Splunk Search

Discussions

Thread Info

command="sendemail", (535, '5.7.3 Authentication unsuccessful') while sending mail to

hi i want to use sendmail spl command but it give me below error command="sendemail", (535, '5.7.3 Authentication u...

by Motivator in

What level permission is needed to install a dashboard in Security Essentials? ES Admin? or Ent Admin ? Thank u

We have Splunk Ent. + ES. I have a dashboard that I 'd like to install in Security Essentials. What level permission ...

by Builder in

Lookup tables and multiple fields values

I need help to use the values from a lookup table into multiple fields, where the output from the lookup table is a l...

by Explorer in

Spliting a string of file names

I have a list of files name under one field called "attachment" and I would like to split this string into multiple ...

by Explorer in

Add field from the returns of another query

I am trying to produce the following output : app_namerequest_idtimeworkload at the time(requests per second)App112...

by Path Finder in

Check a field

Hello, I have a field with this values/v1/accounts/96ea01b5-7ea7-4dc6-b534-39ae8b114bba/transactions/v1/accounts/ff...

by Explorer in

Showing mean() and avg() side by side

Hi all, strange thing - when using mean() and avg() in the same stats command, whichever is written first is empty,...

by Explorer in

Average a series of future times against current time

Hi,I am new to Splunk and working with parking records. I am calculating the current wait_time based off upcoming par...

by Observer in

how to remove the double quotes using regex

Hi, my regex was like below , search| rex field=_raw "Status=(?<Status>\"\w+\s+\w+\".*?)," |stats count by Status...

by Path Finder in

Searching for times being reached within the hour

Hi, I am new to Splunk and working with parking records. Within my events, I have a permit_expiry field, which is a d...

by Observer in

Check if a date is within interval of another record

Hi! I have the following data and would like to check, for those records with the same ID, if one record has CREATE...

by Path Finder in

Displaying data that is missing from a lookup table

Hi, I am new to Splunk and working with parking records. I am trying to display parking spaces that are currently not...

by Observer in

Need help in extracting different format of fields

Hello all, I am extracting a field which is coming in multiple formats, however I found that once of the format is ...

by Path Finder in

Looking for a faster search query: Count different platforms from somewhat same events

Dear Splunk Community, I have the following search: index=websphere 200 OK POST And I have diff...

by Communicator in

Time difference between events and NULL when second event does not appear in logs

I'm trying to figure out how to get the time difference between two events that use the same UUID. However, the secon...

by Explorer in

Group many similar fields from datamodel

Hello All, I have a large dataset "audit.cost_records" wherein I am trying to locate a correlation based on a large...

by Loves-to-Learn in

find users who hasnt logged in the past 30 days

Hello! I have a lookup table with fields 'name' and 'last_login'. I'm trying to find users who haven't logged in the ...

by Loves-to-Learn in

Looping in Splunk...

Trying to figure out how to loop in Splunk. I have the below query and my end result is to map/chart into a timechar...

by Contributor in

Rex formatting trouble

Hello again Spelunkers! So I have data that looks like this: assessment=normal [1.0]assessment=normal [1.1]assessme...

by Path Finder in

How to extract a particular string from the event logs

Hi Guys, I have a scenario where i need to extract the file name from the event logs. The Event log first...

by Path Finder in

search in foreach subquery

I have items visit log index with fields: category, item each event is a visit In addition, I have an index with al...

by Observer in

Use event date to with an uploaded CSV

events are loaded with different currency from different countries and we are trying to have a view converting the cu...

by Engager in

Add a count from a different time period

Hello, I'm trying to add the appearance of a certain value in my base search count. the value is "detatched". i...

by Communicator in

Pie Chart with count+ DrillDown with click.value and replace

https://answers.splunk.com/answers/562629/how-to-configure-pie-chart-to-display-count-within.html same as above pos...

by Explorer in

Extract sub string from address

I have the following address, and I want to extract the substring. Address: 121, riverstreet, sydney, Australia. ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

command="sendemail", (535, '5.7.3 Authentication unsuccessful') while sending mail to

What level permission is needed to install a dashboard in Security Essentials? ES Admin? or Ent Admin ? Thank u

Lookup tables and multiple fields values

Spliting a string of file names

Add field from the returns of another query

Check a field

Showing mean() and avg() side by side

Average a series of future times against current time

how to remove the double quotes using regex

Searching for times being reached within the hour

Check if a date is within interval of another record

Displaying data that is missing from a lookup table

Need help in extracting different format of fields

Looking for a faster search query: Count different platforms from somewhat same events

Time difference between events and NULL when second event does not appear in logs

Group many similar fields from datamodel

find users who hasnt logged in the past 30 days

Looping in Splunk...

Rex formatting trouble

How to extract a particular string from the event logs

search in foreach subquery

Use event date to with an uploaded CSV

Add a count from a different time period

Pie Chart with count+ DrillDown with click.value and replace

Extract sub string from address

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown