Splunk Search

Community Activity

How to iterate values inside lookup command and compare the value to event field value index=test \| table severity location vehicleseverity locationvehiclehighPlutoBike testLookup.csvseveritylocationvehi... by iamtheclient20 Explorer in Splunk Search 09-12-2024 0 7	0	7
What is wrong with this "map" command search? I'm facing a very strange situation. I have simplified it to just where the problem is ocurring Check out the below 2... by arjunpkishore5 Motivator in Splunk Search 09-12-2024 2 9	2	9
unable to use search head my free 60 days trial got expired and now I have updated the license to a free trial, but now I'm unable to use searc... by Girish New Member in Splunk Search 09-12-2024 0 1	0	1
How to search for a field using value of other field Hi,I have two fields, both these fields will be in two different events, now i want to search for events, where aggr... by deepakmr8 New Member in Splunk Search 09-12-2024 0 2	0	2
How to display duration(start and end time) in a column chart? Hi all, I am trying to show the connected duration, which is calculated using transaction command in a timechart. Whe... by mythili Explorer in Splunk Search 09-11-2024 0 5	0	5
Explode line into multiple lines Howto to explode 1 row to several breaking out a multi-value field.app=ABC client=AA views=View1,View2app=ABC client=... by Yossarian622 Engager in Splunk Search 09-11-2024 0 2	0	2
Adding IIS URI_Stem to timechart to track performance over time I have a timechart that traffic volume over time and the top 15% of API performance times. I would like to add URI_St... by JeffV Explorer in Splunk Search 09-11-2024 0 3	0	3
How to copy/reindex logs to another index continuously Hi all,We have an index say index1 with a log retention of 7 days where we receive logs for different applications. N... by jpillai Path Finder in Splunk Search 09-11-2024 0 5	0	5
From search to Data Model Hi, i have problem with Data model search.This is my SPL:\|datamodel Network_Resolution_DNS_v2 search\| search DNS.mess... by kukasky Loves-to-Learn in Splunk Search 09-11-2024 0 3	0	3
how to optymize my query Below quite simple query to fill drop down list in my dashboard. index=gwcc \| eval file=lower(mvindex(split(source... by kp_pl Path Finder in Splunk Search 09-11-2024 0 6	0	6
Running search for 1000s of IOCs at once? I would like to create a dashboard which would run a search daily to check network traffic against a list of about 18... by Samantha Engager in Splunk Search 09-10-2024 0 3	0	3
tstats returns a count of zero when using an OR clause For some reason my \|tstats count query is returning a result of 0 when I add an OR condition in my where clause if th... by chrislkt Explorer in Splunk Search 09-10-2024 0 11	0	11
How can I combine a field value , if the other 3 field values are the same Hi,How can I combine a field value , if the other 3 field values are the sameEx:- If the field1 , field2 , field3 are... by Dayalss Engager in Splunk Search 09-10-2024 0 7	0	7
How to get P90 latency from combine trace_ids of one query to be fed to a second query. If I have two queries: 1. index=poc container_name=app horizontalId=orange outputs events with the trace ids 2. index... by cimino Engager in Splunk Search 09-10-2024 0 5	0	5
How to change table CSS using Classes instead of Ids As the title suggests, I want to change the CSS style of a table within Splunk dashboard using classes instead of id.... by cherrypick Path Finder in Splunk Search 09-10-2024 0 1	0	1
Splunk Search Optimization Hi Team,As per business requirement, need to get below details from same autosys batch and corresponding outputs to b... by ganeshkumarmoha Explorer in Splunk Search 09-09-2024 0 1	0	1
HTTP header connection failed When we are trying to run a report in deployment server to get the hosts that are reporting to Splunk, it is giving b... by anila_ec21 Engager in Splunk Search 09-09-2024 1 1	1	1
How to document what is present in the index My apologies for such a noob question. I literally got dropped into a Splunk environment and I know little to nothin... by texascj Path Finder in Splunk Search 09-09-2024 0 4	0	4
Display only certain properties Good day, I have a query to check my Entra logs to see what Conditional access policies gets hit. The returns results... by JandrevdM Path Finder in Splunk Search 09-09-2024 0 2	0	2
How to extract a JSON field from another JSON? Hi, I would like to extract a field from a JSON logs which is in a prettier format already.I would like to extract a ... by Codie Engager in Splunk Search 09-09-2024 0 5	0	5
Isolate a Search head - search head user account Hi I found this 2011 chat "72798" on Splunk to "considering adding the concept of an "search head user account" on th... by aab1 Explorer in Splunk Search 09-09-2024 0 5	0	5
Splunk Search Query to fill empty columns of data with data from other rows I'll first insert my whole splunk search query and show whats it showing and whats the expected result index=sss ... by wm Loves-to-Learn Everything in Splunk Search 09-08-2024 0 23	0	23
Don't have "sse_host_to_country" AND "gdpr_user_category" lookup file in search Hi Community,I got trouble when want to activate Use Case "User Login to Unauthorized Geo" it said Error because it s... by zksvc Contributor in Splunk Search 09-08-2024 0 5	0	5
How can I completely delete a user in Splunk ES? Hello,As an admin, I deleted a user in Splunk Web, but when I try to add a user during an investigation, I still see ... by fahimeh Explorer in Splunk Search 09-07-2024 0 3	0	3
data extraction hello I am getting a field port in event .ports="['22', '68', '6556']"how can i display them in separate rows. by Siddharthnegi Contributor in Splunk Search 09-06-2024 0 2	0	2