Splunk Search

Community Activity

Storing top result as variable then displaying systems with that variable For some reason my search is not acting as expected. I am trying to produce a list of systems with the specific isola... by jlovik Explorer in Splunk Search 06-10-2021 0 2	0	2
How normalize field values that have slightly different field values? Regex? Match? Replace? Hi! ‍I am a little stuck on how to normalize "Operating System" data I have. Currently, we have a field called "Op... by UMDTERPS Communicator in Splunk Search 06-10-2021 0 6	0	6
How do I do a cidr match/not match in a tstats search? I am trying to get a list of the most common sources and destinations of blocked traffic from the previous day with s... by MonkeyK Builder in Splunk Search 06-10-2021 0 9	0	9
Search using results of a search I have a working search that we use to give a list of the members of admin groups in Active Directory:\| inputlookup A... by LynneEss Engager in Splunk Search 06-10-2021 1 1	1	1
eval on two columns in a lookup with host and time I have a search pulling back fields "file_type" and "host", I have set "event_hour" and doing a stats so I know the n... by middlemiddle Explorer in Splunk Search 06-10-2021 0 2	0	2
Combine 2 searches into one pie chart How can the following 2 searches be used in a single Pie Chart?SEARCH ONEindex=security host=THAT* OR host=THIS* Sour... by HMIPowell Explorer in Splunk Search 06-10-2021 0 3	0	3
tstats by index by month Error in 'TsidxStats': WHERE clause is not an exact query Hello Community! I am trying to get the record count by index that I am getting per month in Splunk. I am using this ... by daymar23 Observer in Splunk Search 06-10-2021 0 4	0	4
How to table out two string fields under one field/column? \| eval Alert_Message_DISK = status_disk.": Disk utilization for ".host." is ".total_disk_utilization."%" \| eval Ale... by FaridHamidi Engager in Splunk Search 06-10-2021 0 1	0	1
Rex command to Show number values between two fields How to use Rex command to show Value in between 'Id' and `language` for example 0827ce61-e07c-4b51-a052-681dcc94fa2f ... by rajasplunk89 Engager in Splunk Search 06-10-2021 0 15	0	15
How to get notified for indexer automatic detention Im not seeing any way Splunk will notify regarding automatic detention, which usually happens because of disk space i... by jpillai Path Finder in Splunk Search 06-10-2021 0 5	0	5
Using regex in field extraction Hi, I'm trying to create a field extraction(extension) that goes off an existing field(TargetFilename) but it isn't w... by TheBravoSierra Path Finder in Splunk Search 06-09-2021 0 8	0	8
How to obtain valid value of a field among known bad ones I have some data with flip-flop values akin to the following simulation \| makeresults count=20 \| eval id = "id" . (ra... by yuanliu SplunkTrust in Splunk Search 06-09-2021 0 3	0	3
Regex in transforms.conf I'm trying to get this extraction for the filename to work via transforms.conf but it isn't working. Any ideas?[My_so... by TheBravoSierra Path Finder in Splunk Search 06-09-2021 0 2	0	2
How to retrieve a field named as "source" in a search Hi,I was able to do a search using this SPLindex="myapp_index" source="d:\\splunk\\test.json" \| spath input=payload \|... by william_choo Explorer in Splunk Search 06-09-2021 0 4	0	4
get all csv names in a splunk environment How to get all the csv names present in Splunk environment ? Lets say, i have 1000+ csv and i want to get all csv nam... by Saikat001 Explorer in Splunk Search 06-09-2021 0 2	0	2
Display table of top 5 URL with their status and percentage Need a table to show top 5 URL as given below in splunk. Is this possible in splunk? I tried many ways but I cant get... by Augustine_Vijay Explorer in Splunk Search 06-09-2021 0 16	0	16
Finding a host from multiple csv Lets say, i have 1000+ csv and i want to find a host that might be present in multiple csv's. i want to find and retu... by Saikat001 Explorer in Splunk Search 06-09-2021 0 1	0	1
Error while search query executing Any idea what this error is. I am getting the desired results with the query but it throws below error while executin... by harry_123 Loves-to-Learn Lots in Splunk Search 06-09-2021 0 1	0	1
tstats search fails when attempting cidr match on IPv6 subnets Attempting to run a tstats search that excludes a collection of IPv6 ranges from the results as follows:\| tstats summ... by jpawloski Path Finder in Splunk Search 06-09-2021 0 0	0	0
How to create a condition on one event based on the values of another event Hi all, I have a situation like the following:I have some events with a start and end time that tell me when there ha... by tommasoscarpa Explorer in Splunk Search 06-09-2021 0 3	0	3
How to pass earliest/latest and time input to the search as the same token to the searches in the dashboard? I have created a time input and also two text boxes to pass earliest and latest values to the searches.When I select ... by sbollam Explorer in Splunk Search 06-09-2021 0 4	0	4
Extracting information nested in a JSON-like format Hello,I'm designing some searches from O365 logs that have a complicated field called "Data", depending on the worklo... by husse_wl Loves-to-Learn in Splunk Search 06-09-2021 0 2	0	2
StreamingCommand block when input contains non-ascii character Environment: splunk8.0 python3 splunk python SDK 1.6.11 When I write a customized command with python: #!/usr/bin/e... by jeffcui134 Engager in Splunk Search 06-09-2021 1 3	1	3
lookup returns multivalue on match of single field? Hi,Strange behavior with Automatic lookup (same with manual lookup).I have csv file that contains codes, example:1 - ... by jbanAtSplunk Communicator in Splunk Search 06-09-2021 0 2	0	2
Dynamic search for multi sources Hi All,I need some help in searching,so I have 1 index but it has multiple sources,Index = Index1and within the index... by Laxman24 Explorer in Splunk Search 06-09-2021 0 2	0	2