Splunk Search

Community Activity

PROPS CONF-Text file with header Hello, I have some issues to create PROPS Conf file for following sample data events. It's a text file with header in... by SplunkDash Motivator in Splunk Search 08-23-2021 0 0	0	0
Password spraying search Hi, I am attempting to create a search for a password spraying attempt. I need the IP address and Hostname made with ... by kuriakose Explorer in Splunk Search 08-23-2021 0 3	0	3
Looking for a result each day in the week HelloIn my base search I'm looking for stores with the minimum count of 1 for 4 differend kind of errors. I count the... by rjoller Explorer in Splunk Search 08-23-2021 0 4	0	4
List of realtime searches showing deleted reports/alerts Hi, I have the following SPL as a dashboard panel which shows realtime searches. This is so I can contact the owners ... by shazbot79 Path Finder in Splunk Search 08-23-2021 0 5	0	5
how to remove a portion of string Hi all,my data as below:11111_aaaa/ppppaaaa1110_bb/kjmI want to remove anything after /, like this11111_aaaa1110_bb T... by leecholim Engager in Splunk Search 08-23-2021 0 7	0	7
Splunklib API retrieve inputlookup Hi all,have been using the splunklib package in Python to connect to the Splunk API for some time now, and it works f... by Tim00 Explorer in Splunk Search 08-23-2021 0 2	0	2
How does OR work with strings? Hello,I noticed that ... WHERE somefield = string1 OR string2works the same way as ... WHERE somefield = string1 OR s... by pm771 Communicator in Splunk Search 08-23-2021 0 4	0	4
Use two stats function with different group by how to get this two stats result in one query(earliest=-24h@h index="s_data_sum" (type="c" OR type="s") (sourcetype="... by rj Loves-to-Learn Lots in Splunk Search 08-23-2021 0 5	0	5
How to search for failed login attempts? I hate to say it, but I am a Splunk-newb. I plan on taking a Splunk course, but for now, I am just trying to get my f... by mhuntington Explorer in Splunk Search 08-22-2021 2 8	2	8
Compare Multivalue Fields With Lookup Greetings Splunkers,I've been banging my head against the keyboard to try and resolve this comparison issue, I know t... by cquinney Communicator in Splunk Search 08-22-2021 0 7	0	7
how to compare two events in one search to highlight what's changed Hi, I am trying to compare the between two events (json format), say, I can pipe with "head 2" to output only two eve... by sx Engager in Splunk Search 08-22-2021 0 4	0	4
Uses Transform Field Extraction-Delimiter Hello,I was using Transform type Field Extraction, I have an issue to select my Delimiter and facing some errors (not... by SplunkDash Motivator in Splunk Search 08-22-2021 0 8	0	8
Check if time is within last 3 hrs Hi all,I am looking to check if there has been a event within the last 3 hrs for three different categories. If an ev... by shakSplunk Path Finder in Splunk Search 08-22-2021 0 3	0	3
Splunk search - How to search the fields1 values contains in field2 Hi All, Hope you guys are doing fine.I do have few doubts with relates to field comparison. Please find the below sam... by kartm2020 Communicator in Splunk Search 08-22-2021 0 6	0	6
Edit data In Splunk I have a data in Splunk likeindex="main"FnameCountryfname1USAfname1USAfname3USA I want to add and change some datawhe... by jokovitch Explorer in Splunk Search 08-22-2021 0 6	0	6
How to obtain duration if the End Time is conditional? Currently my Splunk Search is shown as below:SerialDescriptionDateTimeStartTimeEndTimeMY111Registration2021-05-01 00:... by moinyuso96 Path Finder in Splunk Search 08-22-2021 0 1	0	1
ITSI search editor hotkeys When editing searches in ITSI, control-e expands macros and control-z undoes the last change. I know this only by be... by keesling Engager in Splunk Search 08-21-2021 0 0	0	0
How do I do a search for multiple IP's, URL's and File Hashes by RYEAMAN Observer in Splunk Search 08-21-2021 0 1	0	1
Event Breaking for PROPS Configuration File Hello,Please let me know how I would break the events, write TIME_PREFIX and TIME_FORMAT for my PROPS Conf. file fo... by SplunkDash Motivator in Splunk Search 08-20-2021 0 11	0	11
Detecting Spikes/Anomalies in Failed Logins - over time My goal is to calculate a score of confidence based on how anomalous the amount of failed logins is compared to activ... by cyberdiver Explorer in Splunk Search 08-20-2021 0 0	0	0
searching a lookup table with multiple values in a field I have a csv file that that I am using for a lookup which has multiple values in a particular field. I am trying to d... by raysonjoberts Path Finder in Splunk Search 08-20-2021 0 4	0	4
Split without delimiter How can I split a field, into many other fields, but without using a delimiter, and using the position range instead?... by EberlinM Engager in Splunk Search 08-20-2021 0 2	0	2
How to get a predicted value from the data statistics I want to get a predicted value from the data statistics.Is it possible to output the predicted value for each patter... by miyuog13 Engager in Splunk Search 08-20-2021 0 1	0	1
[Lookup] Unable to filter/display out data from modify lookup Hi Splunkers,I have query where i want to filter out all the legitimate process by path process which ive identify th... by Splunkin Explorer in Splunk Search 08-20-2021 0 1	0	1
Show count by a field value Hi Experts,I have a requirement to in which a table is ingested to Splunk. And the table has a field named Time showi... by Karthikeyan Engager in Splunk Search 08-20-2021 0 3	0	3