Splunk Search

Community Activity

Cannot break AWS Cloudtrail events Hi, The cloudtrail logs in splunk come in without proper event break; I only got it to recognize the first event's ti... by colny Engager in Splunk Search 11-18-2021 0 4	0	4
mvcount by value Hi,I would like to count the values of a multivalue field by value. For example: \| makeresults \| eval values_type=sp... by rafadvega Path Finder in Splunk Search 11-18-2021 0 1	0	1
Using - append=t prestats=t and getting the "BY" to work correclty @Kenshiro70 I have just read your most brilliant answer hearhttps://community.splunk.com/t5/Splunk-Search/What-exact... by robertlynch2020 Influencer in Splunk Search 11-18-2021 0 0	0	0
rex and extracted fields I have a search string that gives me count of txns processed by a job.......\| rex field=_raw "Total txns:(?<TxnsCount... by Mick_OBrien Path Finder in Splunk Search 11-18-2021 0 11	0	11
REQUEST FOR ACCOUNT LOCOUT AND LOGON FAILURE SEARCH QUERY Can someone please help me with the below Query 1. Account lockouts(4740) and then go back in time one hour to find l... by sowmiyansk New Member in Splunk Search 11-18-2021 0 4	0	4
Splunk search query Hi All,I need splunk query to identify orders which are ordered but not submitted even after 72 hoursAny one help me ... by mm12 Explorer in Splunk Search 11-18-2021 0 8	0	8
How to create an alert for lockouts in Windows event logs with details of failed activity in the last hour by src_ip? Hi How to create an alert for lockouts in Windows Event Logs with the details of failed activity in last hour by src... by kranthi851 New Member in Splunk Search 11-18-2021 0 8	0	8
Check connection from same source to multiple destination Hi guys,I have a doubt regarding the mapping of connection from the same source IP to different destination IP.In my ... by SIEMStudent Path Finder in Splunk Search 11-18-2021 0 2	0	2
Splunk search with multiple macros Hi all,I have a question about macros: suppose I must use, inside a search, multiple macros. Those macros can be rela... by SIEMStudent Path Finder in Splunk Search 11-18-2021 0 6	0	6
are we able to pick up everything between an open [{ and a close }] there is raw data : [{}] parameters="[{"Name":"request","Type":"WithdrawalRequestedRequest","Value":{"BrandName":"Bu... by Kisame27 Explorer in Splunk Search 11-18-2021 0 3	0	3
Adding action button to statistics table in dashboard Hello Splunkers, I'm working on Splunk dashboard and I got one problem. but I don't know it is problem or advice xD. ... by saruul New Member in Splunk Search 11-18-2021 0 0	0	0
Trying to extract field in log file, can you please help with regex and field extraction. Caused by: java.sql.SQLException: Io exception: Socket closedi want to extract "java.sql.SQLException" Can you please... by PavanSeerapu Explorer in Splunk Search 11-18-2021 0 3	0	3
Search query I want to be able to perform a search across a list of internal IPs making http/https GET and POST requests to extern... by x3ncrypt Loves-to-Learn Everything in Splunk Search 11-17-2021 0 1	0	1
How to use the result of top command to a stats command? Hi.I have a search as belowindex=myindex sourcetype=mytype field1=* field2=* \|stats count(eval(condition1)) as count1... by innoce Path Finder in Splunk Search 11-17-2021 0 3	0	3
How to generate dummy splunk events/results to test Automatic Field Extraction Hi, I am modifying my logging in my application (Java spring boot) to include: key/value pair list and a JSON string ... by anonymous_hippo Explorer in Splunk Search 11-17-2021 0 0	0	0
dispatch.evaluate.dbxquery spent a lot of time I was using splunk db connect app 3.6.0, at the beginning when I installed it , it running ok dbxquery is also very f... by k_security New Member in Splunk Search 11-17-2021 0 0	0	0
splunk alert for latency in server response Hi ,I am using splunk in monitoring of http status code responses from a server and I want to be alerted when the req... by zizo893 New Member in Splunk Search 11-17-2021 0 1	0	1
Why does Splunk Web sometimes not show the event data for a search unless I restart? Splunk Web doesn't show the events at times. If I restart and log in, it will show the events, but after some time, e... by boopaljothi Explorer in Splunk Search 11-17-2021 1 24	1	24
Color a word in a field/Splunk Result I have a Splunk query: index=my_index cf_app_name=$app_name$ msg!="Hikari" $log_type$ \| sort -_time \| table msg It ... by kirti_gupta12 Path Finder in Splunk Search 11-17-2021 0 1	0	1
How to use NOT match condition in Case statement for Multi valued field \|eval SNOW_Description=case(EMGC_ADMINSERVER_Status!="k1","Java Process EMGC_ADMINSERVER data not available in splunk... by manjunath_0208 Loves-to-Learn Everything in Splunk Search 11-17-2021 0 3	0	3
Convert confusion matrix to tabular form Hi,I am trying to convert the result of applying the CorrelationMatrix algorithm which is given in a confusion matrix... by dalmaua Explorer in Splunk Search 11-17-2021 0 2	0	2
SEDCMD to remove spaces in csv header fields what's the best way to set a sedcmd in props to remove spaces and add a " _ " in just the a cvs header line? for exam... by sbattista Explorer in Splunk Search 11-17-2021 0 2	0	2
Issue with Time Conversion in JSON String Hey ,I'm trying to get the time difference between when an event was received and a string representation of the tim... by leftrightleft Explorer in Splunk Search 11-17-2021 0 2	0	2
Convert single row with list of ids to a table and join it with another table I have this query: my search \| rex field=line ".*customerId\":(?<customer_id>[0-9]+)" \| dedup customer_id \| table ... by elad Engager in Splunk Search 11-17-2021 0 8	0	8
Table and Percentage Calculation from Multiple Searches Here is my query - I'm doing two searches that are independent of each other. In both searches, I'm restricting the t... by splunkbn00bie Engager in Splunk Search 11-17-2021 0 2	0	2