 2	0	2
JSON parsing problem Hello, My Splunk query an API and gets a JSON answer.Here is a sample for 1 Host (the JSON answer is very long ≈ 400 ... by incognito Explorer in Splunk Search 12-31-2021 0 6	0	6
Can I feed data directly into Excel? HelloI want to feed data directly into Excel but I do not have API access nor I can install custom connectors.Is ther... by SplnkUse Path Finder in Splunk Search 12-31-2021 0 2	0	2
Changing an ID to a name Hi,My search result brings back a GUID in the ID field. The GUID refers to a customer. I would like it to reflect the... by bazcurtis178 Explorer in Splunk Search 12-31-2021 0 9	0	9
Unable to create field using regex Hi Team, Need your help in creating regex to create a field. "User_Claim":("sub":"qweihaytej"; "login_id":"Abc@domai... by sagar_shubham Explorer in Splunk Search 12-30-2021 0 4	0	4
Search since beginning of yesterday HelloIf now, it is 30/12/2021 22:30, how can I search for timestamps from 29/12/2021 00:00:00 (i.e. beginning of 29/1... by SplnkUse Path Finder in Splunk Search 12-30-2021 0 2	0	2
Error from bring up the cluster captain (error=401 - call not properly authenticated) I use this guide to deploy my search head cluster. When I try to bring up the cluster captain (step 5): /opt/splunk... by MelnikovTimofey New Member in Splunk Search 12-30-2021 0 4	0	4
Comparing information based on _time and calculated value I have looked for solutions but I have mostly found results regarding only current and past time comparison which is ... by Brainstorms Explorer in Splunk Search 12-30-2021 0 2	0	2
Sort the top header from lowest to highest? Hey all,Just started learning Splunk this week, interesting so far. How can I sort the top header from lowest to high... by MarsBar Engager in Splunk Search 12-30-2021 1 5	1	5
Using stats instead of transaction Hello,Looking for some assistance in reconstructing my query, which is currently using \| transaction with a traceId v... by sonicZ Contributor in Splunk Search 12-30-2021 1 6	1	6
Consolidate data in table using Dedup command Hello, I am using the below query to output which of our Searches/Rules are mapped to which Mitre Technique IDs. \| i... by neerajs_81 Builder in Splunk Search 12-29-2021 0 3	0	3
Search result not in second with rex fields I want to look for requests in a service mesh ingest log which have no corresponding application log entries.My first... by drew_eckhardt Engager in Splunk Search 12-29-2021 1 3	1	3
Need to filter out latest one year date for the particular field in table Hello Experts, Kindly help to filter out latest one year date for the particular field. For ex: index="abc" sourcet... by Ashwini_5 Explorer in Splunk Search 12-29-2021 0 1	0	1
Open ended question - beginner here Hey all,I've got an interview and I need to show some level of competency at using Splunk, I'm doing a short presenta... by MarsBar Engager in Splunk Search 12-29-2021 0 1	0	1
Hung Job Monitoring via Logs I have a search string that details the last log entry for all running jobs [shown in ascending order] bar a few jobs... by Mick_OBrien Path Finder in Splunk Search 12-29-2021 0 1	0	1
Use Case sAMAccountName changes in domain controller Hi,want to create a search to find anyone who does changes to the sAMAccountName So sAMAccountName could be sAMAccoun... by shanaz Engager in Splunk Search 12-29-2021 0 1	0	1
Host URL I am probably asking the most basic question ever, but I'm new to Splunk and just trying to figure out my host url. E... by brcox9090 New Member in Splunk Search 12-28-2021 0 2	0	2
Click Selection not working. Hi All,I have a code, that uses the output to fetch data from another Panel.First Panel <title>Juniper Mnemonics</tit... by jerinvarghese Communicator in Splunk Search 12-28-2021 0 2	0	2
Floating Button Blocking Search Results in UI Is there a way to remove or relocate the floating "Splunk Product Guidance" button that appears on the lower right of... by johnhuang Motivator in Splunk Search 12-28-2021 0 3	0	3
Issue with updating dashboard with new results Hi there,I've set up a dashboard with various columns, one of them outputs a number field which has a comma(,) in it... by Trex1 Explorer in Splunk Search 12-28-2021 0 2	0	2
expanding variables as part of a query Background:I'm working on a form that associates Qualys vulnerability IDs with CVE IDs. I'm leveraging two lookup tab... by gamedazed New Member in Splunk Search 12-28-2021 0 1	0	1
How would I be able to improve the following joined query? Learning about joins and sub searches. What's the following query executing and would there be a way to make it more ... by brc55 Explorer in Splunk Search 12-28-2021 0 1	0	1
Delta based on multiple inboxes We've gotten a search to work that shows the delta between the number of messages in an inbox for a period of time: <... by manderson7 Contributor in Splunk Search 12-28-2021 0 2	0	2
How to pass a hardcode time range through drilldown link to override default shared time picker of the dashboard? Hi, Splunkers， I have a dashboard with multiple panels, which all use shared time picker from token field2.when I use... by wangkevin1029 Communicator in Splunk Search 12-28-2021 0 5	0	5