Splunk Search

Community Activity

Lateral Movement Windows Logs Hello there,I have spent a good time researching lateral movement in Splunk, unfortunately I have not found much.I ha... by splunkcol Builder in Splunk Search 09-29-2021 0 2	0	2
Eval Command (IF) Hi Team When i tried running the below eval command, i am getting some error message often.I wrote this below command... by jaibalaraman Path Finder in Splunk Search 09-29-2021 0 8	0	8
When alert triggers, add detail to inline table So I have a search that triggers based upon how much memory is being used on any of my linux machines. index=nix so... by tmarlette Motivator in Splunk Search 09-29-2021 0 0	0	0
Need a regex improvement \| rex field=_raw "(?<dscvIP>[^\.]\d+\.\d+\.\d+\.\d+[\s\|\:])"Using the above rex command to try to capture IP addresse... by tinylund Explorer in Splunk Search 09-29-2021 0 5	0	5
Problem replicating config (bundle) to search peer I constantly see the below error on my search head. What causes this and how do I go about fixing it. I have removed... by willprince Engager in Splunk Search 09-29-2021 10 9	10	9
Cannot determine a latest common bundle, search may be blocked Hi guys. Why Splunk have many errors in log file and what can I do in this situation? 05-17-2019 18:58:08.036 +0300... by GenRockeR Explorer in Splunk Search 09-29-2021 0 8	0	8
SHC update apps I run a search head cluster with Splunk Enterprise. Typically I update apps via the back end CLI, but am wondering if... by TheBravoSierra Path Finder in Splunk Search 09-29-2021 0 4	0	4
How do I get specific, but separate count of letters and numbers in a result? I am trying to figure out how to pull fields to show the exact count of numbers and letters in a result. Like, if I h... by Shaurdonnay Engager in Splunk Search 09-29-2021 0 2	0	2
Color in a Table based on a row of numbers Hi, I have a Table created by: eval Actor=actor \|eval "Total Time (max/avg/p50/p99)"=maxT + ", " + avgT + ", " + p50T... by mfudali Explorer in Splunk Search 09-29-2021 0 1	0	1
PROPS Configuration issues with unstructured Events stored in text file Hello,I have some issues in writing PROPS configuration file for the sample data/events given below. I have given 4 e... by SplunkDash Motivator in Splunk Search 09-29-2021 0 2	0	2
recalculate format of mac address dependent on input Dear communityI am struggling with how to allow different format in a search input, but still finding the correspondi... by Ida_2017 Explorer in Splunk Search 09-29-2021 0 5	0	5
Table command does not display field with spaces when used with INPUTLOOKUP Hello All,I have a search query that performs lookups against a CSV file and outputs only those hosts that are in the... by neerajs_81 Builder in Splunk Search 09-29-2021 0 2	0	2
SPL to retrieve more fields Hi all,I am using splunk after a while and lost touch with the SPL. Please help me on below.I have about 40 fields to... by indut Path Finder in Splunk Search 09-29-2021 0 2	0	2
How to sort a chart horizontally by a field from greatest to least? The search below gives me the following data: (ns=stats msg=email_unsub_clicks) OR (ns=email msg=fbl OR msg=send OR ... by metersk Path Finder in Splunk Search 09-29-2021 0 3	0	3
lookup - append only columns with values Hi,I've got a lookup with a number of records, and not all of them have all columns populated. Is there a way to appe... by fedejko Explorer in Splunk Search 09-29-2021 0 0	0	0
search for a string in field , if not there then trigger alert with remaining data in fields Hi,I want to check for a string in the field, but if the string is not found in the field then need to print the rema... by kirrusk Communicator in Splunk Search 09-29-2021 0 4	0	4
Configure the AWS add on proxy configuration via CLI/Ansible 'Hi,We are want to create a playbook for Splunk with Ansible, We are having an issue config the AWS add on proxy conf... by Meliodas1111111 New Member in Splunk Search 09-28-2021 0 0	0	0
Can I combine an if like eval with mvappend? Hi, if possible I would like to combine the two eval statements below so I can optimise it for my datamodel\| eval uri... by ebs Communicator in Splunk Search 09-28-2021 0 2	0	2
How to combine two fields into one after if without losing values Hi,I have a uri_path that I want to combine into a single value, and put the combined value back into the original fi... by ebs Communicator in Splunk Search 09-28-2021 0 3	0	3
Search Head audit of all listed Apps \ TA's \ SA's via search command i allI'm tasked with performing an audit of our Splunk (Cloud) Search Heads (2) as many Apps \ Add-Ons have been spor... by Anthony_Faul Engager in Splunk Search 09-28-2021 0 2	0	2
PROPS configuration for Source Data with Field Names and Values Stored in Text File Hello,I have some issues writing a PROPS configuration file for the following source data stored in text file. I al... by SplunkDash Motivator in Splunk Search 09-28-2021 0 1	0	1
Overriding _time through a calculated field I have created a calculated field which parses _time from a date stamp in the data.However, it does not set _time cor... by bowesmana SplunkTrust in Splunk Search 09-28-2021 0 2	0	2
Alerting based off of no events by server Hi all,I'm setting up an alerting process that monitors different servers on a single index and sends an alert out if... by ft_kd02 Path Finder in Splunk Search 09-28-2021 0 10	0	10
Search Query for checking the Uptime of Website Hi Folks, I want to check at what time url has been brought up. Url already added in website monitoring. For example... by sathish2k8 Explorer in Splunk Search 09-28-2021 0 3	0	3
Pull list of user accounts with last logon How do I pull together a chart of all our user accounts, with the last time that user logged in? I currently have: ev... by ctaylor3819 Engager in Splunk Search 09-28-2021 0 1	0	1