Splunk Search

Community Activity

	How to extract one value from log in a query I am trying to extract the name of log output but struggling with how to. I have this query<query>index=dap ("user lo... by mbojorq3 New Member in Splunk Search 11-19-2021 0 1	0	1
	how to merge two sourcetype for coverage dashboard ( one gets count increase and other will have decrease in count ) I am using below query,index=A sourcetype IN (Compare,Fire)\| fillnull value="" \| search Name="SWZWZQ0001" OR Name="... by dtccsundar Path Finder in Splunk Search 11-19-2021 0 2	0	2
	Mismatch ']' in the search of Python Splunk SDK package My python is 3.8.5 and splunk-sdk is 1.6.16. My Splunk developer gives me a URL and I get its search string to retri... by bergen288 Engager in Splunk Search 11-19-2021 0 7	0	7
	Match Common Values from Multiline Fields from Different Indexes Hello, thank you for taking the time to read and consider my question. I'm trying to integrate a .json file which con... by cfloquet Path Finder in Splunk Search 11-19-2021 0 11	0	11
	Extract New Fields Hi there, I'm trying so hard to do a new field in Splunk, but i don't know where i do "wrongs".I would like to extrac... by bogdan_nicolesc Communicator in Splunk Search 11-19-2021 0 5	0	5
	Anomaly detection in Splunk Hi all,I am new to Splunk and have been trying to work on a use case to detect anomalous switches from one type of ac... by axm1295 New Member in Splunk Search 11-19-2021 0 2	0	2
	How to use fillnull in one sourcetype while using IN Hi ,Like below ,Sourcetype =FireName OS Compare_VersionCompare_Agent InstalledsysidABC11 wind... by dtccsundar Path Finder in Splunk Search 11-19-2021 0 4	0	4
	How to find a Name in one sourcetype and not in other sourcetype after outer join i am not able differentiate which sourcetype the Name belongs too after outer join.This is needed becoz when the Name... by dtccsundar Path Finder in Splunk Search 11-19-2021 0 6	0	6
	How to display field values as a percentage? Hi - I have been not having much luck creating what I need.I am looking for the best way to display the percentages o... by Glasses Builder in Splunk Search 11-18-2021 0 1	0	1
	Is it possible to write a query to find same URLs visited by multiple clients in a proxy log? Hi,I am working with my proxy logs and trying to find a way to get same URLs visited by multiple clients. To add clar... by sureshtskumar Explorer in Splunk Search 11-18-2021 0 4	0	4
	Searching for the last 100 events, irrespective of time I am trying to search through transactions and check their response codes so that we can determine a percentage of fa... by JeremyJ123 New Member in Splunk Search 11-18-2021 0 1	0	1
	Identifying stale computers on network I am looking to identify specific assets that have not been logged into in over a set time. I am fairly new to all of... by Durwood Engager in Splunk Search 11-18-2021 0 6	0	6
	Need help with Regex Hello all, kindly help with Regex..I am seeing the below messages in splunkd logs. Though values are actually being e... by bhargavi Path Finder in Splunk Search 11-18-2021 0 5	0	5
	Cannot break AWS Cloudtrail events Hi, The cloudtrail logs in splunk come in without proper event break; I only got it to recognize the first event's ti... by colny Engager in Splunk Search 11-18-2021 0 4	0	4
	mvcount by value Hi,I would like to count the values of a multivalue field by value. For example: \| makeresults \| eval values_type=sp... by rafadvega Path Finder in Splunk Search 11-18-2021 0 1	0	1
	Using - append=t prestats=t and getting the "BY" to work correclty @Kenshiro70 I have just read your most brilliant answer hearhttps://community.splunk.com/t5/Splunk-Search/What-exact... by robertlynch2020 Influencer in Splunk Search 11-18-2021 0 0	0	0
	rex and extracted fields I have a search string that gives me count of txns processed by a job.......\| rex field=_raw "Total txns:(?<TxnsCount... by Mick_OBrien Path Finder in Splunk Search 11-18-2021 0 11	0	11
	REQUEST FOR ACCOUNT LOCOUT AND LOGON FAILURE SEARCH QUERY Can someone please help me with the below Query 1. Account lockouts(4740) and then go back in time one hour to find l... by sowmiyansk New Member in Splunk Search 11-18-2021 0 4	0	4
	Splunk search query Hi All,I need splunk query to identify orders which are ordered but not submitted even after 72 hoursAny one help me ... by mm12 Explorer in Splunk Search 11-18-2021 0 8	0	8
	How to create an alert for lockouts in Windows event logs with details of failed activity in the last hour by src_ip? Hi How to create an alert for lockouts in Windows Event Logs with the details of failed activity in last hour by src... by kranthi851 New Member in Splunk Search 11-18-2021 0 8	0	8
	Check connection from same source to multiple destination Hi guys,I have a doubt regarding the mapping of connection from the same source IP to different destination IP.In my ... by SIEMStudent Path Finder in Splunk Search 11-18-2021 0 2	0	2
	Splunk search with multiple macros Hi all,I have a question about macros: suppose I must use, inside a search, multiple macros. Those macros can be rela... by SIEMStudent Path Finder in Splunk Search 11-18-2021 0 6	0	6
	are we able to pick up everything between an open [{ and a close }] there is raw data : [{}] parameters="[{"Name":"request","Type":"WithdrawalRequestedRequest","Value":{"BrandName":"Bu... by Kisame27 Explorer in Splunk Search 11-18-2021 0 3	0	3
	Adding action button to statistics table in dashboard Hello Splunkers, I'm working on Splunk dashboard and I got one problem. but I don't know it is problem or advice xD. ... by saruul New Member in Splunk Search 11-18-2021 0 0	0	0
	Trying to extract field in log file, can you please help with regex and field extraction. Caused by: java.sql.SQLException: Io exception: Socket closedi want to extract "java.sql.SQLException" Can you please... by PavanSeerapu Explorer in Splunk Search 11-18-2021 0 3	0	3