Splunk Search

Community Activity

TAXII files being downloaded but not processed by Enterprise Security Hi Splunkers.We are having an issue whereby a TAXII feed has stopped being incorporated into the Enterprise Security ... by torowa Path Finder in Splunk Search 08-23-2021 1 0	1	0
Nested JSON (Returns Empty) Hi All,Have a search that is not returning what I would like. Need to unest some JSON but having issues.Here is an ex... by morgantay96 Path Finder in Splunk Search 08-23-2021 0 1	0	1
Using dedub on same results within 1 minute range HiI'm trying to find user that login on Non-working hour between 4pm-4am by looking at eventcode=4624.I need to exclu... by SkuLLo99 Loves-to-Learn in Splunk Search 08-23-2021 0 5	0	5
Consolidation From Different Sources Hey Everyone!I'm in need of some help, advice, Ouija board (lol)...whatever can do the trick. I am wanting to know if... by Cyber_Nerd3 Engager in Splunk Search 08-23-2021 0 7	0	7
Similar events within 1s of each other? I have logs like of this form:[2021-08-19T13:59:05.607] [INFO] collect - [4a2b9170-0130-11ec-95b3-17c017e0ec5d] {"uid... by HenrikN Engager in Splunk Search 08-23-2021 0 2	0	2
search filed values from sourcetype1 to another sourcetype2 Hi,I need help in searching field value from the first search to another search with deferent sourcetype and combine ... by shrinivaskittur Explorer in Splunk Search 08-23-2021 0 4	0	4
Combining Separate Searches Hello,I am attempting to combine 2 reports (1 is a normal stats search return and the other is a pie chart using the ... by Cyber_Nerd3 Engager in Splunk Search 08-23-2021 0 0	0	0
Splunk search - is it possible to automatically expand a result property wrap? Hi,In my query:index="my_local" \| sort -DateI get a list of items, and if I look at one item (and lick "show as raw t... by gunnist Explorer in Splunk Search 08-23-2021 0 3	0	3
PROPS CONF-Text file with header Hello, I have some issues to create PROPS Conf file for following sample data events. It's a text file with header in... by SplunkDash Motivator in Splunk Search 08-23-2021 0 0	0	0
Password spraying search Hi, I am attempting to create a search for a password spraying attempt. I need the IP address and Hostname made with ... by kuriakose Explorer in Splunk Search 08-23-2021 0 3	0	3
Looking for a result each day in the week HelloIn my base search I'm looking for stores with the minimum count of 1 for 4 differend kind of errors. I count the... by rjoller Explorer in Splunk Search 08-23-2021 0 4	0	4
List of realtime searches showing deleted reports/alerts Hi, I have the following SPL as a dashboard panel which shows realtime searches. This is so I can contact the owners ... by shazbot79 Path Finder in Splunk Search 08-23-2021 0 5	0	5
how to remove a portion of string Hi all,my data as below:11111_aaaa/ppppaaaa1110_bb/kjmI want to remove anything after /, like this11111_aaaa1110_bb T... by leecholim Engager in Splunk Search 08-23-2021 0 7	0	7
Splunklib API retrieve inputlookup Hi all,have been using the splunklib package in Python to connect to the Splunk API for some time now, and it works f... by Tim00 Explorer in Splunk Search 08-23-2021 0 2	0	2
How does OR work with strings? Hello,I noticed that ... WHERE somefield = string1 OR string2works the same way as ... WHERE somefield = string1 OR s... by pm771 Communicator in Splunk Search 08-23-2021 0 4	0	4
Use two stats function with different group by how to get this two stats result in one query(earliest=-24h@h index="s_data_sum" (type="c" OR type="s") (sourcetype="... by rj Loves-to-Learn Lots in Splunk Search 08-23-2021 0 5	0	5
How to search for failed login attempts? I hate to say it, but I am a Splunk-newb. I plan on taking a Splunk course, but for now, I am just trying to get my f... by mhuntington Explorer in Splunk Search 08-22-2021 2 8	2	8
Compare Multivalue Fields With Lookup Greetings Splunkers,I've been banging my head against the keyboard to try and resolve this comparison issue, I know t... by cquinney Communicator in Splunk Search 08-22-2021 0 7	0	7
how to compare two events in one search to highlight what's changed Hi, I am trying to compare the between two events (json format), say, I can pipe with "head 2" to output only two eve... by sx Engager in Splunk Search 08-22-2021 0 4	0	4
Uses Transform Field Extraction-Delimiter Hello,I was using Transform type Field Extraction, I have an issue to select my Delimiter and facing some errors (not... by SplunkDash Motivator in Splunk Search 08-22-2021 0 8	0	8
Check if time is within last 3 hrs Hi all,I am looking to check if there has been a event within the last 3 hrs for three different categories. If an ev... by shakSplunk Path Finder in Splunk Search 08-22-2021 0 3	0	3
Splunk search - How to search the fields1 values contains in field2 Hi All, Hope you guys are doing fine.I do have few doubts with relates to field comparison. Please find the below sam... by kartm2020 Communicator in Splunk Search 08-22-2021 0 6	0	6
Edit data In Splunk I have a data in Splunk likeindex="main"FnameCountryfname1USAfname1USAfname3USA I want to add and change some datawhe... by jokovitch Explorer in Splunk Search 08-22-2021 0 6	0	6
How to obtain duration if the End Time is conditional? Currently my Splunk Search is shown as below:SerialDescriptionDateTimeStartTimeEndTimeMY111Registration2021-05-01 00:... by moinyuso96 Path Finder in Splunk Search 08-22-2021 0 1	0	1
ITSI search editor hotkeys When editing searches in ITSI, control-e expands macros and control-z undoes the last change. I know this only by be... by keesling Engager in Splunk Search 08-21-2021 0 0	0	0