Splunk Search

Community Activity

IOC threat hunting We deal with hundreds of iocs ( mostly flagged IP's) that come in monthly, and we need to check them for hits in our ... by mackey Engager in Splunk Search 11-01-2024 0 5	0	5
How can I use a subsearch with rex extracted field to seach over an extracted field I am trying to take the results of one search, extract a field from those results (named "id") and take all of those ... by mwolfe Engager in Splunk Search 11-01-2024 0 2	0	2
How can I split up values in a field to create new fields? New field names should be extracted from original field. I've imported a csv file and one of the fields called "Tags" looks like this:Tags="avd:vm, dept:support services, cm-... by eraser Explorer in Splunk Search 11-01-2024 0 6	0	6
How to compare success/failure by status I've got data so:"[clientip] [host] - [time] [method] [uri_path] [status] [useragent]" .. and do the following sear... by mwolfe Engager in Splunk Search 11-01-2024 0 4	0	4
Can i assign a color to a string in a field if it is present in the field ? My requirement is to highlight the "Error" string in red colour if it is present in the extracted field "Status". Not... by varun99 Path Finder in Splunk Search 10-31-2024 0 12	0	12
Triggered alerts query - Need help with date Putting together a query that shows, on an individual alert level, the number of times the alert fired in a day and t... by jason2 Loves-to-Learn in Splunk Search 10-31-2024 0 3	0	3
tstats returning zero results for a simple count query We are ingesting large volume of network data and would like to use tstats to make the searches faster. The query ind... by imrago Contributor in Splunk Search 10-31-2024 0 2	0	2
Executing Conditional Queries in Splunk Based on Input Value I have two query in splunk query 1 and query 2 and an input. Based on the input, i need to execute either query 1 or ... by taruntalreja New Member in Splunk Search 10-31-2024 0 4	0	4
passing diffrent base search based on inputput dropdown values Hello Splunkers, I'm having a inputput dropdown field, when i'm selecting "*" in that input dropdown field, I need ... by smanojkumar Contributor in Splunk Search 10-31-2024 0 1	0	1
How to resolve field into either value from two different keys with two tables outer joined I'm using `Splunk Add-on for Box` to collect box logging data.As a premise, `box:events' contains information for `up... by norish Explorer in Splunk Search 10-30-2024 0 3	0	3
append a field value to a lookup csv file I have a hostname.csv file and contact these attributes.hostname.csvip mac ... by jtran9373 Explorer in Splunk Search 10-30-2024 0 8	0	8
Default visualisation for charts Each time I run a search query and click visualisation, the default is "column chart".How do I set this to default to... by dataisbeautiful Communicator in Splunk Search 10-30-2024 1 1	1	1
Search term in table results Ok maybe it is too much Splunk today. Whatever it is I can not for the life of me remember how to do this.I am doing... by bullbasin Explorer in Splunk Search 10-30-2024 0 6	0	6
Using splunk-sdk in user-defined functions in Spark/Databricks notebook Background:I've created a small function in a spark/Databricks notebook that uses Splunk's splunk-sdk package. The ... by hughkelley Path Finder in Splunk Search 10-30-2024 0 0	0	0
Create Single Field and Multifield Values Based on Same Fields Hi Splunkers, How can I create a single value field based on multiple fields? Also, let's assume that the field names... by whitefang1726 Path Finder in Splunk Search 10-30-2024 0 2	0	2
Need help with spl query index=web_logs sourcetype=access_combined \| eval request_duration=round(duration/1000, 2) \| stats avg(request_durat... by xaviershebha New Member in Splunk Search 10-30-2024 0 1	0	1
Percentage of search field by day Hi All I have a search string ... index="ee_apigee" vhost="rbs" uri="/eforms/v1.0/cb/" \| rex "(?i) .?=\"(?P<httpsta... by Mick_OBrien Path Finder in Splunk Search 10-30-2024 0 1	0	1
Join fields together Good day,Is there a way to join all my rows into one?My simple query index=collect_identities sourcetype=ldap:query ... by JandrevdM Path Finder in Splunk Search 10-30-2024 0 9	0	9
Need help search tablename and count across multiple lines I have data like this in splunk search2024-10-29 20:14:49 (715) worker.6 worker.6 txid=XXXX JobPersistence Total reco... by Ckashton New Member in Splunk Search 10-30-2024 0 1	0	1
Passing a diffrent base search based on the selection of input dropdown Hello Splunkers, I would like to pass the two base search when input dropdown is set as all, i need to pass a base ... by smanojkumar Contributor in Splunk Search 10-29-2024 0 3	0	3
Chart with count statistics associated time from multiple table Hi Guys,I have one master list that inculdes all items, and I want to consolidate two other time-related tables into ... by splunksuperman Explorer in Splunk Search 10-29-2024 0 2	0	2
Filtering logfiles showing one error log for every row Hello,I need help in creating a search query to filter info showing just our logfile with same error line for all row... by apmcharter New Member in Splunk Search 10-29-2024 0 1	0	1
How to join two indexes with a search Good day,I want to join two indexes to show all the email addresses that the user have that signed in. This queries m... by JandrevdM Path Finder in Splunk Search 10-29-2024 0 1	0	1
Verification of SAML assertion using IDP's cert failed. Unknown signer of SAML response We have an on-prem Splunk-Enterprise Version: 9.0.4.1 We updated IDP url in the SAML configuration and after uploadin... by cimino Engager in Splunk Search 10-29-2024 0 0	0	0
How do I send email alert if one or more subsearch exceed 50000 results? Hello,Hello,How do I send email alert if one or more subsearch exceed 50000 results?For example below I have 4 subse... by LearningGuy Motivator in Splunk Search 10-29-2024 0 18	0	18