Splunk Search

Community Activity

How do I search if a windows Event code xxxx from the Security logs is being ingested into Splunk? Please share a SPL to show if a certain event code ( Windows) from Security logs is being ingested into Splunk. I app... by SamHTexas Builder in Splunk Search 08-31-2021 0 3	0	3
Use parametric time variable in source name Hello to everybody,we are trying to set a search that makes a diff between two files of two different days. This is t... by nicofantinato Path Finder in Splunk Search 08-30-2021 0 2	0	2
how to extract payload data (key,value) into table i have data something like thisinput: firstname=value1,lastname=value2,email=value3,address=value4.. etc firstname=v... by ramki1459 Explorer in Splunk Search 08-30-2021 0 2	0	2
Adding a row that is the sum of the events for each specific time to a table Is this possible to transform a data set from : TimeUserNumber of Errors9 pmJosh29 pmAndy110 pmJosh010 pmAndy111 pmJ... by learningsplunk Path Finder in Splunk Search 08-30-2021 0 2	0	2
timewrap charts having timescale as the current week + 1/2/3 weeks before I am using timewrap function to compare data for a particular day of the week with same day of the week for last 4 we... by MayankChandra Engager in Splunk Search 08-30-2021 0 0	0	0
timewrap output I am using timewrap to compare data for a particular day of the week with same day of the week for last 4 weeks. i.e ... by MayankChandra Engager in Splunk Search 08-30-2021 0 3	0	3
How to overlay two graphs with different time ranges Would you know how can I display an overlay of two charts that have different time ranges on the X-axis?For example, ... by OctoberP Explorer in Splunk Search 08-30-2021 0 5	0	5
Need to display count having zero events I am having below search string and suppose the file "magic_new.log" has no events and the requirement is to show tha... by prajwal_94 Explorer in Splunk Search 08-30-2021 0 3	0	3
peak day count for the day of the month and avg for the month Hi, I get the exactly same count for avg and peak, any issue with my query? index=a sourcetype=ab earliest=-30d lates... by francly Explorer in Splunk Search 08-30-2021 0 3	0	3
table command without changing sort order Hello all,I would like to use the table command without changing the order of events.To give an example: When searchi... by whrg Motivator in Splunk Search 08-30-2021 0 7	0	7
User login Hi ,A newbie to Splunk here. I have found the query for login info for users on a host: index=os source=var/log/sec... by RanjithaN99 Explorer in Splunk Search 08-30-2021 0 6	0	6
search language Hi, how do I get subtotal count for each Host and Total for all count, in additional count for all different status.H... by francly Explorer in Splunk Search 08-30-2021 0 4	0	4
nested if loop I would like to write in splunk a nested if loop: What I want to achieve:if buyer_from_France: do ... by splunkymage Observer in Splunk Search 08-29-2021 0 0	0	0
tstats unable to get any results when specifying dataset in FROM clause Hi,We are in the process of migrating all Apps/Config's from an older standalone instance(7.2.4.2) to a newer SHC(8.1... by att35 Builder in Splunk Search 08-29-2021 0 0	0	0
How do I join a search on a field that is not unique to compare time values? Hello all,I am struggling to find a solution for this. I have two different searches.One shows log entries where syst... by Traer001 Path Finder in Splunk Search 08-28-2021 0 7	0	7
Need Regex help Hi All,I will be getting a list of MD5 hash values in my logs. Need a regex expression for the below. Therefore whene... by SabariRajanT Path Finder in Splunk Search 08-28-2021 0 7	0	7
Find the average of the first 99% range of data My search currently gives me some statistics regarding response times including total count, average, min, max and 99... by sepkarimpour Path Finder in Splunk Search 08-27-2021 0 11	0	11
Issues with props and transforms Hi All,I have just copied across working props and transforms stanza from one HF to another for sqs logs. however it’... by Abha11 Explorer in Splunk Search 08-27-2021 0 2	0	2
How to get the last hour of events but also over the past 6 weeks? I wanted to establish an alert that will look at the past hour for the past 6 weeks and make some comparisons. So for... by aohls Contributor in Splunk Search 08-27-2021 0 4	0	4
99% Percentile time_taken in IIS Hi I am trying to find the min, max and AVG for Percentile 99,90 and 75 with the bellow: index="main" source="C:\\ine... by joe06031990 Communicator in Splunk Search 08-27-2021 0 0	0	0
Search query to remove results from another source. I have the following sourcers: "inserted" and "deleted"In the "inserted" i have these fields:Id, Timestamp1, 2021-08-... by rodrigomarfei Explorer in Splunk Search 08-27-2021 0 4	0	4
Transforming commands works only in verbose mode Suddenly transforming commands stopped working unless I search in verbose mode. What could cause this issue? This onl... by splunker1789 Engager in Splunk Search 08-27-2021 0 0	0	0
How do I generate a random number between a specific range? Hi, How can I generate a random number between 1 to 20. I random() function doesn't allow to specify a range. please ... by sravani27 Path Finder in Splunk Search 08-27-2021 4 6	4	6
I want no. of triggered alerts in a day from total alerts to be generated I want a report when total events less than 9500000 in a day from sourcetype.Also I tried below query, but its giving... by zakkie Engager in Splunk Search 08-27-2021 0 1	0	1
Alert throttle not working with renamed fields I have multiple alerts with searches similar to the one below where fields are renamed to a numeric ordering. The sea... by _stoff Observer in Splunk Search 08-27-2021 0 1	0	1