Splunk Search

Community Activity

Finding a host from multiple csv Lets say, i have 1000+ csv and i want to find a host that might be present in multiple csv's. i want to find and retu... by Saikat001 Explorer in Splunk Search 06-09-2021 0 1	0	1
Error while search query executing Any idea what this error is. I am getting the desired results with the query but it throws below error while executin... by harry_123 Loves-to-Learn Lots in Splunk Search 06-09-2021 0 1	0	1
tstats search fails when attempting cidr match on IPv6 subnets Attempting to run a tstats search that excludes a collection of IPv6 ranges from the results as follows:\| tstats summ... by jpawloski Path Finder in Splunk Search 06-09-2021 0 0	0	0
How to create a condition on one event based on the values of another event Hi all, I have a situation like the following:I have some events with a start and end time that tell me when there ha... by tommasoscarpa Explorer in Splunk Search 06-09-2021 0 3	0	3
How to pass earliest/latest and time input to the search as the same token to the searches in the dashboard? I have created a time input and also two text boxes to pass earliest and latest values to the searches.When I select ... by sbollam Explorer in Splunk Search 06-09-2021 0 4	0	4
Extracting information nested in a JSON-like format Hello,I'm designing some searches from O365 logs that have a complicated field called "Data", depending on the worklo... by husse_wl Loves-to-Learn in Splunk Search 06-09-2021 0 2	0	2
StreamingCommand block when input contains non-ascii character Environment: splunk8.0 python3 splunk python SDK 1.6.11 When I write a customized command with python: #!/usr/bin/e... by jeffcui134 Engager in Splunk Search 06-09-2021 1 3	1	3
lookup returns multivalue on match of single field? Hi,Strange behavior with Automatic lookup (same with manual lookup).I have csv file that contains codes, example:1 - ... by jbanAtSplunk Communicator in Splunk Search 06-09-2021 0 2	0	2
Dynamic search for multi sources Hi All,I need some help in searching,so I have 1 index but it has multiple sources,Index = Index1and within the index... by Laxman24 Explorer in Splunk Search 06-09-2021 0 2	0	2
need search with if condition Am getting data in this format now.but i need to show only those row where sum of all column values are > 500am tryi... by avikc100 Path Finder in Splunk Search 06-09-2021 0 3	0	3
Port flapping MAC search Hi team!Couldn't find any info about it....but how make a proper search string to see what MAC address was on flappin... by sSiDs New Member in Splunk Search 06-08-2021 0 1	0	1
How to Keep Fields from Becoming Multivalued Hello,I have events like this:2021-06-07 17:53:01 UserId:123 Session complete2021-06-07 17:25:01 UserId:123 Start ses... by Traer001 Path Finder in Splunk Search 06-08-2021 0 1	0	1
How to Get An Event from Within a Transaction Hello,I am trying to get an event inside of a transaction to use for duration calculation. My events currently look l... by Traer001 Path Finder in Splunk Search 06-08-2021 0 1	0	1
Why custom search command not working without being prefixed by dedup Hi,I created a custom StreamingCommand which makes REST API calls to get user details, based on a userid.If command i... by Cristian Observer in Splunk Search 06-08-2021 0 0	0	0
Transaction global status Hi,I have some events like :---------------------------------TXID;RECEIVER;STATUSAA11;RCV00001;OKAA11;RCV00001;KOAA11... by Atif Explorer in Splunk Search 06-08-2021 0 2	0	2
limits.conf, non-global settings local to specific App All, Hopefully a straightforward question.Is it possible to increase the following setting in a .../appname/local/lim... by actionabledata Path Finder in Splunk Search 06-08-2021 0 1	0	1
Filtering PaloAlto events Dear Splunkers, can you please help with the following problem:We use single instance and PaloAlto logs are sent thro... by Gene Path Finder in Splunk Search 06-08-2021 0 3	0	3
Help with Splunk search to join two searches with common field I am trying to join two searches with a common fieldEvent1:Jun 7 14:55:37 v3**v sudo: pam_sss(sudo:auth): authentica... by vrmandadi Builder in Splunk Search 06-08-2021 0 4	0	4
How do I "merge" events? Hello, I have to parse this very custom LOG, and i'm having trouble figuring out how to do this: I have two differen... by 3DGjos Communicator in Splunk Search 06-08-2021 0 10	0	10
Subsearch produced 221180 results, truncating to maxout 10000. Hi All,i have 221180 ips in csv(deattackerv1.csv) with only one field "ip" .. where i want to check if we have any h... by Susha Engager in Splunk Search 06-08-2021 0 7	0	7
Splunk search removing ../ automatically I am currently working on a log and filtering data.Splunk has identified uri_query as a field.I have come across an e... by AceOfSpades Engager in Splunk Search 06-08-2021 0 4	0	4
How to get a ratio of two fields based on condition? Following is the data I have:Time (DD/MM/YYYY 00:00:00)Delay_class (String value, example "B. > 15 MIN" or "A. < 15MI... by Rokas_Strazdas Engager in Splunk Search 06-08-2021 0 3	0	3
Comparing a pair of unique fields with a common denominator I'm trying to create a dashboard that shows the count of new vulnerabilities between this month and last month, using... by cave_splunker Explorer in Splunk Search 06-08-2021 1 8	1	8
How to determine right value for Outlier Tolerance Threshold command in Smart Outlier Detection Assistant in MLTK app ? I am developing a use case to detect outliers on logons for a specific app using Smart Outlier Detection Assistant in... by dm1 Contributor in Splunk Search 06-07-2021 2 0	2	0
How to change base search with token? Hello,I have several different type of searches and made all of those as base search. And now I want to make input to... by splunkkid Path Finder in Splunk Search 06-07-2021 0 6	0	6