Splunk Search

Community Activity

Using rex command to extract Message field in Windows Event Logs I want to extract from the Message field in the Windows Event Log just the first few words until the period - example... by Alfred Explorer in Splunk Search 05-06-2021 0 5	0	5
format my successRate query into a week over week comparison i have a working query which is monitoring the success rate based off a value called app_id. i want to extend the cur... by billycn20 Explorer in Splunk Search 05-06-2021 0 4	0	4
measuring overall success rate based off two transactions present in logs, but want to group results by a field I am trying to measure our success rate on our platform. there are two individual events which we care to see in orde... by billycn20 Explorer in Splunk Search 05-06-2021 0 6	0	6
Tracking active sessions over time I have a query where I can see in a snapshot current active users per VPN profile (group). Having a hard time being a... by ajtokar Engager in Splunk Search 05-06-2021 0 2	0	2
How to filter table results based on an aggregation of a column I have this search that produces a table with has a column that lists the number of segments to a schedule. The table... by 3618475 Engager in Splunk Search 05-06-2021 0 3	0	3
Field diff search Hi guys,I know this has been asked many times before but it just wont work for me hence the question.I have one index... by aikn061 Explorer in Splunk Search 05-06-2021 0 7	0	7
Calculate Delta for a value for all hosts Hi,I successfully created an SPL that does what I need for a single host but I cannot get it to work for all hosts. T... by wbolten Path Finder in Splunk Search 05-06-2021 0 3	0	3
Generate Stats from 3 indexes. Hello members,I am new to Splunk and able to produce simple stats using STATS count by command but looking for direct... by new2splunk1 Engager in Splunk Search 05-06-2021 0 2	0	2
Searches for a specific host are not recorded in "SEARCH HISTORY" I am new to SPLUNK learning with the Enterprise Edition. I created a new host with JSON source type. When I search so... by aperezy17 New Member in Splunk Search 05-05-2021 0 0	0	0
Adding two stat results using one common field Hi guys I have two statsindex \|Exception\| countindex \|Error \|countI want is something like this :index \|Exception\|Err... by husainpatanwala Engager in Splunk Search 05-05-2021 0 3	0	3
search help Hi Guys, We can see there are 6 hosts which are sending bulk events (logs) to splunk. But we don’t know who is using ... by roopeshetty Path Finder in Splunk Search 05-05-2021 0 2	0	2
rex -> spath -> field extract not working? Hello -My data looks like (also attached as PNG for better readability):2021-04-28 - 22:01:14.728 - INFO : Action com... by bitbucket Engager in Splunk Search 05-05-2021 0 4	0	4
Wildcard search on non-existent field search I have a generic search that I am using to display data for a handful of applications, which look something like this... by cclva Explorer in Splunk Search 05-05-2021 0 1	0	1
Join two statistics tables without subsearch Hi, I am trying to compare event type count statistics for 2 days using the following search:earliest=-48h latest=-24... by sbarinov Path Finder in Splunk Search 05-05-2021 0 2	0	2
How to split count by product by another value? Hi, I have the following query: \| bin _time span=1d \| stats count as ProductCount by applysourcetype, product, _tim... by maxmukimov Explorer in Splunk Search 05-05-2021 0 7	0	7
LISPY issues with Windows Defender Logs Hey Splunkers,in the last days I'm trying to learn and understand the principles of LISPY to understand the fllowing ... by Lombs Engager in Splunk Search 05-04-2021 1 0	1	0
Regex multiple values from a string Hello,How can I extract multiple values from a string after each slash? For example below, I would like to extract f... by timyong80 Explorer in Splunk Search 05-04-2021 0 6	0	6
Combine 2 Queries that use the same Lookup CSV but different column in Lookup Hello - I am looking for recommendations on combining 2 searches that use the same Lookup CSV but different columns i... by stevenulbrich Explorer in Splunk Search 05-04-2021 0 0	0	0
Need help of review of 5 year old search to improve it. Hello - I have Splunk report that was generated 5 years ago. I was looking for advice. Can it be updated to work be... by stevenulbrich Explorer in Splunk Search 05-04-2021 0 3	0	3
Is there a way to extract a part of a string using a lookup table? Hello friends,Thank you so much for your help in advance.I have a field named "ERROR_COLAB" in which a series of resp... by cindygibbs_08 Communicator in Splunk Search 05-04-2021 0 2	0	2
extract ip username Hi, I am trying to extract the following [04 May 2021 13:13:59,786] [Nsh-Proxy-Thread-93] [INFO] [abc@abc.com:abc:10.... by dbashyam Explorer in Splunk Search 05-04-2021 0 3	0	3
Extract specific fields from unstructured logs I have a list of unstructured logs like below for which I have to extract certain fields. Tried using "Extract fields... by Nidd Path Finder in Splunk Search 05-04-2021 0 2	0	2
how to extract a value from a field name ? Hi,I have a table like that : testtotalproductA_xxxxproductA_zzzzproductB_xxxxproductB_zzzz1220.230.360.440.55 What I... by mah Builder in Splunk Search 05-04-2021 0 4	0	4
Multivalue fields to Columns and values of a single event Hello,I'm trying to show this event as a table: 2021-05-04 11:28:56.722, TIME="2021-05-04 11:28:56.722", ID="0a7a270... by Matioski7 Explorer in Splunk Search 05-04-2021 0 4	0	4
How to compare 5 different fields and get the count of their occurrence Hi Team,I would like to compare below 5 different columns and get one more column as a count.category code text cou... by aaa2324 Explorer in Splunk Search 05-04-2021 0 3	0	3