Splunk Search

Community Activity

join three queries Hi All, In Splunk is it possible to join two joint queries. I have queries like 1)index=_inter sourcetype=project \| d... by kirrusk Communicator in Splunk Search 08-02-2021 0 1	0	1
DC of users per 5 mins with Kbps calculation Hi all,I have been using Splunk for about 2 days, so am VERY new. I'm trying to get a utilization number for endpoin... by a277437 Explorer in Splunk Search 08-02-2021 0 5	0	5
Subnet monitoring Hi, I want to monitor the subnet 172.30.0.0/24 through splunk, which IP address is used and which is not. Whenever ne... by Whyruss Explorer in Splunk Search 08-02-2021 0 6	0	6
event for given time window on each date I would like to get event count for a particular time period for each day for a given date range (that I will select ... by PUNSNYC New Member in Splunk Search 08-02-2021 0 1	0	1
Enum for non numerical values I have a non numerical field (text), and I want to create an enum field. Meaning that I will have a new field with nu... by ndd Engager in Splunk Search 08-01-2021 0 5	0	5
Using both earliest(_time) and latest(_time) together in a search is returning the same value for both. Hi, so I am trying to record the Earliest connection for IP addresses and the Latest connection for IP addresses howe... by jt1234567 Loves-to-Learn in Splunk Search 07-31-2021 0 1	0	1
Successful Brute Force Attempts using the Authentication Data Model Question Hello all,I'm trying to create an alert for Successful Brute Force Attempts using the Authentication Data Model. Curr... by md Explorer in Splunk Search 07-31-2021 0 0	0	0
How to add two different soucetype Hi, We are looking to join two different soucretype which is given below1- first source type for abc(In this soucety... by sushil_sh Engager in Splunk Search 07-31-2021 0 2	0	2
Stats Results After Upgrade All, Just upgraded to 8.2.1 last night and noticed something today with stats. # This search returns 160k+ eventsinde... by dpwtheitguy Loves-to-Learn Lots in Splunk Search 07-30-2021 0 1	0	1
Has anyone else come across unexpected behavior using the (?J) mode modifier in the rex command? Hi, I wanted to see if anyone else had come across some strange behaviour when using the (?J) mode modifier in the '... by gvmorley Contributor in Splunk Search 07-30-2021 6 7	6	7
Calculate time server CPU above alert percentage Hi,I need to track the number of times and duration where the CPU used percent is above a threshold number.The search... by timrich66 Communicator in Splunk Search 07-30-2021 0 0	0	0
csv lookup for search query based on continuity and 7-day condition Hi Splunk Experts, I wonder if you could help me putting the below logic in to a search query?Here the link reference... by longmen Path Finder in Splunk Search 07-30-2021 0 21	0	21
Splunk chart select zoom & reset zoom permanent Hi All..Is there a way to keep the in chart zoom & pan option button to keep visible even on zero zoom selection by mvishal Explorer in Splunk Search 07-30-2021 0 0	0	0
Comparing data between rows and show only needed result Hi Splunker I'm quite new to splunk. Can you please help me out on this search?I have a table of antivirus database v... by flukey Engager in Splunk Search 07-30-2021 0 2	0	2
Pass a token to regex or pass a field to regex I am extracting a list of free text string in the _ raw and creating a new field.The list of terms comes from user in... by spicy Path Finder in Splunk Search 07-29-2021 0 4	0	4
Splunk search with regex Hi everyone, I got lots of the blow _row after the search:........2002-02-22 17:32:15.592 somedatainformation ==> ASH... by ss394546910 Engager in Splunk Search 07-29-2021 0 1	0	1
Splunk rest curl query fails to execute on the successive attempts with the session key authorization First attempt creates the splunk SID, but fails on the successive attempts to create search id. Same issue occurs whi... by sathishraja92 Explorer in Splunk Search 07-29-2021 2 1	2	1
How to find deltas greater than 5 skipping over rows that are different Hello!Sample data:VehicleHour of Daycountdelta(count)car1115--car1120-5car11333car21196car2125-4car31150car31250car31... by michaelsplunk1 Path Finder in Splunk Search 07-29-2021 0 1	0	1
Add column to New Search window In new search window (image attach) There are to column "Time" "Event" How can I automatically(not write each time in... by hoko_joni New Member in Splunk Search 07-29-2021 0 1	0	1
How to get the value from the json file using regex? Hi all,I have a multiple json files. The format is like as below.{<!-- -->"ID": "123","TIME": "Jul 11, 2021, 08:55:54 AM","ST... by anooshac Communicator in Splunk Search 07-29-2021 0 4	0	4
Find difference between numerical values in a Multivalue field Hi,As mentioned in the subject, I wanted to perform a simple subtraction operation on individual values/elements with... by jaysonpryde Path Finder in Splunk Search 07-28-2021 0 2	0	2
Stats format help Hi,I have below output with my search, base search\| stats count by User, actionUseractioncountAlexinstall3Alexuninsta... by SS1 Path Finder in Splunk Search 07-28-2021 0 1	0	1
Search Using Lookup with Multiple Search Terms for the Same Field Hello All.I am trying to use a lookup to perform a tstats search against a data model, where I want multiple search t... by stauff Explorer in Splunk Search 07-28-2021 0 2	0	2
How to extract a seconday date/time? I have a scripted input created to monitor certificate expiration.An example event:Tue Jul 27 12:07:55 CDT 2021,/opt/... by Stefanie Builder in Splunk Search 07-28-2021 0 3	0	3
Count by start of string I have an query thatindex ="main" \|stats count by Text \|sort -count \| table count Textresults:countText10dog fish20 ... by kooojo Engager in Splunk Search 07-28-2021 0 3	0	3