Splunk Search

Community Activity

Splunk search removing ../ automatically I am currently working on a log and filtering data.Splunk has identified uri_query as a field.I have come across an e... by AceOfSpades Engager in Splunk Search 06-08-2021 0 4	0	4
How to get a ratio of two fields based on condition? Following is the data I have:Time (DD/MM/YYYY 00:00:00)Delay_class (String value, example "B. > 15 MIN" or "A. < 15MI... by Rokas_Strazdas Engager in Splunk Search 06-08-2021 0 3	0	3
Comparing a pair of unique fields with a common denominator I'm trying to create a dashboard that shows the count of new vulnerabilities between this month and last month, using... by cave_splunker Explorer in Splunk Search 06-08-2021 1 8	1	8
How to determine right value for Outlier Tolerance Threshold command in Smart Outlier Detection Assistant in MLTK app ? I am developing a use case to detect outliers on logons for a specific app using Smart Outlier Detection Assistant in... by dm1 Contributor in Splunk Search 06-07-2021 2 0	2	0
How to change base search with token? Hello,I have several different type of searches and made all of those as base search. And now I want to make input to... by splunkkid Path Finder in Splunk Search 06-07-2021 0 6	0	6
Lookup from CSV and output another column Hello,I am comparing a host.csv file with two columns "IP" and "DNS" I want to compare the IP column to my base searc... by logtastic Explorer in Splunk Search 06-07-2021 0 1	0	1
How to cancel \|dbxquery sql query? Hi,We are using Splunk DB Connect on search heads to run "\|dbxquery" command with SQL queries to Snowflake DB.Sometim... by mlevsh Builder in Splunk Search 06-07-2021 0 1	0	1
Convert long table to confusion matrix I am looking to create a confusion matrix out of a tabled query of the form[query] \| table unchanged true predWhere, ... by ebarnhill Engager in Splunk Search 06-07-2021 0 1	0	1
Set difference of a table field in Splunk From a search I composed a table, let's call it T1, formed by two columns table name, sourcetypeNow I need to create ... by guido93 New Member in Splunk Search 06-07-2021 0 3	0	3
rename boolean value in a pie chart I have a boolean field which I get from the search, now when I do a stats count by boolean_field, the pie chart will ... by thenormalone Path Finder in Splunk Search 06-07-2021 0 3	0	3
Splunk Search Query Help Hello All,Could you please suggest to me whether this option is good or is there any optimized search query? query --... by newBie001 Loves-to-Learn in Splunk Search 06-07-2021 0 1	0	1
Combining/appending multiple makeresults I am providing data from one input in the dashboard, and want to search provided input strings in different fields wh... by splunkerer Path Finder in Splunk Search 06-07-2021 0 4	0	4
Select multiple lines into a new filed Hello!So I'm new to Splunk, and I have a very long event but I'm only interested in the below two lines (there are a ... by 3amer92 Explorer in Splunk Search 06-07-2021 0 0	0	0
Search and Extract date from string Hi All,I need some help in searching,I have the following data : Field1Field22021-05-14X03:02:57YXa2021-05-13X05:12:1... by Laxman24 Explorer in Splunk Search 06-07-2021 0 2	0	2
Unable to extract complete URL from the below splunk log Hi Team, I am trying to extract complete URL from the below splunk search i tried many ways can you please help me on... by mani9059 Engager in Splunk Search 06-07-2021 0 3	0	3
Need a API which disable and enable the alerts by mani9059 Engager in Splunk Search 06-07-2021 0 1	0	1
Need help with regular expression to extract successful and failed logins from /var/log/secure in a search I would like to extract user name, source IP, source port and access protocol from the following 2 events from /var/l... by Splunk_Ryan Explorer in Splunk Search 06-06-2021 0 6	0	6
How can I use abstract command How can I use abstract command?My query is\| makeresults\| eval test = " 123456789123456"\| abstract maxlines=1 This que... by tkdguq0110 Path Finder in Splunk Search 06-06-2021 0 0	0	0
Where do I put my fillnull value? This is my base search:\| datamodel Test summariesonly=true search\| search "TEST.date"=2021-05-23 \| rename "TEST.date"... by ebs Communicator in Splunk Search 06-06-2021 0 10	0	10
How to combine a search that relies on latest(_time) for two different fields Hi,I want to create a search that is able to grab both the start and end times of a specific action, but to create th... by ebs Communicator in Splunk Search 06-06-2021 0 1	0	1
Display stats percentage in row instead of columns Hi Splunk experts, I'm generating stats from 3 indexes (System A, B, C) and the results look like this:Table 1:The to... by new2splunk1 Engager in Splunk Search 06-05-2021 0 4	0	4
Dashboard to show count of unique alerts based on host Hello, I have alerts that look like belowMay 13 17:15:30 11.2.3.22 0000017768: NOXXXXXX10A: May 13 2021 17:15:30.467 ... by harry_123 Loves-to-Learn Lots in Splunk Search 06-04-2021 0 13	0	13
license utilization for big increase in paloalto index - solution and root cause index=_internal host="ip" source=license_usage.log type="Usage" [\| inputlookup all_cs_indexes.csv \| renam... by vijaykuma New Member in Splunk Search 06-04-2021 0 1	0	1
How to create dashboard which takes multiple(bulk) inputs ? Hello,I am creating a dashboard, no matter which input can be used, but need is to paste multiple input into dashboar... by splunkerer Path Finder in Splunk Search 06-04-2021 0 6	0	6
Adding filter to query using IN Can I please get some assistance on the below?I'm trying to add a filter TRAN_CLASS!=6 to the below query. When I add... by shrogers Loves-to-Learn Everything in Splunk Search 06-04-2021 0 4	0	4