Splunk Search

Community Activity

	account was created and deleted Hi,My query:index=ph_windows_sec sourcetype=XmlWinEventLog (EventCode=630 OR EventCode=4726 OR EventCode=624 OR Event... by or1515 Loves-to-Learn Everything in Splunk Search 05-10-2021 0 2	0	2
	Split trellis over two variables Hi,Can I separate Trellis visualization by two variables as keys? In other words, I would like a timechart for each c... by yifatcy Path Finder in Splunk Search 05-10-2021 0 0	0	0
	Splunk searching Syntax Resolved by keyu921 Explorer in Splunk Search 05-10-2021 0 1	0	1
	How to concatenate strings with unicode character? I want to concatenate strings with special characters like "\t" and Unicode char "\u0006"I tried \| makeresults \| ev... by junlozhang Explorer in Splunk Search 05-09-2021 0 2	0	2
	How to split up a string into multiple fields? I have a field that consists of data separated from a json data field using this search.index="test-99" sourcetype="... by robayers Explorer in Splunk Search 05-09-2021 0 8	0	8
	Group events into a single event I am relatively new to this wonderful tool called SPLUNK. Please excuse me if this question has already been answered... by schou87 Path Finder in Splunk Search 05-09-2021 0 4	0	4
	I want to insert a value into a subsearch using the search result as a variable. Dear ALL,I want to insert a value into a subsearch using the search result as a variable.Do the following search to g... by Msugiyama Path Finder in Splunk Search 05-09-2021 0 2	0	2
	superimposed timeline chart comparing the latest and last week data For the below query, searching for the values of 2nd occurence of earliest and latest events so that the timechart wo... by prajwal_94 Explorer in Splunk Search 05-09-2021 0 2	0	2
	Build filter from inputlookup I would kindly need some help for a query i am not able to create.I have inputlookups as source.And i want to filter... by hvdtol Path Finder in Splunk Search 05-09-2021 0 4	0	4
	Getting Amount of X Events After Last Y Event Right now I have something like this: index=my_index sourcetype=my_sourcetype \| rex field=message "- (?<User>\S+) -:"... by PaintItParker Explorer in Splunk Search 05-08-2021 0 3	0	3
	Makeresult with hosts and date range I am aiming to provide headers to my generated report. I have 3 hosts, host1 host2 and host3. My report is configured... by cboonyan New Member in Splunk Search 05-08-2021 0 1	0	1
	How to get the difference (In whole days) between two fields within the same event Hi Guys, Wondering if you can help me out with the following. Within a single event I have to fields: 1) expiry_date2... by Matthew Engager in Splunk Search 05-08-2021 0 2	0	2
	2 host with the same names Hi,I have 2 servers with the same names and I have installed universal forwarder on both servers. In forwarder manage... by sh_tavousi Explorer in Splunk Search 05-08-2021 0 3	0	3
	How to merge the content of a group Let's say the data looks like:StudentNameStudentIdGradeExamDateTom1602021-04-01Jerry2702021-04-01Tom1622021-04-07Jerr... by junlozhang Explorer in Splunk Search 05-08-2021 0 2	0	2
	How to match portion of string between two fields in splunk Example:field1=ADOBE INC.field2=ADOBE SYSTEMS&sep1; INCORPORATEDi want to match this as both fields containing "ADOBE... by obais9346 Engager in Splunk Search 05-07-2021 0 3	0	3
	How to find how much data is flowing through a particular HEC token in Splunk? Hi All, Can any one guide me how to find, how much data is getting ingested into Splunk from a particular HEC token... by Hemnaath Motivator in Splunk Search 05-07-2021 0 3	0	3
	Export value from the filed based on another log I have O365 logs in Splunk. I want to find all shared files/folders plus display sensitivity labels of these files. A... by nikoloz04 New Member in Splunk Search 05-07-2021 0 0	0	0
	Sum latest value multiple field with timechart Hello !My data is in this form :_time (dd/mm/yyyy), NbRisk, SubProject, GlobalProject02/05/2021, 10 , SubProject1, ... by bcouavoux Explorer in Splunk Search 05-07-2021 0 4	0	4
	condition command to merge events Hi all,I performed an initial search, to this I added a second search, with the map command, where based on the value... by antonio147 Communicator in Splunk Search 05-07-2021 0 3	0	3
	selfjoin several result rows on different fields I have a search result where each 3 follwing lines are a block I want to join to one row like:fld1 fld2 fld3 fld4A ... by wiar Explorer in Splunk Search 05-07-2021 0 4	0	4
	Issue with searches and free version Hello,Two months ago we had the trial for the Enterprise version but now we are using the free version. Since the fre... by Am Explorer in Splunk Search 05-07-2021 0 9	0	9
	_time column always moves to end after rendering search results Desired Outcome : I am trying to create a simple timechart to show a count of ports and the relative time line on th... by lancair Observer in Splunk Search 05-07-2021 0 3	0	3
	Best way to make alert for each predicted value of result Hello,I'm struggling with the way to make efficient alerts trigger with SPL. I made splunk dashboard to visualize our... by splunkkid Path Finder in Splunk Search 05-07-2021 0 0	0	0
	Can i write a base search in another base search <search id="base_query_filter"><query> Index=a,sourcetype=x,eval y=A+B</query></search><search id="base_query"><... by renuka Path Finder in Splunk Search 05-06-2021 0 2	0	2
	Different number of events same query I have 2 servers that receive the logs through Syslog and through a universal forwarder I forward them to 2 indexers.... by splunkcol Builder in Splunk Search 05-06-2021 0 1	0	1