Splunk Search

Community Activity

Adding lookups to App? Ok not sure if in the right section. So I have been using Zeek for Splunk and TA_suricata and we are getting a lot o... by ddecker03 Loves-to-Learn Everything in Splunk Search 02-07-2021 0 3	0	3
How to put 2 different time fraims in dashboard Dears,please can you help?I have dashboard with several panels including graphs and reports. I would like create 2 pa... by ivana27 Path Finder in Splunk Search 02-07-2021 0 1	0	1
Split results that are in same row Currently I am running into an issue where if there is a person logs onto a server multiple times, it combines. Any i... by Becherer Explorer in Splunk Search 02-07-2021 0 2	0	2
Concurrent Active VPN Sessions on a Timechart I'm struggling to find a working solution to show cumulative active VPN sessions on a timechart with 20m data points.... by stepheneardley Path Finder in Splunk Search 02-07-2021 0 11	0	11
Splunk Statics Table - How to get the max of column and use it to evaluate each row Splunk Statics Table - How to get the max of column and use it to evaluate each rowHello, looking for advice and reco... by stevenulbrich Explorer in Splunk Search 02-06-2021 0 3	0	3
Show triggered events from last 5 minutes from a 2 hour moving average Good day,We are looking at a solution to alert us on abnormal traffic spike. We have leverage the standard deviation,... by Habanero Explorer in Splunk Search 02-06-2021 0 4	0	4
Sort issue Hey all, I am having a file that has the following stuff:#9#10#4#1..#6For everything that is not #9 or #10, I already... by jugarugabi Path Finder in Splunk Search 02-06-2021 0 2	0	2
How to find events that match except with the fields reversed. I am trying to figure out how to display all of the reverse matches in a list by each event. This would include showi... by zaludma Engager in Splunk Search 02-05-2021 0 3	0	3
SPL2 for onpremise I stumbled upon the documentation for SPL2 for splunk cloud. Are there any plans for SPL2 for Splunk On-premise? htt... by aa70627 Communicator in Splunk Search 02-05-2021 0 1	0	1
Average of Seconds and Milliseconds using extracted values I am trying to put together and average duration (calculated and logged by product) as well as count. however the log... by tjsnow Explorer in Splunk Search 02-05-2021 0 3	0	3
How to automatically rerun failed alerts Hi, I have 14 alerts that cover all the infrastructure, my company uses. I get my data from a data bus every 60 minu... by codedtech Path Finder in Splunk Search 02-05-2021 0 1	0	1
Regex help hey all looking for some help pulling some digits via regex. I am looking to pull the numbers directly after Actual v... by tkerr1357 Path Finder in Splunk Search 02-05-2021 0 3	0	3
# of events in the result and stats count by Hello all,We are new to Splunk , learning and working SLO/SLIs defined for the application. We are confused in the b... by bojjas Observer in Splunk Search 02-05-2021 0 1	0	1
How to prevent results from an input file being excluded after performing a lookup against another input Hi,I have the following search:\| inputlookup ldap_assets.csv\| lookup existing_assets dns output ip bunit category cit... by ezmo1982 Path Finder in Splunk Search 02-05-2021 0 4	0	4
epoch time subraction gives negative values Subtracting two timestamps results in negative values. Using epoch time to find the differences between two timestamp... by kishen2017 Path Finder in Splunk Search 02-05-2021 0 5	0	5
How to combine multiple search raw strings in a single query Hi, I need to do search with multiple raw strings within a single query. When I search these strings separately, I ... by rkishoreqa Communicator in Splunk Search 02-05-2021 0 2	0	2
evaluate multiple fields Hello,I have 2 fields I want to filter they are: name, "short name"I want to pull all the events that contains: name=... by xyz123 Explorer in Splunk Search 02-05-2021 0 4	0	4
How to generate Previous Event Time into Current Event by matching a particular field value. Current Output :Disconnected_timeDisconnected_Session_Namecount2021-02-02T02:04:29.000RDP-Tcp#10122021-02-02T02:15:55... by vn_g Path Finder in Splunk Search 02-05-2021 0 10	0	10
Remove square brackets from timestamp Hi, hoping someone can help with this as its been a while since I used Splunk and I can't seem to figure this out!I'm... by jbesant Explorer in Splunk Search 02-05-2021 0 4	0	4
How to display a popup when i open the dashboard HiI would like to open a popup " please fait à few seconds" when i open my dashboardHow to do this please? by jip31 Motivator in Splunk Search 02-05-2021 0 1	0	1
Replace and add digit Hello, I have the following situation - in the original files I have the following information in the field:ServerNam... by jugarugabi Path Finder in Splunk Search 02-04-2021 0 2	0	2
Speeding up a Search against lookup table searching large index Have a small lookup table with 135 dest_ip and a search that is searching that lookup table against a 40 TB index (... by okretzer Engager in Splunk Search 02-04-2021 0 3	0	3
Combine Multiple Fields Hello, I'm relatively new to Splunk. I have multiple fields with different naming schemes that have different or ide... by JaysonD123 Explorer in Splunk Search 02-04-2021 1 1	1	1
Using result of one search for another Hi all! I am relatively new to splunk and I am trying to use the results of one search for another search,So...index=... by splunk_new1 Explorer in Splunk Search 02-04-2021 0 3	0	3
Search Marcro - Sending Results to Macro Variable. Hi, I'm having the hardest time trying to figure out how to pass an event field into a variable argument to be used i... by chrisboy68 Contributor in Splunk Search 02-04-2021 0 3	0	3