Splunk Search

Community Activity

How are values in lookups matched? When a field value is passed to a lookup, what are the limits on how it can match the value in the lookup? Specifical... by gkanapathy Splunk Employee in Splunk Search 09-30-2021 10 5	10	5
custom sort field values Hello dears,How can i sort these field values ?Field = "port"0/1/0/2/0/8/0/7/0/2/0/3/0/5/0/2/0/6/0/3/0/16/0/20/18/0/6... by corehan Explorer in Splunk Search 09-30-2021 0 16	0	16
Software Versions not comparing correctly I am sure I am sure I am missing something easy but, for some reason, when I compare these two values (they are in st... by Abe_T Explorer in Splunk Search 09-30-2021 0 6	0	6
searching for repeated events from the same user Hi All,I am looking to create an alert based on the following base search. index=wineventlog w19tax.exe app_name=W19T... by tkerr1357 Path Finder in Splunk Search 09-30-2021 0 2	0	2
how to to calculate average size of a syslog message for a particular source Hello dear All, 1* How to calculate average size of a syslog message for a particular source in GB using Splunk query... by pacifikn Communicator in Splunk Search 09-30-2021 0 2	0	2
How to check CIDR overlaps I have lookup with CIDR advanced field which contains: id cidr_field 1 1.1.1.1/24 2 8.8.8.8/24 If I se... by yko84109 Loves-to-Learn in Splunk Search 09-30-2021 0 3	0	3
Require Splunk query to assign field value to another field as value we have two device AUSTDPVPN1 and AUSTDPVPN2 and current user logged in count on device as 0 and 2867.I want whenever... by Abhineet Loves-to-Learn Everything in Splunk Search 09-30-2021 0 9	0	9
Need Help Creating a Nested Stats Table and Grouping by Multiple Values Hey guys, I need some quick help creating a nested stats table and grouping by multiple values within that table. My ... by TheColorBlack Path Finder in Splunk Search 09-30-2021 0 1	0	1
foreach and server limits I was wondering... how are foreach-generated searches treated regarding the searches limits?I mean - normally you hav... by PickleRick SplunkTrust in Splunk Search 09-30-2021 0 2	0	2
Help with search of evaluated field Hello,I need a help with a search that seems very easy, but I'm unable to achieve the results I want.The events are r... by rodrigomarfei Explorer in Splunk Search 09-30-2021 0 3	0	3
Exclude specific String from search I am new to Splunk and would appreciate if anyone helps me on this. I would like to set up a Splunk alert for SocketT... by dababi1234 New Member in Splunk Search 09-30-2021 0 5	0	5
Pass field from joined search into primary search table Hello I would like to pass a value from a joined search (e.g. in this case the "Side") to the final table.I tried dif... by gabrieleguidoni Loves-to-Learn in Splunk Search 09-30-2021 0 1	0	1
Correlation from Data Model Hi Guys,I have a question about the data model. Eventually, I want to create complex correlation rules by finding m... by korhanacar Engager in Splunk Search 09-30-2021 0 0	0	0
Json field extract I have a json like this: { "A": [ { "B": [ { "status": "2", "value": "1" ... by priyangshupal Engager in Splunk Search 09-30-2021 0 1	0	1
Lateral Movement Windows Logs Hello there,I have spent a good time researching lateral movement in Splunk, unfortunately I have not found much.I ha... by splunkcol Builder in Splunk Search 09-29-2021 0 2	0	2
Eval Command (IF) Hi Team When i tried running the below eval command, i am getting some error message often.I wrote this below command... by jaibalaraman Path Finder in Splunk Search 09-29-2021 0 8	0	8
When alert triggers, add detail to inline table So I have a search that triggers based upon how much memory is being used on any of my linux machines. index=nix so... by tmarlette Motivator in Splunk Search 09-29-2021 0 0	0	0
Need a regex improvement \| rex field=_raw "(?<dscvIP>[^\.]\d+\.\d+\.\d+\.\d+[\s\|\:])"Using the above rex command to try to capture IP addresse... by tinylund Explorer in Splunk Search 09-29-2021 0 5	0	5
Problem replicating config (bundle) to search peer I constantly see the below error on my search head. What causes this and how do I go about fixing it. I have removed... by willprince Engager in Splunk Search 09-29-2021 10 9	10	9
Cannot determine a latest common bundle, search may be blocked Hi guys. Why Splunk have many errors in log file and what can I do in this situation? 05-17-2019 18:58:08.036 +0300... by GenRockeR Explorer in Splunk Search 09-29-2021 0 8	0	8
SHC update apps I run a search head cluster with Splunk Enterprise. Typically I update apps via the back end CLI, but am wondering if... by TheBravoSierra Path Finder in Splunk Search 09-29-2021 0 4	0	4
How do I get specific, but separate count of letters and numbers in a result? I am trying to figure out how to pull fields to show the exact count of numbers and letters in a result. Like, if I h... by Shaurdonnay Engager in Splunk Search 09-29-2021 0 2	0	2
Color in a Table based on a row of numbers Hi, I have a Table created by: eval Actor=actor \|eval "Total Time (max/avg/p50/p99)"=maxT + ", " + avgT + ", " + p50T... by mfudali Explorer in Splunk Search 09-29-2021 0 1	0	1
PROPS Configuration issues with unstructured Events stored in text file Hello,I have some issues in writing PROPS configuration file for the sample data/events given below. I have given 4 e... by SplunkDash Motivator in Splunk Search 09-29-2021 0 2	0	2
recalculate format of mac address dependent on input Dear communityI am struggling with how to allow different format in a search input, but still finding the correspondi... by Ida_2017 Explorer in Splunk Search 09-29-2021 0 5	0	5