Splunk Search

Community Activity

combine two search in a one table HiI have log file like this, need to extract "id" from lines that A=20 and match these lines to lines where that B=10... by indeed_2000 Motivator in Splunk Search 10-10-2021 0 15	0	15
New to Splunk Searching, anyone able to help? I need to create a table that includes the filename, the domain name of which file came from, the source IP, the dest... by kjordans Engager in Splunk Search 10-09-2021 1 1	1	1
I am looking for simple SPL to detect activity from users without MFA in AWS Hello I am looking a simple SPL to to detect activity from users without MFA in AWS.I have the search below which su... by danifor10 New Member in Splunk Search 10-09-2021 0 0	0	0
How to delete fields name I want to delete this field (VID) from one of my search query, this is not available under Field extractions.and wha... by shashi584 Explorer in Splunk Search 10-09-2021 0 3	0	3
create search input as a part of a result Hallo.can anyone please help me.i want search sourcetype for this IP10.2.123.123 OR 22.222.222.22 OR 33.333.333.33 \| ... by Morrel New Member in Splunk Search 10-09-2021 0 2	0	2
How to view AWS Simple Queue Serivce (SQS) logs in splunk Hi, I have recently integrated and migrated AWS Simple Queue Serivce (SQS) logs to splunk. I am trying to search ... by kumarnis45 Path Finder in Splunk Search 10-09-2021 0 0	0	0
How would I stop and restart my UF and HF Hello,I have Universal Forward and Heavy Forward in Linux machine, how would I stop and restart them. Any help will ... by SplunkDash Motivator in Splunk Search 10-09-2021 0 3	0	3
command="sendemail", (535, '5.7.3 Authentication unsuccessful') while sending mail to hi i want to use sendmail spl command but it give me below errorcommand="sendemail", (535, '5.7.3 Authentication unsu... by indeed_2000 Motivator in Splunk Search 10-08-2021 0 4	0	4
What level permission is needed to install a dashboard in Security Essentials? ES Admin? or Ent Admin ? Thank u We have Splunk Ent. + ES. I have a dashboard that I 'd like to install in Security Essentials. What level permission ... by SamHTexas Builder in Splunk Search 10-08-2021 0 0	0	0
Lookup tables and multiple fields values I need help to use the values from a lookup table into multiple fields, where the output from the lookup table is a l... by jaydiare Explorer in Splunk Search 10-08-2021 0 2	0	2
Spliting a string of file names I have a list of files name under one field called "attachment" and I would like to split this string into multiple ... by data_explorer88 Explorer in Splunk Search 10-08-2021 0 2	0	2
Add field from the returns of another query I am trying to produce the following output :app_namerequest_idtimeworkload at the time(requests per second)App112310... by yk010123 Path Finder in Splunk Search 10-08-2021 0 4	0	4
Check a field Hello,I have a field with this values/v1/accounts/96ea01b5-7ea7-4dc6-b534-39ae8b114bba/transactions/v1/accounts/ff572... by graziaedu Explorer in Splunk Search 10-08-2021 0 4	0	4
Showing mean() and avg() side by side Hi all,strange thing - when using mean() and avg() in the same stats command, whichever is written first is empty, wh... by Gunnar Explorer in Splunk Search 10-08-2021 0 6	0	6
Average a series of future times against current time Hi,I am new to Splunk and working with parking records. I am calculating the current wait_time based off upcoming par... by mlg Observer in Splunk Search 10-08-2021 0 1	0	1
how to remove the double quotes using regex Hi,my regex was like below ,search\| rex field=_raw "Status=(?<Status>\"\w+\s+\w+\".*?)," \|stats count by StatusMy out... by dtccsundar Path Finder in Splunk Search 10-08-2021 0 2	0	2
Searching for times being reached within the hour Hi, I am new to Splunk and working with parking records. Within my events, I have a permit_expiry field, which is a d... by mlg Observer in Splunk Search 10-08-2021 0 1	0	1
Check if a date is within interval of another record Hi!I have the following data and would like to check, for those records with the same ID, if one record has CREATED_D... by yvassilyeva Path Finder in Splunk Search 10-08-2021 0 1	0	1
Displaying data that is missing from a lookup table Hi, I am new to Splunk and working with parking records. I am trying to display parking spaces that are currently not... by mlg Observer in Splunk Search 10-08-2021 0 1	0	1
Need help in extracting different format of fields Hello all,I am extracting a field which is coming in multiple formats, however I found that once of the format is not... by srinivas_gowda Path Finder in Splunk Search 10-08-2021 0 1	0	1
Looking for a faster search query: Count different platforms from somewhat same events Dear Splunk Community,I have the following search: index=websphere 200 OK POST And I have different platforms that I... by Bleepie Communicator in Splunk Search 10-08-2021 0 2	0	2
Time difference between events and NULL when second event does not appear in logs I'm trying to figure out how to get the time difference between two events that use the same UUID. However, the secon... by bburns2122 Explorer in Splunk Search 10-07-2021 0 1	0	1
Group many similar fields from datamodel Hello All,I have a large dataset "audit.cost_records" wherein I am trying to locate a correlation based on a large nu... by Justin49 Loves-to-Learn in Splunk Search 10-07-2021 0 3	0	3
find users who hasnt logged in the past 30 days Hello! I have a lookup table with fields 'name' and 'last_login'. I'm trying to find users who haven't logged in the ... by iiix94 Loves-to-Learn in Splunk Search 10-07-2021 0 4	0	4
Looping in Splunk... Trying to figure out how to loop in Splunk. I have the below query and my end result is to map/chart into a timechar... by sjringo Contributor in Splunk Search 10-07-2021 0 10	0	10