Splunk Search

Community Activity

Device online status dashboard Hello everyone,New and trying to learn, I've searched for hours trying to get a dashboard to display computers within... by TTAL New Member in Splunk Search 09-17-2024 0 3	0	3
splunk stats group and count by fields need query to remove duplicates from count statsSample inputevent emailabc xyz@email.comabc xyz@email.comabc... by Ameenulla Engager in Splunk Search 09-17-2024 0 1	0	1
removing duplicate with maximum value Hi All, Can anyone please help me on this ... I am framing a SPL query to get list of hosts with their last eventtime... by RanjiRaje Explorer in Splunk Search 09-17-2024 0 3	0	3
Help with a join search Hi All - I need help with a fairly complex search i am being asked to build by a user. The ask is that the below fie... by tomjb94 Observer in Splunk Search 09-17-2024 0 4	0	4
Splunk lookup file - lookup field question Hi all, I've got a lookup file called devices.csv that contains 2 fields, hostname and ip_address.The index I'm searc... by Pellecrino Engager in Splunk Search 09-16-2024 0 3	0	3
Comparing Multivalue Fields I've done a fair amount of searching over the forums and am still having issues with comparing multi-value fields. I'... by wilcomply13 Explorer in Splunk Search 09-16-2024 0 9	0	9
Basic KV Store Question - Updating Thousands of Records at Once Hello all, I have a requirement to list all of our assets and show the last time they appeared in the logs of many di... by alferone Explorer in Splunk Search 09-16-2024 0 6	0	6
Timewrap command grouping by field Hello, I've seen many others in this forum trying to achieve something similar to what I'm trying to do but I didn't ... by n3w4z4 Explorer in Splunk Search 09-16-2024 0 10	0	10
how stats count any fields , top 3 valus for example i have this fields and valus:stats count by username . i got this:usernameroot \| 102admin \| 71yara \| 34th... by siv Explorer in Splunk Search 09-16-2024 0 6	0	6
Creating dashboard with 4 columns Hi Team,I am sending json data to Splunk server and I want to create a dashboard out of it.My data is in the below fo... by shenoyveer Path Finder in Splunk Search 09-16-2024 0 4	0	4
Filter Feilds and suppress output data Dear All,We have splunk index with data like pattern and the pattern was recently changed.{"Feild1":"DATA1","Feild2":... by Satyapv Engager in Splunk Search 09-16-2024 0 3	0	3
saved search Hi , I have a saved search which is cron scheduled , but it is not showing on the saved search panel .(setting->Searc... by Siddharthnegi Contributor in Splunk Search 09-15-2024 0 2	0	2
How do I "Left join" by appending CSV to an index in multiple fields Hello,How do I "Left join" by appending CSV to an index in multiple fields?I was able to solve the problem, but1) Is ... by LearningGuy Motivator in Splunk Search 09-15-2024 0 11	0	11
summary index timestamp follows earliest time Hello,When I write data to a summary index, the timestamp (_time) always follows the earliest time.For example, if my... by LearningGuy Motivator in Splunk Search 09-15-2024 0 4	0	4
How Do I Combine Two Different Data Models I have two different data sets within the Updates data model. I catered a few panels within a dashboard that I use to... by OgoNARA Explorer in Splunk Search 09-15-2024 0 4	0	4
Kuala Lumpur Malaysia Splunk Usergroup May month meeting Hi Dear Malaysian Splunkers, Part of the SplunkTrust tasks, I have created a Splunk User Group for Kuala Lumper Malay... by inventsekar SplunkTrust in Splunk Search 09-14-2024 2 5	2	5
new field using information from other sourcetype Hello, I have two sourcetypes: pan_threat and pan_traffic (app SplunkforPaloAltoNetworks). In pan_threat I have the ... by are0002 Path Finder in Splunk Search 09-13-2024 0 8	0	8
how to use top alongside with tstats how can I use top command after migrating to tstats? I need the same result, but looks like it can be done only using... by romanpro Explorer in Splunk Search 09-13-2024 0 12	0	12
How to "end" a search when it receives partial results Hi!Maybe this question is so simple to answer that I did not find any example, so please be kind to me We use append... by Schroeder Path Finder in Splunk Search 09-13-2024 0 7	0	7
TIME_PREFIX props question Hi - I have a quick props question.I need to write a props for a particular sourcetype, and the messages always start... by tomjb94 Observer in Splunk Search 09-13-2024 0 1	0	1
Update Macro From Search Hi,I've a case where I want to update/append the Macro with the results from lookup. I don't want to do this manually... by Thulasinathan_M Contributor in Splunk Search 09-13-2024 0 9	0	9
monitoring user how can I monitoring an user if he is using the wireless in the company?thank you! by JoseQuintero Loves-to-Learn in Splunk Search 09-12-2024 0 1	0	1
How to iterate values inside lookup command and compare the value to event field value index=test \| table severity location vehicleseverity locationvehiclehighPlutoBike testLookup.csvseveritylocationvehi... by iamtheclient20 Explorer in Splunk Search 09-12-2024 0 7	0	7
What is wrong with this "map" command search? I'm facing a very strange situation. I have simplified it to just where the problem is ocurring Check out the below 2... by arjunpkishore5 Motivator in Splunk Search 09-12-2024 2 9	2	9
unable to use search head my free 60 days trial got expired and now I have updated the license to a free trial, but now I'm unable to use searc... by Girish New Member in Splunk Search 09-12-2024 0 1	0	1