Splunk Search

Community Activity

splunk search query suppose if i have user1,user2,user3 i need to find out last log message of each user h by kajalchopade071 Path Finder in Splunk Search 12-15-2021 0 2	0	2
I want to extract the same result from stats. I want to see the result values of Src_ip and dst_ip are the same and "ok" and the number of these result values. Wha... by noott211 Path Finder in Splunk Search 12-15-2021 0 1	0	1
Split a MV field into different, multiple fields Hi,I have a very specific problem. I have a field with following values at different timestamps. Example:1,3,2002,3,4... by mato666666 Explorer in Splunk Search 12-15-2021 0 5	0	5
Using where to compare for one value in a multivalue field Is it valid to use a where clause to compare a string value to a multivalue field in order to know if that value is o... by lmonahan Path Finder in Splunk Search 12-14-2021 0 1	0	1
parsing a JSON list Hi, I have a field called "catgories" whose value is in the format of a JSON array. The array is a list of one or mor... by rberman Path Finder in Splunk Search 12-14-2021 0 4	0	4
Best way to find destination IPs that become source IPs? Hi, I'm attempting to build a query to find destination IP addresses that became source IPs for traffic in a 5min win... by jbreeves New Member in Splunk Search 12-14-2021 0 3	0	3
Splunk query on lookups Hi Actually i made lookup with the list of ip address in .csv file. I want to write a query if there is traffic from... by umeshcreddy Engager in Splunk Search 12-14-2021 0 1	0	1
Splunk search to find out CVE-2021-44228(Apache Log4j Remote Code Execution） Hi Team I am trying to find out recent CVE-2021-44228( log4j)I tried " index=aws log4j", nut not sure how to find o... by jaibalaraman Path Finder in Splunk Search 12-14-2021 0 5	0	5
Access API as a user HelloI am a Splunk user, not admin, and I seem to be able to do a search like:\| rest splunk_server=local servicesNS/-... by SplnkUse Path Finder in Splunk Search 12-14-2021 0 0	0	0
time command need help on using command strptime/strftime EX: input: December 7, 2021 1:00:01 PM output: 12/1/2021 13:00... by shreyasamin64 Explorer in Splunk Search 12-14-2021 0 2	0	2
rex command need help on removing only endpoint from the data set input : ... by shreyasamin64 Explorer in Splunk Search 12-14-2021 0 1	0	1
problem with span command in splunk 7.2 Hello every bodyI have been struggling with a serious problem recently my splunk version is 7.2 when I use span Comm... by 09128028400 Engager in Splunk Search 12-14-2021 0 6	0	6
Basic search help Hello all,I need a hand with a basic Splunk search. I appreciate this is Splunk 101 basics, but with other commitment... by amagson Loves-to-Learn in Splunk Search 12-14-2021 0 2	0	2
Filter result with another search Hi Folks, I have been trying to pull some data associated with latest Run ID (associated with execution), I am having... by rxalex Engager in Splunk Search 12-14-2021 0 2	0	2
Multiple queries question Hey all,Firstly - the title doesnt actually encapsulate what Im trying to do, Ill try break it down simply:I have AWS... by poiromaniax Explorer in Splunk Search 12-13-2021 0 2	0	2
Query to display if 500 error http status count is more then 30 percentage of total api calls by Sarvoday New Member in Splunk Search 12-13-2021 0 1	0	1
How to use substr in an eval with if I try to use the query eval ID = if(ORG="MC",ID=substr(ID,-6),0) Basically, I want in my result, if ORG="MC", I want ... by phamxuantung Communicator in Splunk Search 12-13-2021 0 1	0	1
Need help in formulate query for our use case Team,I'm newbie in writing Splunk queries. Could you please provide me guidance how to design a SPL for below use cas... by kapoorsumit2020 Loves-to-Learn Everything in Splunk Search 12-13-2021 0 7	0	7
Splunk map search by chunks or any other way to make it faster Hello!Could somebody please suggest if it is possible to do a map search search more effectively?What I am trying to ... by AndreiIssakov Explorer in Splunk Search 12-13-2021 0 6	0	6
Why can't I delete lookup table files? Hello, As an admin, I tried to delete a lookup table file. I had copied all the apps back to the search head cluster... by tkw03 Communicator in Splunk Search 12-13-2021 2 3	2	3
How can I use sha1 in my Splunk search We save hash values from our ids and I want to search for them. I would expected I can do it this way:index=blub id=s... by pk87 Engager in Splunk Search 12-13-2021 0 9	0	9
How can we add a single column from 2nd table to 1st table using search query in Splunk Hi,I have two tables and in first table it contains 13 columns and from second table only one column i need to add to... by Narendra045 Explorer in Splunk Search 12-13-2021 0 3	0	3
How to Optimize Splunk Search to avoid "auto-finalized after disk usage limit of 100MB" When running the following search for a 24hr period it is always being auto-finalized due to disk usage limit of 100M... by nateNpgh Loves-to-Learn Lots in Splunk Search 12-13-2021 0 13	0	13
showing table despite no results TYPEMonthKPI_1KPI_2GLOBALOct'217624LOCALOct'214667 I'm searching the table like \| search TYPE="GLOBAL" \| search Mont... by lostcauz3 Path Finder in Splunk Search 12-12-2021 0 2	0	2
How to Combine two Rex fields and get results in a Table Hi there,I have 2 separate queries that I built using Rex.1. This query captures the logg on and logg off status of t... by GRC Path Finder in Splunk Search 12-11-2021 0 2	0	2