Splunk Search

Community Activity

How to display duration(start and end time) in a column chart? Hi all, I am trying to show the connected duration, which is calculated using transaction command in a timechart. Whe... by mythili Explorer in Splunk Search 09-11-2024 0 5	0	5
Explode line into multiple lines Howto to explode 1 row to several breaking out a multi-value field.app=ABC client=AA views=View1,View2app=ABC client=... by Yossarian622 Engager in Splunk Search 09-11-2024 0 2	0	2
Adding IIS URI_Stem to timechart to track performance over time I have a timechart that traffic volume over time and the top 15% of API performance times. I would like to add URI_St... by JeffV Explorer in Splunk Search 09-11-2024 0 3	0	3
How to copy/reindex logs to another index continuously Hi all,We have an index say index1 with a log retention of 7 days where we receive logs for different applications. N... by jpillai Path Finder in Splunk Search 09-11-2024 0 5	0	5
From search to Data Model Hi, i have problem with Data model search.This is my SPL:\|datamodel Network_Resolution_DNS_v2 search\| search DNS.mess... by kukasky Loves-to-Learn in Splunk Search 09-11-2024 0 3	0	3
how to optymize my query Below quite simple query to fill drop down list in my dashboard. index=gwcc \| eval file=lower(mvindex(split(source... by kp_pl Path Finder in Splunk Search 09-11-2024 0 6	0	6
Running search for 1000s of IOCs at once? I would like to create a dashboard which would run a search daily to check network traffic against a list of about 18... by Samantha Engager in Splunk Search 09-10-2024 0 3	0	3
tstats returns a count of zero when using an OR clause For some reason my \|tstats count query is returning a result of 0 when I add an OR condition in my where clause if th... by chrislkt Explorer in Splunk Search 09-10-2024 0 11	0	11
How can I combine a field value , if the other 3 field values are the same Hi,How can I combine a field value , if the other 3 field values are the sameEx:- If the field1 , field2 , field3 are... by Dayalss Engager in Splunk Search 09-10-2024 0 7	0	7
How to get P90 latency from combine trace_ids of one query to be fed to a second query. If I have two queries: 1. index=poc container_name=app horizontalId=orange outputs events with the trace ids 2. index... by cimino Engager in Splunk Search 09-10-2024 0 5	0	5
How to change table CSS using Classes instead of Ids As the title suggests, I want to change the CSS style of a table within Splunk dashboard using classes instead of id.... by cherrypick Path Finder in Splunk Search 09-10-2024 0 1	0	1
Splunk Search Optimization Hi Team,As per business requirement, need to get below details from same autosys batch and corresponding outputs to b... by ganeshkumarmoha Explorer in Splunk Search 09-09-2024 0 1	0	1
HTTP header connection failed When we are trying to run a report in deployment server to get the hosts that are reporting to Splunk, it is giving b... by anila_ec21 Engager in Splunk Search 09-09-2024 1 1	1	1
How to document what is present in the index My apologies for such a noob question. I literally got dropped into a Splunk environment and I know little to nothin... by texascj Path Finder in Splunk Search 09-09-2024 0 4	0	4
Display only certain properties Good day, I have a query to check my Entra logs to see what Conditional access policies gets hit. The returns results... by JandrevdM Path Finder in Splunk Search 09-09-2024 0 2	0	2
How to extract a JSON field from another JSON? Hi, I would like to extract a field from a JSON logs which is in a prettier format already.I would like to extract a ... by Codie Engager in Splunk Search 09-09-2024 0 5	0	5
Isolate a Search head - search head user account Hi I found this 2011 chat "72798" on Splunk to "considering adding the concept of an "search head user account" on th... by aab1 Explorer in Splunk Search 09-09-2024 0 5	0	5
Splunk Search Query to fill empty columns of data with data from other rows I'll first insert my whole splunk search query and show whats it showing and whats the expected result index=sss ... by wm Loves-to-Learn Everything in Splunk Search 09-08-2024 0 23	0	23
Don't have "sse_host_to_country" AND "gdpr_user_category" lookup file in search Hi Community,I got trouble when want to activate Use Case "User Login to Unauthorized Geo" it said Error because it s... by zksvc Contributor in Splunk Search 09-08-2024 0 5	0	5
How can I completely delete a user in Splunk ES? Hello,As an admin, I deleted a user in Splunk Web, but when I try to add a user during an investigation, I still see ... by fahimeh Explorer in Splunk Search 09-07-2024 0 3	0	3
data extraction hello I am getting a field port in event .ports="['22', '68', '6556']"how can i display them in separate rows. by Siddharthnegi Contributor in Splunk Search 09-06-2024 0 2	0	2
How can I escape dollar-signs to use "map" or "sendemail" inside of a macro or workflow? All 4 things use the $argument$ syntax. I am trying to use sendemail inside of a macro and have tried \$search\$, $$... by woodcock Esteemed Legend in Splunk Search 09-06-2024 1 11	1	11
How to prevent regex from matching till end of event? Extracting Group names from EventCode 4627 Need some help in extracting Group Membership details from Windows Event Code 4627.As explained in this answer,https:... by att35 Builder in Splunk Search 09-05-2024 0 2	0	2
Concurrency group by clause I have an application to analyse phone call data from multiple locations. I want to generate a report that provides ... by cmiles416 Explorer in Splunk Search 09-05-2024 2 5	2	5
Extracting and Compare Folder Path From CSV Hello, working on monitoring if someone has moved a file outside a specific folder inside a preset folder structure o... by ramuzzini Path Finder in Splunk Search 09-05-2024 0 2	0	2