Splunk Search

Community Activity

Lookup Table as input for Dashboard Hello,I would like to enter the info from a lookup table into my dashboard search. lookup table name: FIP.csvcontent:... by MarieHe New Member in Splunk Search 08-17-2021 0 3	0	3
Need help with XML extraction Hi All,I need to extract the fields from the below xml data tried xpath and xmlkv but not working as expected.<item>... by Mahipal456 Loves-to-Learn Lots in Splunk Search 08-17-2021 0 17	0	17
timechart no results found I have the follow queryindex=index \|spath output=traceSteps path=traceSteps{}\|table traceSteps\|mvexpand traceSteps\|re... by graziaedu Explorer in Splunk Search 08-17-2021 0 2	0	2
List of AD groups a user was removed from How do I get a list of AD groups a specific user was removed from in the last week please. We had a Helpdesk person a... by toontech New Member in Splunk Search 08-17-2021 0 3	0	3
How do I find what source/sourcetype caused this error: "The search failed. More than 1000000 events found at time" Search failed with error msg: Error in 'IndexScopedSearch': The search failed. More than 1000000 events found at tim... by xindeNokia Path Finder in Splunk Search 08-17-2021 0 3	0	3
Percentile total transactions as a percentage of total transactions Hello,I have the bellow search:index=test sourcetype=Test\|stats count by _time\|eventstats perc99(count) as p99\|eval P... by joe06031990 Communicator in Splunk Search 08-17-2021 0 2	0	2
How to search for 3 failed logins followed by 1 successful login from one user to find brute force attacks? Hello, The question is pretty straightforward. I would like to alert if 3 failed logins followed by 1 successful logi... by mayurr98 Super Champion in Splunk Search 08-17-2021 0 1	0	1
match_cidr = CIDR() config not working as expected So I need to run search on a firewall index where I need to look for field values matching from two lookup files, one... by dm1 Contributor in Splunk Search 08-16-2021 0 5	0	5
Can someone point me to a table that shows what color equates to what hex value? I'd like to force consistency across all dashboard charts. For instance, in all charts, I'd like a certain server or... by szimmer661 Explorer in Splunk Search 08-16-2021 1 5	1	5
rename command is changing time format Hi all,I have a field that has a time value such as (_time field):2021-08-12 15:18:42However, when I got to use the r... by shakSplunk Path Finder in Splunk Search 08-16-2021 0 4	0	4
How to map field values to rows? I've a query which has column like AccountNO eventType _time and differenceI'm trying to find the time difference of ... by iamsplunker Communicator in Splunk Search 08-16-2021 0 0	0	0
Splunk SmartStore and searchable Events when using S3 and Glacier We are using Splunk Enterprise, using SmartStore (S3).Example: Index A, with frozentimeperiodinsecs = 7776000 (~90 da... by edwinmae Path Finder in Splunk Search 08-16-2021 0 4	0	4
Subsearch to only return multiple field values Hello, I am trying to only return the values of certain fields to be used in a subsearch. The problem I'm encounterin... by SailorManDan Explorer in Splunk Search 08-16-2021 1 3	1	3
Regular expressions that use “or ‘ and exit characters. Hello Splunk community,When trying to splice multiple events so that it can generate a specific output from a Splunk ... by learningsplunk Path Finder in Splunk Search 08-16-2021 0 2	0	2
How to convert values to percentage ? I have query something like this: index=sample source=test (earliest=-1d@d latest=@d) OR (earliest=-2d@d latest=-1d@d... by Nauman_Javaid Loves-to-Learn in Splunk Search 08-16-2021 0 1	0	1
How to Alert if an IP is added to a field I need some help with an alert i have been stuck on. I have a DBCONNECT lookup that returns a value once a day. This ... by shanecifaldi Loves-to-Learn Everything in Splunk Search 08-16-2021 0 0	0	0
(Table) Add dynamically generated columns (from field values) onto pre-existing columns Hi all,I'm trying to dynamically add columns to two fixed columns based on the environment value selected. For instan... by shakSplunk Path Finder in Splunk Search 08-16-2021 0 13	0	13
Combine two tables without the use of join and without aggregating values Hello, I'm working on a really complex search where I need to combine results from different lookup tables. One looku... by moonie Explorer in Splunk Search 08-16-2021 0 3	0	3
Root Cause Analysis of Tickets from Application Maintenance Service Hello everyone. In my team we are investigating how to build a new application that does "Root Cause Analysis" (simi... by analiaeg Explorer in Splunk Search 08-15-2021 0 5	0	5
PROPS Conf with CSV File Hello,I wrote a PROPS Configuration file for following csv file but getting error message. Any help will be highly ap... by SplunkDash Motivator in Splunk Search 08-15-2021 0 4	0	4
find which event belong to which file in compress file HiI have compress file that contain several files. in source just show compress file. e.g compress files name is log.... by indeed_2000 Motivator in Splunk Search 08-15-2021 0 1	0	1
Subesearch with Inputlookup I want to run a base query where some fields has a value which is present in inputlookup table For example, I have ... by Shimon81 Explorer in Splunk Search 08-15-2021 0 7	0	7
How to compare 2 columns of a table when we use 'chart' command ? I have used the below query to create one table: index=abc sourcetype=xyz source=*.txt host=host1 OR host=host2 \| rex... by georgear7 Communicator in Splunk Search 08-15-2021 0 6	0	6
Search 1 dashboard panel - Search 2 dashboard panel = third dashboard panel difference between two searches. Search 1 dashboard panel - Search 2 dashboard panel = third dashboard panel difference between two searches. Here is ... by pir8radio Path Finder in Splunk Search 08-14-2021 0 2	0	2
subsearch result as source I am trying to craft a search that uses the most recent source as the basis for my search. The source is a file path... by mpartee Engager in Splunk Search 08-14-2021 0 4	0	4