Splunk Search

Community Activity

Expire Rows in a Lookup After 30 Days Hi Splunkheads, Need some advice here. I have built a simple lookup table and simple search for known bad ip addresse... by dmbr Explorer in Splunk Search 05-20-2021 0 1	0	1
Why is a power user unable to search a particular index? I have admin user and power user (role=power), when i search a particular index (iis_web) it does not return the out... by shreyasathavale Communicator in Splunk Search 05-20-2021 0 3	0	3
bin by date that is not the time field Hi,So I have a goal to count user visits, but the log polls too frequently, so we are going to define a visit by one ... by user93 Communicator in Splunk Search 05-20-2021 0 3	0	3
Breakdown the Totals I want to add more columns that will show the sessions. Such as sudo su ssh etc. Currently I have this:index="name ... by kbohlken Observer in Splunk Search 05-20-2021 0 1	0	1
Different search results quetion Hello all,Running the following search (direct count) at different times of the day for the same time period I receiv... by johefu Loves-to-Learn in Splunk Search 05-20-2021 0 2	0	2
Rex Hello!!I have a field value that looks like:abcd124567-1609173498I only want to remove abcd-1609173498 and have the 1... by Logan20 New Member in Splunk Search 05-20-2021 0 1	0	1
How to combine multiple rows in a field to one row in the same field? I have a data set as seen below.exec arguments/bin/shsh-cuname -p ** /dev/null/sbin/ldconfig/bin/sh... by splunkerer Path Finder in Splunk Search 05-20-2021 0 4	0	4
Dynamic date comparison I am creating a search that detects compliance received from palo alto signatureswe are receving 4 sets of dates:app-... by RonD Explorer in Splunk Search 05-20-2021 0 2	0	2
Using fillnull_value or fillnull value with Tstats I am trying to fill the null values and using a datamodel. I want to use tstats and fill null values will "Null" usin... by Godspeed_74 Loves-to-Learn Lots in Splunk Search 05-20-2021 0 6	0	6
Detailed search for the triggered alerts in Splunk Hi team,I'm trying to build a search which will search for the alerts which have been triggered for a hosts during sp... by szukacz Engager in Splunk Search 05-20-2021 0 3	0	3
Rex need to extract field till first occurrence of /r HiI need to extract hostname or IP address from raw log. My log looks like below:somerandometest host: abc@email.com... by Sangu Explorer in Splunk Search 05-20-2021 0 2	0	2
Show last update from indexed csv file Hi, I have a csv file that is updated by a script once a minute. The output is similar to: time,queuename,vpn,last-me... by jugarugabi Path Finder in Splunk Search 05-20-2021 0 4	0	4
Trying to ignore a value based on the field Hello team, I am trying to ignore the value "Total" if its concurrent Os_type matches "Linux" Below is what I tried.\|... by srinivasgowda Explorer in Splunk Search 05-20-2021 0 3	0	3
creating timechart grouped data tables hi all, newbee question here but i can't seem to find an answer. I am trying to create a timechart table grouped tabl... by stephenreece78 Engager in Splunk Search 05-20-2021 0 2	0	2
Timechart woes I've been searching and trying options for a couple of days now with this search and cannot find a solution.I am usin... by timrich66 Communicator in Splunk Search 05-20-2021 0 10	0	10
Can I use lookup output inside calculated field? I have an attribute that is determined by two inputs, one with many possible values, the other few. I can enlist the... by yuanliu SplunkTrust in Splunk Search 05-19-2021 1 4	1	4
Need help How to convert below _time Server col1 col2 col38am SerA 1 2 3... by teewenjie22 Engager in Splunk Search 05-19-2021 0 1	0	1
Using Relative Time To Lookup New Hires Within The Last 3 Months I'm currently trying to create a search that look for employees hired within the last 3 months, but I keep getting al... by payton_tayvion Path Finder in Splunk Search 05-19-2021 0 1	0	1
Splunk query for ignoring results with a regex pattern Problem: I want to ignore all results from search that have message: <4 digits> in them. For example: { timestamp: 20... by malanirishi New Member in Splunk Search 05-19-2021 0 1	0	1
tonumber for numerical rather than lexigraphical sort in a multivalue field I'm looking for a way to numerically sort a multivalue field without expanding the field, sorting and then recombinin... by chirsf Explorer in Splunk Search 05-19-2021 1 3	1	3
Splunk \|search limited to 1000 entries Hi there,I'm just a basic user of Splunk in my company and I have 0 experience with programming or SQL please don't g... by mkroczak Loves-to-Learn in Splunk Search 05-19-2021 0 1	0	1
need help with regex search i would need help splitting this output into its own line.if we can even remove the quotes, comma, curly brackets and... by thaghost99 Path Finder in Splunk Search 05-19-2021 0 4	0	4
Splunk Json extraction - single and multiple items in fields. Hi,New to splunk first time lister. Hoping for some help.I am trying to extract nested JSON data from a Widows Event ... by MrPink99 New Member in Splunk Search 05-19-2021 0 0	0	0
Calculate where criteria with value from a subsearch I'm sure this has been asked before, but nothing I'm coming up with for searches against this forum have proved usefu... by jheiselman Explorer in Splunk Search 05-19-2021 0 3	0	3
Macro oddness with inputlookup I have an odd situation with a macro starting with an inputlookup like this: inputlookup ADcomputerslist ```logic tim... by chirsf Explorer in Splunk Search 05-19-2021 0 3	0	3