Splunk Search

Community Activity

Search for user additions to Active Directory privileged groups I would like to run a query for any user additions to privileged Active Directory groups. I am storing the AD groups ... by jlph Loves-to-Learn in Splunk Search 04-17-2021 0 1	0	1
Tstats with Sparkline limiting values I am working on statsing firewall data into a sparkline. However, when I run the search, the sparkline caps out at 1... by biers04 Explorer in Splunk Search 04-16-2021 0 0	0	0
Expand search based on chart Hi,Is there a way from a dashboard perspective that I present a chart from 2 big groups and if I click on the legend ... by aquinojason Path Finder in Splunk Search 04-16-2021 0 5	0	5
Filtering Lookup Results Hi, Below is a result of a lookup command, how do I exclude the other information if I based in on BusinessUnit, For ... by aquinojason Path Finder in Splunk Search 04-16-2021 0 4	0	4
Search for usage and login attempts for list of users I recently started learning Splunk . Could you help me!!Have list of users and particular looking for search query t... by Sathya0Q Engager in Splunk Search 04-16-2021 0 1	0	1
I have an index searching with event and getting one line string, I need to display it as 2 fields using Regex or rex Example:My search is index=* source=xyzI am getting an event with plenty of lines in string formatI want to display... by sumandevops Engager in Splunk Search 04-16-2021 0 9	0	9
Search Input based on a inputlookup Hi, I am trying to do the following:1. Using this \| inputlookup Application.csv where BusinessUnit = BU1, it will fil... by aquinojason Path Finder in Splunk Search 04-16-2021 0 2	0	2
Rounding a Calculated Field Greeting Splunkers:Referring to: eval - Splunk Documentation where:round(X,Y)Returns X rounded to the amount of decim... by jason_hotchkiss Communicator in Splunk Search 04-16-2021 0 2	0	2
How to fillnull json value pair in a subpath ? Hello,I'm faced today with something I do not understand.Here the structure of my event (JSON structured) : { dateRep... by emallinger Communicator in Splunk Search 04-16-2021 0 2	0	2
Where do I find a list of orphaned searches, Reports and Alerts so they an be deleted or disabled? Where do I find a list of orphaned searches, Reports and Alerts so they an be deleted or disabled? For the purpose of... by SamHTexas Builder in Splunk Search 04-16-2021 0 4	0	4
How to remove results of one query from a second query I'm currently trying to find workstations that haven't been logged into by a human over a period of time.My first que... by pgawron2 Loves-to-Learn in Splunk Search 04-16-2021 0 9	0	9
How to visualise single series stats sum by filed and it total I am getting statistics like below (only 3 categories) Category Amount cat1 20 cat2 30 cat3 40 and add... by dyapasrikanth Path Finder in Splunk Search 04-15-2021 0 3	0	3
Splunk Panel cell clicking not working with cell enabled on drilldown Good Evening All,I am looking for a solution to a splunk panel when I try to click on any cell value it should open e... by REACHGPRAVEEN Explorer in Splunk Search 04-15-2021 0 1	0	1
Pulling new fields out of nested JSON data Looking at the example field below (part of a JSON event), I'm trying to figure out how at search time to pair up the... by joemiller Path Finder in Splunk Search 04-15-2021 0 5	0	5
Query Duo security for disabled, non-authenicated user I don't know how to query my duo servers to find out how any users many are set to disabled and some users might have... by totalnet32 New Member in Splunk Search 04-15-2021 0 0	0	0
Two timecharts for different time frames (today/yesterday) on one graph Hi all,I'm trying to create a chart containing two timecharts for different time frames (e.g. today/yesterday). How c... by dab55 Engager in Splunk Search 04-15-2021 0 3	0	3
Splunk query Hi All,I'm new to Splunk and want to execute a splunk query without using CLI or GUI.Options like ETL tool or a shell... by Chandu53000 Observer in Splunk Search 04-15-2021 0 1	0	1
Split results from chart Hello,I am using the chart command in order to display data using a line chart:\| chart values("torque") as variable o... by nadeige1 Engager in Splunk Search 04-15-2021 1 2	1	2
I have field DivionsID with data of Exe.123, how to trim this to just 123 ? I have field DivionsID with data of Exe.123, how to trim this to just 123 ? by sumandevops Engager in Splunk Search 04-15-2021 0 7	0	7
Changes to user or group privileges Hi all.This rule has been driving me crazy for a while now, and the teams working on it too.Just looking for a way to... by logginz85 Explorer in Splunk Search 04-15-2021 0 0	0	0
How to use output of a 1st query as input in second query. I have a 1st query by taking input from the dashboard and where I got id as a result from that. And I want to use tha... by satyajit7 Explorer in Splunk Search 04-15-2021 0 7	0	7
help on date field sorting hithe field dv_sys_created_on is a field dateindex="tutu" sourcetype="toto" \| stats last(dv_sys_created_on) as Opene... by jip31 Motivator in Splunk Search 04-15-2021 0 2	0	2
rex to modify hostname field and where . is there remove it I have index=syslog where the hostname comes as fqdn and Ip addressi want rex to modify only hostname field only wher... by surekhasplunk Communicator in Splunk Search 04-15-2021 0 4	0	4
Search incorporating inputlookup I have a list of source ip addresses in a csv file loaded into Splunk as a lookup file. The file has a single field,... by balcv Contributor in Splunk Search 04-15-2021 0 6	0	6
iplocation when outputting in command stats Hello everyone,Someone may already be doing the output of grouped events with the definition of location by ip.How no... by nalia_v Loves-to-Learn Everything in Splunk Search 04-15-2021 0 1	0	1