Splunk Search

Community Activity

field value as a search pattern for filtering I have got table, which contains field SSS with search patterns and another field FFF, to which I want apply search p... by Arvids Loves-to-Learn in Splunk Search 09-21-2021 0 1	0	1
Rex has exceeded configured match_limit I'm trying to extract 1 fields from a log line. Just trying to extract the email.I cant extract a single field and i... by orionex Observer in Splunk Search 09-21-2021 0 1	0	1
splunk event splitting I have a log file below format and props.conf wriiten below. I am getting first four lines as one event and the remai... by mm12 Explorer in Splunk Search 09-21-2021 0 3	0	3
Please help creating a chart that combines counts of two different event types I defined two eventypes: "loginAttempt" and "loginSuccess". Now I am trying to create a chart where counts of both o... by splunker991 New Member in Splunk Search 09-21-2021 0 2	0	2
index time with specific field is not working We used the rest receivers simple api to send a body with some fields to index as a urlencoded form.Among these there... by fabiofox Explorer in Splunk Search 09-21-2021 0 2	0	2
Comparing Latency from a Subnet to 3 different destinations and output the best option. I am testing network latency from various subnets to 3 different VCenters. The output gives me 3 results per subnet ... by rjgreg Explorer in Splunk Search 09-21-2021 0 6	0	6
command to know what splunk apps/add-ons I have access to ? Is there any way to know what splunk apps/add-ons I have access to ?Like using rest command or any other SPL ? by zacksoft_wf Contributor in Splunk Search 09-21-2021 0 1	0	1
Export dilldown search with variables substituted Hi Team,I have a query related to drilldown searches of notables. I want to export/show results of drilldown searches... by shaquibk Explorer in Splunk Search 09-21-2021 0 0	0	0
Understanding the LOOKUP command Hi, I'm a bit confused with the lookup command, I.e the syntax. lookup <lookup-table-name> <lookup-field1> AS <loca... by mahbs Path Finder in Splunk Search 09-21-2021 3 7	3	7
splunk I have a csv file which has field Account and it has over 1000+. In my logs it is named as yourAccount. how do i find... by DougiieDee Explorer in Splunk Search 09-20-2021 0 2	0	2
Regex help Hi,Can someone help with the regex for below log entry, i need regex to extract the below fields in red. Thanks for y... by SS1 Path Finder in Splunk Search 09-20-2021 0 2	0	2
How to search custom IOC file Hi All,I'm new to Splunk. I'm not much familiar with the query search and lookup files. I have a custom IOC file wit... by VR1225 New Member in Splunk Search 09-20-2021 0 0	0	0
Search result limit Hello dears,How can i change search result limit ? At this moment, max 10K line shown.. by corehan Explorer in Splunk Search 09-20-2021 0 2	0	2
contains on lookup table Hello All,I have a quick question about comparison fields from a lookup table. Just imagine that I have a query like... by korhanacar Engager in Splunk Search 09-20-2021 0 2	0	2
inputlook I have a inputlookup search where I am looking to do a current count vs four week average count. My search is set up ... by kishan2356 Explorer in Splunk Search 09-20-2021 0 6	0	6
stats, eventstats,streamstats which one return max field by second field? hihow can i show max duration per servername? index="my-index" \| rex "duration\[(?<duration>\d+.\d+)"\| rex "id... by indeed_2000 Motivator in Splunk Search 09-20-2021 0 2	0	2
Null value for Country when using iplocation Hi,When using iplocation to get the Country list ,maximum i am getting null values for Country.How to get the exact c... by Madhusri Engager in Splunk Search 09-20-2021 0 1	0	1
Extracting Source Network Address from Windows Logs Im working on extracting Source Network Address's from Splunk I've spent the past few hours defining my query and aft... by hiteshkh Explorer in Splunk Search 09-20-2021 0 3	0	3
How do a search with a string comma separated values ? Hello team! How are u?I have a question about how to search with a comma separated values: Example:I have an index wi... by JuanAntunes Explorer in Splunk Search 09-20-2021 0 4	0	4
how to expand multiple ip addresses on more fields? Hi, i have more ip address in a field like this:host \| IP h1 10.0.2.2; 10.0.2.1h2 10... by francesco1g Engager in Splunk Search 09-20-2021 0 1	0	1
Search between specific time range Hi,Due to come compliance issue, there is a need to search for logs from 10pm to the following day 10am. This has to ... by splunknewbie81 Engager in Splunk Search 09-20-2021 0 8	0	8
Searching ranges of event codes from windows event logs A user within my organization was attempting to search for various windows events that indicated that somebody modifi... by LiquidTension Path Finder in Splunk Search 09-20-2021 2 2	2	2
Query email sent success or failed Please suggest a splunk query to find whether email abc@def.com successfully sent emails or any emails failed between... by shanaz Engager in Splunk Search 09-20-2021 0 2	0	2
Search in two table Hi,I have two table.The first have few ip what i switched dotdecimal splunk_server="xyserver" index=main source="/v... by AnnexQ Explorer in Splunk Search 09-20-2021 0 6	0	6
Remove original and duplicate items from a query Hi, from two columns, in order to create a report, i need to remove the elements that are present twice, not only rem... by francesco1g Engager in Splunk Search 09-20-2021 0 1	0	1