Splunk Search

Community Activity

splunk search returns multiple events along with matched event Hi,I am making a search similar to this index=abc sourcetype=xyz "searchkeyword"Search result should contain only eve... by mbhima_nike New Member in Splunk Search 10-12-2021 0 3	0	3
How to add extracted fields name as first column value Hello Splunk Gurus,I am trying to generate tabular data for the API requests.Following is the query to extract below ... by techytanzy Explorer in Splunk Search 10-12-2021 0 3	0	3
Percent Change by Host and Error Type We're ingesting Tomcat logs, and looking for items tagged [SEVERE]. I'd like to be able to pull a report of error rat... by Michael_Condon Engager in Splunk Search 10-12-2021 0 2	0	2
Expand XML created variable to search Hi Splunkers, Hopefully I am posting on the correct place, apologies if not!I have the following code/SPL from inside... by vagnet Explorer in Splunk Search 10-12-2021 0 3	0	3
Compare the stats output value State Date Desc Countbc 11102021 vm 234569bc 12102021 vm 456328bc 11102021 vm 234569bc 12102021 vm 4532178cd 11102021... by prettysunshinez Explorer in Splunk Search 10-12-2021 0 1	0	1
Getting the occurrence count when there is no event for the same This is the dummy dataset which has been created to address the issue I am facing.I want to count the number of occur... by av_ Path Finder in Splunk Search 10-11-2021 0 18	0	18
Geostats by phone number HiI have field in my log that call “MobileNumber” that need to show count of MobileNumber by location on map.e.g: 001... by indeed_2000 Motivator in Splunk Search 10-11-2021 0 6	0	6
rex extracr mq errors Hiwhat is the rex for mq error code here is the log:2021-10-08 06:52:12,785 ERROR TOPIC-00000 [Utility] MQJCA1011: Fa... by indeed_2000 Motivator in Splunk Search 10-11-2021 0 1	0	1
rex for error number hiwhat is the rex for error number and error message of this log: (separately)23:43:51.411 app module: 100: Not Fou... by indeed_2000 Motivator in Splunk Search 10-11-2021 0 1	0	1
Query to see which application has followed which integration method to on board the data like HEC,TCP,DB connect Query to see which application has followed which integration method to on board the data on Splunk cloud like HEC,TC... by shreyarathod New Member in Splunk Search 10-11-2021 0 0	0	0
Splunk Simple Math Expression using Eval I need a way to evaluate a simple math expression.The following query works, and expr evaluates to result with a valu... by plunkzombie Engager in Splunk Search 10-11-2021 0 4	0	4
percentile 99th count Hi,I'm trying to build a search to find the count, min,max and Avg within the 99th percentile, all work apart from th... by joe06031990 Communicator in Splunk Search 10-11-2021 0 4	0	4
adding lookup in query ending with incorrect result i am getting two diffrent results in total. query1 is providing acurate result. query2 as soom as adding \|lookup loca... by abdul Explorer in Splunk Search 10-10-2021 0 2	0	2
Write Cron Expression to Schedule Python Scripts Hello,I have 4 python scripts to parse data that we receive in Linux machine once a day where HF has installed. Curr... by SplunkDash Motivator in Splunk Search 10-10-2021 0 3	0	3
combine two search in a one table HiI have log file like this, need to extract "id" from lines that A=20 and match these lines to lines where that B=10... by indeed_2000 Motivator in Splunk Search 10-10-2021 0 15	0	15
New to Splunk Searching, anyone able to help? I need to create a table that includes the filename, the domain name of which file came from, the source IP, the dest... by kjordans Engager in Splunk Search 10-09-2021 1 1	1	1
I am looking for simple SPL to detect activity from users without MFA in AWS Hello I am looking a simple SPL to to detect activity from users without MFA in AWS.I have the search below which su... by danifor10 New Member in Splunk Search 10-09-2021 0 0	0	0
How to delete fields name I want to delete this field (VID) from one of my search query, this is not available under Field extractions.and wha... by shashi584 Explorer in Splunk Search 10-09-2021 0 3	0	3
create search input as a part of a result Hallo.can anyone please help me.i want search sourcetype for this IP10.2.123.123 OR 22.222.222.22 OR 33.333.333.33 \| ... by Morrel New Member in Splunk Search 10-09-2021 0 2	0	2
How to view AWS Simple Queue Serivce (SQS) logs in splunk Hi, I have recently integrated and migrated AWS Simple Queue Serivce (SQS) logs to splunk. I am trying to search ... by kumarnis45 Path Finder in Splunk Search 10-09-2021 0 0	0	0
How would I stop and restart my UF and HF Hello,I have Universal Forward and Heavy Forward in Linux machine, how would I stop and restart them. Any help will ... by SplunkDash Motivator in Splunk Search 10-09-2021 0 3	0	3
command="sendemail", (535, '5.7.3 Authentication unsuccessful') while sending mail to hi i want to use sendmail spl command but it give me below errorcommand="sendemail", (535, '5.7.3 Authentication unsu... by indeed_2000 Motivator in Splunk Search 10-08-2021 0 4	0	4
What level permission is needed to install a dashboard in Security Essentials? ES Admin? or Ent Admin ? Thank u We have Splunk Ent. + ES. I have a dashboard that I 'd like to install in Security Essentials. What level permission ... by SamHTexas Builder in Splunk Search 10-08-2021 0 0	0	0
Lookup tables and multiple fields values I need help to use the values from a lookup table into multiple fields, where the output from the lookup table is a l... by jaydiare Explorer in Splunk Search 10-08-2021 0 2	0	2
Spliting a string of file names I have a list of files name under one field called "attachment" and I would like to split this string into multiple ... by data_explorer88 Explorer in Splunk Search 10-08-2021 0 2	0	2