Splunk Search

Community Activity

How to obtain valid value of a field among known bad ones I have some data with flip-flop values akin to the following simulation \| makeresults count=20 \| eval id = "id" . (ra... by yuanliu SplunkTrust in Splunk Search 06-09-2021 0 3	0	3
Regex in transforms.conf I'm trying to get this extraction for the filename to work via transforms.conf but it isn't working. Any ideas?[My_so... by TheBravoSierra Path Finder in Splunk Search 06-09-2021 0 2	0	2
How to retrieve a field named as "source" in a search Hi,I was able to do a search using this SPLindex="myapp_index" source="d:\\splunk\\test.json" \| spath input=payload \|... by william_choo Explorer in Splunk Search 06-09-2021 0 4	0	4
get all csv names in a splunk environment How to get all the csv names present in Splunk environment ? Lets say, i have 1000+ csv and i want to get all csv nam... by Saikat001 Explorer in Splunk Search 06-09-2021 0 2	0	2
Display table of top 5 URL with their status and percentage Need a table to show top 5 URL as given below in splunk. Is this possible in splunk? I tried many ways but I cant get... by Augustine_Vijay Explorer in Splunk Search 06-09-2021 0 16	0	16
Finding a host from multiple csv Lets say, i have 1000+ csv and i want to find a host that might be present in multiple csv's. i want to find and retu... by Saikat001 Explorer in Splunk Search 06-09-2021 0 1	0	1
Error while search query executing Any idea what this error is. I am getting the desired results with the query but it throws below error while executin... by harry_123 Loves-to-Learn Lots in Splunk Search 06-09-2021 0 1	0	1
tstats search fails when attempting cidr match on IPv6 subnets Attempting to run a tstats search that excludes a collection of IPv6 ranges from the results as follows:\| tstats summ... by jpawloski Path Finder in Splunk Search 06-09-2021 0 0	0	0
How to create a condition on one event based on the values of another event Hi all, I have a situation like the following:I have some events with a start and end time that tell me when there ha... by tommasoscarpa Explorer in Splunk Search 06-09-2021 0 3	0	3
How to pass earliest/latest and time input to the search as the same token to the searches in the dashboard? I have created a time input and also two text boxes to pass earliest and latest values to the searches.When I select ... by sbollam Explorer in Splunk Search 06-09-2021 0 4	0	4
Extracting information nested in a JSON-like format Hello,I'm designing some searches from O365 logs that have a complicated field called "Data", depending on the worklo... by husse_wl Loves-to-Learn in Splunk Search 06-09-2021 0 2	0	2
StreamingCommand block when input contains non-ascii character Environment: splunk8.0 python3 splunk python SDK 1.6.11 When I write a customized command with python: #!/usr/bin/e... by jeffcui134 Engager in Splunk Search 06-09-2021 1 3	1	3
lookup returns multivalue on match of single field? Hi,Strange behavior with Automatic lookup (same with manual lookup).I have csv file that contains codes, example:1 - ... by jbanAtSplunk Communicator in Splunk Search 06-09-2021 0 2	0	2
Dynamic search for multi sources Hi All,I need some help in searching,so I have 1 index but it has multiple sources,Index = Index1and within the index... by Laxman24 Explorer in Splunk Search 06-09-2021 0 2	0	2
need search with if condition Am getting data in this format now.but i need to show only those row where sum of all column values are > 500am tryi... by avikc100 Path Finder in Splunk Search 06-09-2021 0 3	0	3
Port flapping MAC search Hi team!Couldn't find any info about it....but how make a proper search string to see what MAC address was on flappin... by sSiDs New Member in Splunk Search 06-08-2021 0 1	0	1
How to Keep Fields from Becoming Multivalued Hello,I have events like this:2021-06-07 17:53:01 UserId:123 Session complete2021-06-07 17:25:01 UserId:123 Start ses... by Traer001 Path Finder in Splunk Search 06-08-2021 0 1	0	1
How to Get An Event from Within a Transaction Hello,I am trying to get an event inside of a transaction to use for duration calculation. My events currently look l... by Traer001 Path Finder in Splunk Search 06-08-2021 0 1	0	1
Why custom search command not working without being prefixed by dedup Hi,I created a custom StreamingCommand which makes REST API calls to get user details, based on a userid.If command i... by Cristian Observer in Splunk Search 06-08-2021 0 0	0	0
Transaction global status Hi,I have some events like :---------------------------------TXID;RECEIVER;STATUSAA11;RCV00001;OKAA11;RCV00001;KOAA11... by Atif Explorer in Splunk Search 06-08-2021 0 2	0	2
limits.conf, non-global settings local to specific App All, Hopefully a straightforward question.Is it possible to increase the following setting in a .../appname/local/lim... by actionabledata Path Finder in Splunk Search 06-08-2021 0 1	0	1
Filtering PaloAlto events Dear Splunkers, can you please help with the following problem:We use single instance and PaloAlto logs are sent thro... by Gene Path Finder in Splunk Search 06-08-2021 0 3	0	3
Help with Splunk search to join two searches with common field I am trying to join two searches with a common fieldEvent1:Jun 7 14:55:37 v3**v sudo: pam_sss(sudo:auth): authentica... by vrmandadi Builder in Splunk Search 06-08-2021 0 4	0	4
How do I "merge" events? Hello, I have to parse this very custom LOG, and i'm having trouble figuring out how to do this: I have two differen... by 3DGjos Communicator in Splunk Search 06-08-2021 0 10	0	10
Subsearch produced 221180 results, truncating to maxout 10000. Hi All,i have 221180 ips in csv(deattackerv1.csv) with only one field "ip" .. where i want to check if we have any h... by Susha Engager in Splunk Search 06-08-2021 0 7	0	7