Splunk Search

Community Activity

How to compare events using two values of a multi-value field. Hello all, I have been struggling for a while now to create a query for comparing the events using two different valu... by parthmadane Explorer in Splunk Search 04-30-2021 0 6	0	6
Calculate time difference with extracted fields and offset time zones I've got logs that contain a timestamp in 24 hour YYYY-MM-DD HH:MM:ss:SSS format (example: 2021-04-29 18:43:07.557). ... by mrhodes93 Explorer in Splunk Search 04-30-2021 0 1	0	1
Search with a Variable Hi Team How are u?I have a little questionI have a index with same informations, index="epo" source="endpoint" In ... by JuanAntunes Explorer in Splunk Search 04-30-2021 0 3	0	3
Why are empty emails being sent using map & sendemail commands in my search and how do I prevent this? Hi. I tried to send an email for each event when triggered. I used map and sendemail commands, but there is an emp... by splunkrocks2014 Communicator in Splunk Search 04-29-2021 0 7	0	7
Splunk 8.0 sendemail/subsearch issues after upgrading Recently upgraded from 7.2.3 to 8.0 and a previously configured scheduled alert is not longer sending emails correctl... by aallred Engager in Splunk Search 04-29-2021 1 6	1	6
How to Use Earliest Starting Field in Transaction Hello,I have events that look like this (for a user with id 123):2021-04-29 14:30:45 Notification Received [User Id:1... by Traer001 Path Finder in Splunk Search 04-29-2021 0 2	0	2
Splunk Case-Sensitive Search Hi,Can someone help me with the regex command for below?\| search ="UPN=*T@mail.cloud"Thanks in advance! by alexspunkshell Contributor in Splunk Search 04-29-2021 0 3	0	3
How to pass event time from an inner subsearch to the outer search results table? Hi, Here are my searchesindex=foo <search criteria> \| table user _timeindex=bar <search criteria> \| table user _timeT... by Glasses Builder in Splunk Search 04-29-2021 0 6	0	6
Large scale join between two sourcetypes Hello Everyone, I have been working on a problem for the last few weeks and haven't had huge amounts of success and w... by NDolan Loves-to-Learn Lots in Splunk Search 04-29-2021 0 4	0	4
Splunk File Download Hi all, I have used an app to generate a document that according to this log went succesfull. Is there a way to allow... by me74fhfd Path Finder in Splunk Search 04-29-2021 0 1	0	1
Splunk query to eliminate specific events Hi All,Below is my Splunk query.I want to only eliminate the result if "UPN" & "Event_title" both are the same for 7 ... by alexspunkshell Contributor in Splunk Search 04-29-2021 0 7	0	7
How to combine multiple rows (from sub search results) into different columns on single row (main search) I have a query that returns the following result. Column 1Column 2A1A2B1B2C1C2D1D2 And I would like to transform it ... by Raymond2T Path Finder in Splunk Search 04-29-2021 0 2	0	2
Searching/Listing down all Installed App Usage, to find how which is the least used app. Hey all!I am tasked to do some housekeeping and find out which installed apps are being used the least so that I can ... by jawk339 Engager in Splunk Search 04-29-2021 0 2	0	2
Splunk DB Connect and Neo4j anyone? I am trying to connect to Neo4j using their JDBC driver with no luck. Has anybody done better than this? by Paolo_Prigione Builder in Splunk Search 04-29-2021 0 7	0	7
Get top 20 queries for avarage execution time Hello there  So, I've extracted from the log, using rex, the time, called OSY_time and each individual slow query, c... by marco_carolo Path Finder in Splunk Search 04-29-2021 0 1	0	1
table returns duplicates for extracted Fields that are not Selected table returns duplicates for extracted Fields that are not Selected fieldsIn the following image, host is a Selected ... by johnrk Engager in Splunk Search 04-29-2021 0 4	0	4
How do you generate CSV File on Schedule basis automatically as an attachment to Email. Hello,How do we schedule a CSV file as an attachment to the Email. What is the script that needs to be added in the s... by Dheeru Engager in Splunk Search 04-29-2021 0 1	0	1
extract multiple values from fields in same event Hello team , I am having one event in which single field have multiple value like provided below: {"body":{"records":... by kannu Communicator in Splunk Search 04-28-2021 0 3	0	3
regex Hi all,I have a column containingRequest = REQ_IN ...... { ...... "productId": "test", ...... { ....... "productId": ... by simo Path Finder in Splunk Search 04-28-2021 0 11	0	11
What is the search for creating account on MAC OS? What is the search for creating account on MAC OS? by NewZealandGrom Loves-to-Learn Lots in Splunk Search 04-28-2021 0 0	0	0
How to collect events that form part of a common tree I have a large NodeRED JSON flows.json file that I'm ingesting into Splunk. In that file there are one or more 'flows... by bowesmana SplunkTrust in Splunk Search 04-28-2021 0 0	0	0
makemv and mvindex not working as expected I am working with JSON data type events and am trying to extract the username (user1, user2) from the pathspec data s... by ankit Explorer in Splunk Search 04-28-2021 0 3	0	3
Find results that are not in a transaction The data is MFA attempts in O365. I have an alert that fires whenever someone denies an MFA push. The thing is, somet... by xtinas Engager in Splunk Search 04-28-2021 0 0	0	0
Count by Day of Week I am on Day 2 with Splunk.I am trying to get the average number of records by Day of the Week (Mon, Tue, Wed, etc) of... by Craig_Ph Loves-to-Learn Lots in Splunk Search 04-28-2021 0 1	0	1
Using like() not working in where statement I have an alerts index which has a data.rule.name field containing the following values:COVID-19 linked Cyber Attacks... by bpna Explorer in Splunk Search 04-28-2021 0 2	0	2