Splunk Search

Community Activity

How to get top 10 users by usage per day for last 30 days I have an index which gives user information of how much GB of data they used and from what source .I would like to g... by vrmandadi Builder in Splunk Search 06-11-2021 0 5	0	5
How to filter results from Lookup? In my search results, I have multiple results for "Alert" & "UPN"I want to only include "Alert=Anonymous IP address" ... by alexspunkshell Contributor in Splunk Search 06-11-2021 0 1	0	1
Search for multiple login attempts from same IP Hi,I try to find out a way to search for login events(bruteforce)were the user comes from one IP address and tries mu... by anomalyfinder Engager in Splunk Search 06-11-2021 0 2	0	2
API search query help hi me again. need help.this search string works perfectly fine when doing search int he guithis search works fine in ... by thaghost99 Path Finder in Splunk Search 06-11-2021 0 7	0	7
Delete logs Hi All,How can I delete my logs permanently Request to delete old Splunk logs for EMS and Truvue webservices that are... by anil1432 Explorer in Splunk Search 06-11-2021 0 3	0	3
how to filter the data from logs Hi Teami have a field agentId where i can find my data that is required data(i.e)cname=abc ,cname=xyz and so on ,whil... by Nith1 Path Finder in Splunk Search 06-11-2021 0 2	0	2
Can not searching by date in inputlookup es_notable_events Hi, please help to make search by date in inputlookup "es_notable_events". I thried to search by "earliest" its not w... by Dmitriy Explorer in Splunk Search 06-11-2021 0 3	0	3
HEC - WARN HttpListener - Read Timeout communicating with x.x.x.x:61888, disconnecting My splunk HEC server disconnecting the HEC connections from the clients when clients trying to send the log over HE... by splunkhu123 Loves-to-Learn in Splunk Search 06-10-2021 0 0	0	0
Timechart of chart over... I'm trying to get a chart dc(x) over y by z but by bin _time span=1month; basically a timechart where each month has ... by anghus_mcleod Loves-to-Learn in Splunk Search 06-10-2021 0 0	0	0
Splunk Query Hello,I am looking for a Splunk query that could match date as below."*Execution failure in Transferring Transaction ... by sunket6006 Engager in Splunk Search 06-10-2021 0 1	0	1
Using different input lookup commands based on token given in a dropdown Hi all,First time poster, new to Splunk and query languages in general, please forgive if this is a silly question. I... by ft_kd02 Path Finder in Splunk Search 06-10-2021 0 2	0	2
Nested sub searches return no result Hi and thanks a lot for your help !My goal :Finding processes that made suspicious DNS requests around user LogonIt s... by thierry_15 Loves-to-Learn in Splunk Search 06-10-2021 0 0	0	0
Storing top result as variable then displaying systems with that variable For some reason my search is not acting as expected. I am trying to produce a list of systems with the specific isola... by jlovik Explorer in Splunk Search 06-10-2021 0 2	0	2
How normalize field values that have slightly different field values? Regex? Match? Replace? Hi! ‍I am a little stuck on how to normalize "Operating System" data I have. Currently, we have a field called "Op... by UMDTERPS Communicator in Splunk Search 06-10-2021 0 6	0	6
How do I do a cidr match/not match in a tstats search? I am trying to get a list of the most common sources and destinations of blocked traffic from the previous day with s... by MonkeyK Builder in Splunk Search 06-10-2021 0 9	0	9
Search using results of a search I have a working search that we use to give a list of the members of admin groups in Active Directory:\| inputlookup A... by LynneEss Engager in Splunk Search 06-10-2021 1 1	1	1
eval on two columns in a lookup with host and time I have a search pulling back fields "file_type" and "host", I have set "event_hour" and doing a stats so I know the n... by middlemiddle Explorer in Splunk Search 06-10-2021 0 2	0	2
Combine 2 searches into one pie chart How can the following 2 searches be used in a single Pie Chart?SEARCH ONEindex=security host=THAT* OR host=THIS* Sour... by HMIPowell Explorer in Splunk Search 06-10-2021 0 3	0	3
tstats by index by month Error in 'TsidxStats': WHERE clause is not an exact query Hello Community! I am trying to get the record count by index that I am getting per month in Splunk. I am using this ... by daymar23 Observer in Splunk Search 06-10-2021 0 4	0	4
How to table out two string fields under one field/column? \| eval Alert_Message_DISK = status_disk.": Disk utilization for ".host." is ".total_disk_utilization."%" \| eval Ale... by FaridHamidi Engager in Splunk Search 06-10-2021 0 1	0	1
Rex command to Show number values between two fields How to use Rex command to show Value in between 'Id' and `language` for example 0827ce61-e07c-4b51-a052-681dcc94fa2f ... by rajasplunk89 Engager in Splunk Search 06-10-2021 0 15	0	15
How to get notified for indexer automatic detention Im not seeing any way Splunk will notify regarding automatic detention, which usually happens because of disk space i... by jpillai Path Finder in Splunk Search 06-10-2021 0 5	0	5
Using regex in field extraction Hi, I'm trying to create a field extraction(extension) that goes off an existing field(TargetFilename) but it isn't w... by TheBravoSierra Path Finder in Splunk Search 06-09-2021 0 8	0	8
How to obtain valid value of a field among known bad ones I have some data with flip-flop values akin to the following simulation \| makeresults count=20 \| eval id = "id" . (ra... by yuanliu SplunkTrust in Splunk Search 06-09-2021 0 3	0	3
Regex in transforms.conf I'm trying to get this extraction for the filename to work via transforms.conf but it isn't working. Any ideas?[My_so... by TheBravoSierra Path Finder in Splunk Search 06-09-2021 0 2	0	2