Splunk Search

Community Activity

Compare two indexes and report on mismatch I'm comparing two indexes, A and B, using the hostname as the common field. My current search successfully identifies... by Richy_s Path Finder in Splunk Search 10-04-2024 0 11	0	11
Using a lookup table in a base search I have a lookup table that we update on daily basis with two fields that are relevant here, NAME and ID. NAMEIDToront... by DATT Path Finder in Splunk Search 10-04-2024 0 6	0	6
How to get ingest volume for 1200 sourcetypes ? i have a query that will calculate the volume of data ingested in a sourcetype-- index=federated:infosec_apg_share... by sverdhan Loves-to-Learn Lots in Splunk Search 10-04-2024 0 2	0	2
How to filter on KV Store lookup time-based fields using a time picker? I have a large data set in my KV Store collections. These fields also contains time specific fields. I would like to ... by nawneel Communicator in Splunk Search 10-04-2024 1 7	1	7
Report a value from a field to another result line Hello community,I need to set up a dashboard that tracks the status of an alert from Splunk OnCall. An alert can have... by Rajaion Path Finder in Splunk Search 10-04-2024 0 4	0	4
How to find SQL Injection activity or OWASP attack through the Splunk Hi Guys, How to find SQL Injection activity or OWASP attacks through the Splunk by Steave4app New Member in Splunk Search 10-04-2024 0 4	0	4
How to Modify Multiselect Dropdown Menus for Indexes and Backslashes Using Tokens in Splunk Hello Splunkers, I started to use splunk uni forwarder in my job and I am kinda new to systems.My dashboard working g... by otto1 Observer in Splunk Search 10-03-2024 0 1	0	1
Search generates this error - Regex: regular expression is too large This is the search with some anonymization. index=index_1 sourcetype=sourcetype_1 field_1 IN ( [ search index=in... by jwhughes58 Contributor in Splunk Search 10-03-2024 0 6	0	6
dedup or filter row with condition How do I dedup or filter out data with condition?For example:Below I want to filter out row that contains name="name0... by LearningGuy Motivator in Splunk Search 10-03-2024 0 11	0	11
The "where count" clause is showing no results I'm trying to create an alert. The alert's query ends with " \| stats values() as by actor.displayName \| stats coun... by anayi Observer in Splunk Search 10-03-2024 0 2	0	2
How to join two tables for more data Good day,I have done a join on two indexes before to add more information to one event. example get department for a ... by JandrevdM Path Finder in Splunk Search 10-03-2024 0 1	0	1
How to find the latest event per device Good day,I am trying to find the latest event for my virtual machines to determine if they are still active or decomm... by JandrevdM Path Finder in Splunk Search 10-03-2024 0 4	0	4
How to have multiple fields (non numeric) in x-axis on a bar chart? My Splunk Search is as followsindex="someindex" cf_space_name="somespace" msg.severity="*" \| rex field=msg.message ".... by th1agarajan Path Finder in Splunk Search 10-02-2024 0 1	0	1
How to write a cron schedule to run Splunk alerts biweekly on Mondays? I have a requirement to Trigger Splunk Alerts Bi-Weekly Mondays (Not 1st and 3rd OR 2nd and 4th weeks) and if a mont... by prakashbhanu407 New Member in Splunk Search 10-02-2024 0 6	0	6
Issue with StateSpaceForecast from the MLTK app I have a dashboard that a specific team uses. Today, they asked about why one of the panels was broken. Looking into ... by Abass42 Communicator in Splunk Search 10-02-2024 0 0	0	0
Regex Help probably a basic questioni have the following data 600 reasonand this rex(?<MetricValue>([^\s))]+))(?<Reason>([^:\|^R]... by darkins Engager in Splunk Search 10-01-2024 0 2	0	2
Count X's in each field in a table and total them in the last column Hello everyone, I have a table (generated from stats) that has several columns, and some values of those columns have... by alferone Explorer in Splunk Search 10-01-2024 0 3	0	3
Yesterday data dashboard filtering - An extension of this:https://community.splunk.com/t5/Splunk-Search/Looking-at-yesterdays-data-but-need-to-filter-the-... by nelesama Explorer in Splunk Search 10-01-2024 0 4	0	4
Lookup search wigh showing matched keyword Hello SplunkersHow can i utilize a lookup in a correlation search showing the detected keyword in the search result ?... by msalghamdi Path Finder in Splunk Search 10-01-2024 0 5	0	5
Adding a Total column (without using addtotals) Sometimes I set myself SPL conundrum challenges just to see how to solve them. I realised I couldn't do something I ... by tread_splunk Splunk Employee in Splunk Search 10-01-2024 0 8	0	8
how to get statistical values for different fields I have to create a base search for a dashboard and I am kinda stuck. Any help would be appreciated. index=service msg... by varsh_6_8_6 Explorer in Splunk Search 09-30-2024 0 2	0	2
Is there a way to monitor the number of files in the dispatch directory over time? Hi I am looking to monitor the dispatch directory over time.I know I can get the current results by using this\| rest ... by robertlynch2020 Influencer in Splunk Search 09-30-2024 0 3	0	3
eval percent line is not producing values in the table I am working on obtaining all user logins for a specified domain, then displaying what percent of those logins were f... by DLevine_ Explorer in Splunk Search 09-30-2024 0 4	0	4
How to identify a skipped scheduled accelerated report ? I have noticed that a saved search is chronically skipped, almost 100% but I cannot trace it back to the origin.The s... by Glasses2 Communicator in Splunk Search 09-30-2024 0 4	0	4
Filter for messages that contains text with quotation marks Hi, I'm having a hard time trying to narrow down my search results. I would like to return only the results that cont... by raculim Explorer in Splunk Search 09-30-2024 0 6	0	6