Splunk Search

Community Activity

Fields Extraction in Splunk We are using v9 format of logs in splunk. It is working fine and we are able to see logs in splunk as expected. We ad... by Alankrit New Member in Splunk Search 09-18-2024 0 1	0	1
Time field not reflecting along with the inputlookup query Hi Team,I am using below query to get the DNS lookup query, everything is fine but I am not getting the time field al... by Prashant Explorer in Splunk Search 09-18-2024 0 3	0	3
Device online status dashboard Hello everyone,New and trying to learn, I've searched for hours trying to get a dashboard to display computers within... by TTAL New Member in Splunk Search 09-17-2024 0 3	0	3
splunk stats group and count by fields need query to remove duplicates from count statsSample inputevent emailabc xyz@email.comabc xyz@email.comabc... by Ameenulla Engager in Splunk Search 09-17-2024 0 1	0	1
removing duplicate with maximum value Hi All, Can anyone please help me on this ... I am framing a SPL query to get list of hosts with their last eventtime... by RanjiRaje Explorer in Splunk Search 09-17-2024 0 3	0	3
Help with a join search Hi All - I need help with a fairly complex search i am being asked to build by a user. The ask is that the below fie... by tomjb94 Observer in Splunk Search 09-17-2024 0 4	0	4
Splunk lookup file - lookup field question Hi all, I've got a lookup file called devices.csv that contains 2 fields, hostname and ip_address.The index I'm searc... by Pellecrino Engager in Splunk Search 09-16-2024 0 3	0	3
Comparing Multivalue Fields I've done a fair amount of searching over the forums and am still having issues with comparing multi-value fields. I'... by wilcomply13 Explorer in Splunk Search 09-16-2024 0 9	0	9
Basic KV Store Question - Updating Thousands of Records at Once Hello all, I have a requirement to list all of our assets and show the last time they appeared in the logs of many di... by alferone Explorer in Splunk Search 09-16-2024 0 6	0	6
Timewrap command grouping by field Hello, I've seen many others in this forum trying to achieve something similar to what I'm trying to do but I didn't ... by n3w4z4 Explorer in Splunk Search 09-16-2024 0 10	0	10
how stats count any fields , top 3 valus for example i have this fields and valus:stats count by username . i got this:usernameroot \| 102admin \| 71yara \| 34th... by siv Explorer in Splunk Search 09-16-2024 0 6	0	6
Creating dashboard with 4 columns Hi Team,I am sending json data to Splunk server and I want to create a dashboard out of it.My data is in the below fo... by shenoyveer Path Finder in Splunk Search 09-16-2024 0 4	0	4
Filter Feilds and suppress output data Dear All,We have splunk index with data like pattern and the pattern was recently changed.{"Feild1":"DATA1","Feild2":... by Satyapv Engager in Splunk Search 09-16-2024 0 3	0	3
saved search Hi , I have a saved search which is cron scheduled , but it is not showing on the saved search panel .(setting->Searc... by Siddharthnegi Contributor in Splunk Search 09-15-2024 0 2	0	2
How do I "Left join" by appending CSV to an index in multiple fields Hello,How do I "Left join" by appending CSV to an index in multiple fields?I was able to solve the problem, but1) Is ... by LearningGuy Motivator in Splunk Search 09-15-2024 0 11	0	11
summary index timestamp follows earliest time Hello,When I write data to a summary index, the timestamp (_time) always follows the earliest time.For example, if my... by LearningGuy Motivator in Splunk Search 09-15-2024 0 4	0	4
How Do I Combine Two Different Data Models I have two different data sets within the Updates data model. I catered a few panels within a dashboard that I use to... by OgoNARA Explorer in Splunk Search 09-15-2024 0 4	0	4
Kuala Lumpur Malaysia Splunk Usergroup May month meeting Hi Dear Malaysian Splunkers, Part of the SplunkTrust tasks, I have created a Splunk User Group for Kuala Lumper Malay... by inventsekar SplunkTrust in Splunk Search 09-14-2024 2 5	2	5
new field using information from other sourcetype Hello, I have two sourcetypes: pan_threat and pan_traffic (app SplunkforPaloAltoNetworks). In pan_threat I have the ... by are0002 Path Finder in Splunk Search 09-13-2024 0 8	0	8
how to use top alongside with tstats how can I use top command after migrating to tstats? I need the same result, but looks like it can be done only using... by romanpro Explorer in Splunk Search 09-13-2024 0 12	0	12
How to "end" a search when it receives partial results Hi!Maybe this question is so simple to answer that I did not find any example, so please be kind to me We use append... by Schroeder Path Finder in Splunk Search 09-13-2024 0 7	0	7
TIME_PREFIX props question Hi - I have a quick props question.I need to write a props for a particular sourcetype, and the messages always start... by tomjb94 Observer in Splunk Search 09-13-2024 0 1	0	1
Update Macro From Search Hi,I've a case where I want to update/append the Macro with the results from lookup. I don't want to do this manually... by Thulasinathan_M Contributor in Splunk Search 09-13-2024 0 9	0	9
monitoring user how can I monitoring an user if he is using the wireless in the company?thank you! by JoseQuintero Loves-to-Learn in Splunk Search 09-12-2024 0 1	0	1
How to iterate values inside lookup command and compare the value to event field value index=test \| table severity location vehicleseverity locationvehiclehighPlutoBike testLookup.csvseveritylocationvehi... by iamtheclient20 Explorer in Splunk Search 09-12-2024 0 7	0	7