Splunk Search

Community Activity

Token eval Question I'm trying to check the value of a token and if it is equal to "X" change it to an * but if it is equal to anything e... by timm7474 Explorer in Splunk Search 05-18-2021 0 4	0	4
splunk search query for last 6 months day wise pool licence and need to generate report HI all i have prepared splunk search query for every day poolwise license but i need last 6 months poolwise data a... by Mahi4rus Explorer in Splunk Search 05-18-2021 0 0	0	0
time chart I have two queries and i want to display both the query result in line chart (one line in the line chart from the res... by vinod0313 Explorer in Splunk Search 05-18-2021 0 4	0	4
field Extraction When i want to extract BiosMake fields with fields extraction.I have this error:Error in 'rex' command by christian75 Engager in Splunk Search 05-18-2021 0 5	0	5
Is there a search to show bundle size in the Dispatch Runner configuration initialization? We are getting: Dispatch Runner: Configuration initialization for splunk\var\run\searchpeers\ really long string of ... by randy_moore Path Finder in Splunk Search 05-18-2021 1 13	1	13
Having issues with latest and earliest time in search Hello all, I am trying to run the below query and when I change the earliest to last 7 days I am getting the below er... by srinivas_gowda Path Finder in Splunk Search 05-18-2021 0 5	0	5
indexed_kv_limit Error I am running a query to parse a two-level nested JSON that takes out only the second level dict and puts it in the fo... by surejsajeev Explorer in Splunk Search 05-17-2021 0 1	0	1
How to Calculate Response Time for each transaction? by samrat1220 Loves-to-Learn in Splunk Search 05-17-2021 0 1	0	1
Look for field. If doesn't exist, add I am looking to have a eval search that looks for a field name of "Name" and adds the value. If the field doesn't exi... by Becherer Explorer in Splunk Search 05-17-2021 0 1	0	1
o365 admin center workload Hi guys,I'm trying to create a search that triggers an alert every time a user has been signed out of their o365 sess... by weetabixsplunk Explorer in Splunk Search 05-17-2021 0 0	0	0
Grouping within multivalued fields I have built a query that exports data by a date range and based on a scan or source. Currently I'm grouping them int... by chaday00 Path Finder in Splunk Search 05-17-2021 0 2	0	2
compare last 5 days data I would like to listed those events (reuirements) which state are changed to Agreed from last 3 days.Today have a dat... by kig121 Loves-to-Learn Lots in Splunk Search 05-17-2021 0 3	0	3
Export MV field values to CSV I have specific events with rows and rows of MV data. They have a header and footer data but the bulk of the body is... by saulverde Path Finder in Splunk Search 05-17-2021 0 3	0	3
Getting a list of active users usernames from a list of email addresses I have a CSV with multiple hundred email addresses and I am trying to run a report to determine which accounts are ac... by agenco01 Engager in Splunk Search 05-17-2021 0 3	0	3
Too long query? Hi, I have an issue with a query of mine. The length of it is exactly 378 lines, and however I managed to save it on... by Villo Observer in Splunk Search 05-17-2021 0 4	0	4
Field extraction Help Description Recorded value for [Turn On Test 123]Recorded value for [Turn On Test 456]Execute all... by moinyuso96 Path Finder in Splunk Search 05-17-2021 0 4	0	4
Changing rows to columns and maintaining association Hello,I have a table of items and I need to convert the results in the rows "pa_name" and "pa_valor" to columns and k... by _Mauro_Costa_ Explorer in Splunk Search 05-17-2021 0 3	0	3
HOW TO MAKE EXCEPT SQL QUERY IN SPL (A\B) Hello everyone,I'm new in Splunk. My issue is to make an EXCEPT SQL query in SPL. Something like the following: inde... by DjNaGuRo Explorer in Splunk Search 05-17-2021 0 8	0	8
Infinite resolution Hi,I'm using \| sim flow query="<My query>" format=table org_id=<ID> resolution=900000 For my metric query, above q... by jeyakumar8 Loves-to-Learn Everything in Splunk Search 05-17-2021 0 1	0	1
Compare changes today to last 7 days Hi All,I am a newbie in Splunk world and looking for some help in structuring my query.I have an index with data like... by kig121 Loves-to-Learn Lots in Splunk Search 05-16-2021 0 5	0	5
stats/streamstats to display only last 2 result/row Hi, i'm looking for a solution which only show the last and last-1 result using stats or streamstats function. Aim i... by yuming1127 Path Finder in Splunk Search 05-16-2021 0 3	0	3
How do I build correlation rule? "Account was created and deleted" Hi! There is another way to create a query with EventID ("user-created") and then EvendID ("user deleted") in 5 min?I... by or1515 Loves-to-Learn Everything in Splunk Search 05-16-2021 0 1	0	1
How to use foreach with search filter? Hi All,I have a requirement to use foreach with search filter.Example fileds 192345_Employeestatus,207754_Employeesta... by Shan Builder in Splunk Search 05-16-2021 0 6	0	6
Complex query on IIS log Hi all,I would like extract from intranet weblog (IIS log) top pages grouped by departments to see which pages are mo... by mamoSplunk Explorer in Splunk Search 05-16-2021 0 4	0	4
Splunk search query To obtain "list of suspicious IP addresses that attempt to make an unauthorized web connection having a duration of l... by Sidmi09 New Member in Splunk Search 05-16-2021 0 3	0	3