Splunk Search

Community Activity

Why custom search command not working without being prefixed by dedup Hi,I created a custom StreamingCommand which makes REST API calls to get user details, based on a userid.If command i... by Cristian Observer in Splunk Search 06-08-2021 0 0	0	0
Transaction global status Hi,I have some events like :---------------------------------TXID;RECEIVER;STATUSAA11;RCV00001;OKAA11;RCV00001;KOAA11... by Atif Explorer in Splunk Search 06-08-2021 0 2	0	2
limits.conf, non-global settings local to specific App All, Hopefully a straightforward question.Is it possible to increase the following setting in a .../appname/local/lim... by actionabledata Path Finder in Splunk Search 06-08-2021 0 1	0	1
Filtering PaloAlto events Dear Splunkers, can you please help with the following problem:We use single instance and PaloAlto logs are sent thro... by Gene Path Finder in Splunk Search 06-08-2021 0 3	0	3
Help with Splunk search to join two searches with common field I am trying to join two searches with a common fieldEvent1:Jun 7 14:55:37 v3**v sudo: pam_sss(sudo:auth): authentica... by vrmandadi Builder in Splunk Search 06-08-2021 0 4	0	4
How do I "merge" events? Hello, I have to parse this very custom LOG, and i'm having trouble figuring out how to do this: I have two differen... by 3DGjos Communicator in Splunk Search 06-08-2021 0 10	0	10
Subsearch produced 221180 results, truncating to maxout 10000. Hi All,i have 221180 ips in csv(deattackerv1.csv) with only one field "ip" .. where i want to check if we have any h... by Susha Engager in Splunk Search 06-08-2021 0 7	0	7
Splunk search removing ../ automatically I am currently working on a log and filtering data.Splunk has identified uri_query as a field.I have come across an e... by AceOfSpades Engager in Splunk Search 06-08-2021 0 4	0	4
How to get a ratio of two fields based on condition? Following is the data I have:Time (DD/MM/YYYY 00:00:00)Delay_class (String value, example "B. > 15 MIN" or "A. < 15MI... by Rokas_Strazdas Engager in Splunk Search 06-08-2021 0 3	0	3
Comparing a pair of unique fields with a common denominator I'm trying to create a dashboard that shows the count of new vulnerabilities between this month and last month, using... by cave_splunker Explorer in Splunk Search 06-08-2021 1 8	1	8
How to determine right value for Outlier Tolerance Threshold command in Smart Outlier Detection Assistant in MLTK app ? I am developing a use case to detect outliers on logons for a specific app using Smart Outlier Detection Assistant in... by dm1 Contributor in Splunk Search 06-07-2021 2 0	2	0
How to change base search with token? Hello,I have several different type of searches and made all of those as base search. And now I want to make input to... by splunkkid Path Finder in Splunk Search 06-07-2021 0 6	0	6
Lookup from CSV and output another column Hello,I am comparing a host.csv file with two columns "IP" and "DNS" I want to compare the IP column to my base searc... by logtastic Explorer in Splunk Search 06-07-2021 0 1	0	1
How to cancel \|dbxquery sql query? Hi,We are using Splunk DB Connect on search heads to run "\|dbxquery" command with SQL queries to Snowflake DB.Sometim... by mlevsh Builder in Splunk Search 06-07-2021 0 1	0	1
Convert long table to confusion matrix I am looking to create a confusion matrix out of a tabled query of the form[query] \| table unchanged true predWhere, ... by ebarnhill Engager in Splunk Search 06-07-2021 0 1	0	1
Set difference of a table field in Splunk From a search I composed a table, let's call it T1, formed by two columns table name, sourcetypeNow I need to create ... by guido93 New Member in Splunk Search 06-07-2021 0 3	0	3
rename boolean value in a pie chart I have a boolean field which I get from the search, now when I do a stats count by boolean_field, the pie chart will ... by thenormalone Path Finder in Splunk Search 06-07-2021 0 3	0	3
Splunk Search Query Help Hello All,Could you please suggest to me whether this option is good or is there any optimized search query? query --... by newBie001 Loves-to-Learn in Splunk Search 06-07-2021 0 1	0	1
Combining/appending multiple makeresults I am providing data from one input in the dashboard, and want to search provided input strings in different fields wh... by splunkerer Path Finder in Splunk Search 06-07-2021 0 4	0	4
Select multiple lines into a new filed Hello!So I'm new to Splunk, and I have a very long event but I'm only interested in the below two lines (there are a ... by 3amer92 Explorer in Splunk Search 06-07-2021 0 0	0	0
Search and Extract date from string Hi All,I need some help in searching,I have the following data : Field1Field22021-05-14X03:02:57YXa2021-05-13X05:12:1... by Laxman24 Explorer in Splunk Search 06-07-2021 0 2	0	2
Unable to extract complete URL from the below splunk log Hi Team, I am trying to extract complete URL from the below splunk search i tried many ways can you please help me on... by mani9059 Engager in Splunk Search 06-07-2021 0 3	0	3
Need a API which disable and enable the alerts by mani9059 Engager in Splunk Search 06-07-2021 0 1	0	1
Need help with regular expression to extract successful and failed logins from /var/log/secure in a search I would like to extract user name, source IP, source port and access protocol from the following 2 events from /var/l... by Splunk_Ryan Explorer in Splunk Search 06-06-2021 0 6	0	6
How can I use abstract command How can I use abstract command?My query is\| makeresults\| eval test = " 123456789123456"\| abstract maxlines=1 This que... by tkdguq0110 Path Finder in Splunk Search 06-06-2021 0 0	0	0