Splunk Search

Community Activity

How do I "Left join" by appending CSV to an index in multiple fields Hello,How do I "Left join" by appending CSV to an index in multiple fields?I was able to solve the problem, but1) Is ... by LearningGuy Motivator in Splunk Search 09-15-2024 0 11	0	11
summary index timestamp follows earliest time Hello,When I write data to a summary index, the timestamp (_time) always follows the earliest time.For example, if my... by LearningGuy Motivator in Splunk Search 09-15-2024 0 4	0	4
How Do I Combine Two Different Data Models I have two different data sets within the Updates data model. I catered a few panels within a dashboard that I use to... by OgoNARA Explorer in Splunk Search 09-15-2024 0 4	0	4
Kuala Lumpur Malaysia Splunk Usergroup May month meeting Hi Dear Malaysian Splunkers, Part of the SplunkTrust tasks, I have created a Splunk User Group for Kuala Lumper Malay... by inventsekar SplunkTrust in Splunk Search 09-14-2024 2 5	2	5
new field using information from other sourcetype Hello, I have two sourcetypes: pan_threat and pan_traffic (app SplunkforPaloAltoNetworks). In pan_threat I have the ... by are0002 Path Finder in Splunk Search 09-13-2024 0 8	0	8
how to use top alongside with tstats how can I use top command after migrating to tstats? I need the same result, but looks like it can be done only using... by romanpro Explorer in Splunk Search 09-13-2024 0 12	0	12
How to "end" a search when it receives partial results Hi!Maybe this question is so simple to answer that I did not find any example, so please be kind to me We use append... by Schroeder Path Finder in Splunk Search 09-13-2024 0 7	0	7
TIME_PREFIX props question Hi - I have a quick props question.I need to write a props for a particular sourcetype, and the messages always start... by tomjb94 Observer in Splunk Search 09-13-2024 0 1	0	1
Update Macro From Search Hi,I've a case where I want to update/append the Macro with the results from lookup. I don't want to do this manually... by Thulasinathan_M Contributor in Splunk Search 09-13-2024 0 9	0	9
monitoring user how can I monitoring an user if he is using the wireless in the company?thank you! by JoseQuintero Loves-to-Learn in Splunk Search 09-12-2024 0 1	0	1
How to iterate values inside lookup command and compare the value to event field value index=test \| table severity location vehicleseverity locationvehiclehighPlutoBike testLookup.csvseveritylocationvehi... by iamtheclient20 Explorer in Splunk Search 09-12-2024 0 7	0	7
What is wrong with this "map" command search? I'm facing a very strange situation. I have simplified it to just where the problem is ocurring Check out the below 2... by arjunpkishore5 Motivator in Splunk Search 09-12-2024 2 9	2	9
unable to use search head my free 60 days trial got expired and now I have updated the license to a free trial, but now I'm unable to use searc... by Girish New Member in Splunk Search 09-12-2024 0 1	0	1
How to search for a field using value of other field Hi,I have two fields, both these fields will be in two different events, now i want to search for events, where aggr... by deepakmr8 New Member in Splunk Search 09-12-2024 0 2	0	2
How to display duration(start and end time) in a column chart? Hi all, I am trying to show the connected duration, which is calculated using transaction command in a timechart. Whe... by mythili Explorer in Splunk Search 09-11-2024 0 5	0	5
Explode line into multiple lines Howto to explode 1 row to several breaking out a multi-value field.app=ABC client=AA views=View1,View2app=ABC client=... by Yossarian622 Engager in Splunk Search 09-11-2024 0 2	0	2
Adding IIS URI_Stem to timechart to track performance over time I have a timechart that traffic volume over time and the top 15% of API performance times. I would like to add URI_St... by JeffV Explorer in Splunk Search 09-11-2024 0 3	0	3
How to copy/reindex logs to another index continuously Hi all,We have an index say index1 with a log retention of 7 days where we receive logs for different applications. N... by jpillai Path Finder in Splunk Search 09-11-2024 0 5	0	5
From search to Data Model Hi, i have problem with Data model search.This is my SPL:\|datamodel Network_Resolution_DNS_v2 search\| search DNS.mess... by kukasky Loves-to-Learn in Splunk Search 09-11-2024 0 3	0	3
how to optymize my query Below quite simple query to fill drop down list in my dashboard. index=gwcc \| eval file=lower(mvindex(split(source... by kp_pl Path Finder in Splunk Search 09-11-2024 0 6	0	6
Running search for 1000s of IOCs at once? I would like to create a dashboard which would run a search daily to check network traffic against a list of about 18... by Samantha Engager in Splunk Search 09-10-2024 0 3	0	3
tstats returns a count of zero when using an OR clause For some reason my \|tstats count query is returning a result of 0 when I add an OR condition in my where clause if th... by chrislkt Explorer in Splunk Search 09-10-2024 0 11	0	11
How can I combine a field value , if the other 3 field values are the same Hi,How can I combine a field value , if the other 3 field values are the sameEx:- If the field1 , field2 , field3 are... by Dayalss Engager in Splunk Search 09-10-2024 0 7	0	7
How to get P90 latency from combine trace_ids of one query to be fed to a second query. If I have two queries: 1. index=poc container_name=app horizontalId=orange outputs events with the trace ids 2. index... by cimino Engager in Splunk Search 09-10-2024 0 5	0	5
How to change table CSS using Classes instead of Ids As the title suggests, I want to change the CSS style of a table within Splunk dashboard using classes instead of id.... by cherrypick Path Finder in Splunk Search 09-10-2024 0 1	0	1