Splunk Search

Community Activity

How can I completely delete a user in Splunk ES? Hello,As an admin, I deleted a user in Splunk Web, but when I try to add a user during an investigation, I still see ... by fahimeh Explorer in Splunk Search 09-07-2024 0 3	0	3
data extraction hello I am getting a field port in event .ports="['22', '68', '6556']"how can i display them in separate rows. by Siddharthnegi Contributor in Splunk Search 09-06-2024 0 2	0	2
How can I escape dollar-signs to use "map" or "sendemail" inside of a macro or workflow? All 4 things use the $argument$ syntax. I am trying to use sendemail inside of a macro and have tried \$search\$, $$... by woodcock Esteemed Legend in Splunk Search 09-06-2024 1 11	1	11
How to prevent regex from matching till end of event? Extracting Group names from EventCode 4627 Need some help in extracting Group Membership details from Windows Event Code 4627.As explained in this answer,https:... by att35 Builder in Splunk Search 09-05-2024 0 2	0	2
Concurrency group by clause I have an application to analyse phone call data from multiple locations. I want to generate a report that provides ... by cmiles416 Explorer in Splunk Search 09-05-2024 2 5	2	5
Extracting and Compare Folder Path From CSV Hello, working on monitoring if someone has moved a file outside a specific folder inside a preset folder structure o... by ramuzzini Path Finder in Splunk Search 09-05-2024 0 2	0	2
How to use the concurrency command to timechart the top 10 concurrencies by field sourceip? I have the following event that needs to calculate concurrency: Event, starttime=yyyy-mm-dd hh:mm:ss, duration=, sou... by jgcsco Path Finder in Splunk Search 09-05-2024 1 14	1	14
Users still showing after being deleted I am trying to delete users that just use Splunk authentication. I have the admin role. I have tried both the web GUI... by wpb162 Explorer in Splunk Search 09-05-2024 0 9	0	9
How to define max for a Fillergauge in dashboard studio? I'm missing something and it's probably blatantly obvious....I have a search returning a number but I want to have a ... by jeck11 Path Finder in Splunk Search 09-05-2024 0 1	0	1
I want rex command to return empty string if no match Let's say I have the following SPL query. Ignore the regexes, thery're not important for the example:index=abc \| rex... by jbrenner Path Finder in Splunk Search 09-05-2024 0 3	0	3
How to check who has updated a lookup Hi all,I have one lookup which was having around 1000 entries recently someone has updated the lookup and all entries... by nehamvinchankar Path Finder in Splunk Search 09-04-2024 0 5	0	5
MFA Fatigue Attack I am currently working on creating an alert for a possible MFA fatigue attack from our Entra ID sign in logs. The log... by BJanota29 New Member in Splunk Search 09-04-2024 0 1	0	1
Retrieving all fields that have a certain value My events have a few fields that are of the type: field_Name=failed What query should I write to get all that fields... by andra_pietraru Path Finder in Splunk Search 09-04-2024 0 8	0	8
Extract the words after Result=xxx ACCU_DILAMZ9884 Failed, cueType=Splicer, SpliceEventID=0x00000BBC, SessionID=0x1A4D3100 SV event=454708529 spot=VAF00... by Satcom9 Engager in Splunk Search 09-03-2024 0 2	0	2
Need help with a regex please. (Defining an action by user) I have a standard printed statement that shows something like this:[29/Aug/2024:23:59:48 +0000] "GET /rest/LMNOP[29/A... by tengugurl1 Engager in Splunk Search 09-03-2024 0 5	0	5
Difference between outputlookup and outputcsv Could anyone tell me the difference between outputlookup and outputcsv? If there no differences, is there any specif... by splunkn Communicator in Splunk Search 09-03-2024 5 5	5	5
Search commands to monitor Forinet Firewalls ? Hi Guys, Has anyone done a search were you can monitor the CPU on the Fortinet Firewalls? Its on the App but doesn't ... by TheWiszard Engager in Splunk Search 09-03-2024 0 3	0	3
Specify span option value in bin command with map I try to use lookup to specify span option value in bin command with map \| inputlookup mylookupup.csv \| fields Index,... by elensare Engager in Splunk Search 09-03-2024 0 1	0	1
Regular Expression hi i want to extract purple part.[Time:29-08@17:53:05.654] [60569222] 17:53:05.654 10.82.10.245 local3.notice [S=2952... by Siddharthnegi Contributor in Splunk Search 09-03-2024 0 2	0	2
Need to find where index was used in lookups, reports, alerts and dashboards. The data coming into one of our indexers recently changed. Now the format is different, and the fields are different.... by bwheelerice Engager in Splunk Search 09-02-2024 0 8	0	8
Help joining the 2 below searches Hi - We have a requirement to join the below eval statement searches, would it be possible if someone could assist w... by tomjb94 Observer in Splunk Search 09-02-2024 0 2	0	2
undefined by romanpro Explorer in Splunk Search 09-02-2024 0 3	0	3
Notepad++ SPL syntax highlighting Hi AllI did a look around for a syntax definition for SPL in Notepad++ and didn't find one. Attached is my attempt. F... by dataisbeautiful Communicator in Splunk Search 09-02-2024 3 0	3	0
searching in splunk indexes Hello everyone! How can we solve the problem of searching for secrets in all or some splunk indexes so that splunk is... by user487596 Explorer in Splunk Search 09-02-2024 0 5	0	5
Why is the map command a risky command? Other than poor speed and performance, is there a reason why the map command is considered dangerous?The official doc... by munang Path Finder in Splunk Search 09-02-2024 1 2	1	2