Splunk Search

Community Activity

How can I group counts by time ranges in a row? For a certain time range, I want to group together the counts in a single row, divided into equal time slices.For exa... by OliverG91 Explorer in Splunk Search 02-01-2021 0 4	0	4
list eventccode and host Hello,I hope someone could help me out figuring out this one out. The core of what I am trying to do is get a list of... by Huss54 Engager in Splunk Search 02-01-2021 0 3	0	3
create table of first and last logins for multiple users Hello all,looking to get both the first and last event for each user of the bellow search if anyone can help. index=w... by tkerr1357 Path Finder in Splunk Search 02-01-2021 0 2	0	2
Files with Multiple extensions I am a Splunk newbie and need to be able to search for files with multiple extensions (example: filename.ps1.doc) an... by Bellthazor Engager in Splunk Search 02-01-2021 0 2	0	2
Trouble with Hidden Panel Passing a Value Hello,I am having trouble with a panel staying hidden when the search above shows no results. I would like to create ... by strehb18 Path Finder in Splunk Search 02-01-2021 0 4	0	4
Adding a predicted cumulative value to a stacked bar chart I wish to take a stacked bar chart, use 'addtotals' to create a field representing the cumulative value of the stacke... by rbolande Explorer in Splunk Search 02-01-2021 0 3	0	3
How to group by latest date? Hi,See, I have been trying to group my result query based on the latest date in order to remove duplicates and get th... by designer46 Explorer in Splunk Search 02-01-2021 0 2	0	2
SPlunk not sending alerts Hi,My splunk instance is not sending email alerts for a new alert th Can soat i just setup. I am getting other alert ... by SS1 Path Finder in Splunk Search 01-31-2021 0 4	0	4
Expand column in to rows How to Convert _time ColumnA ColumnB timeA 10 ... by teewenjie22 Engager in Splunk Search 01-31-2021 0 3	0	3
Report all real-time searches from the internal audit index Enable alerts and reports on real-time searches seen in the internal audit index. by landen99 Motivator in Splunk Search 01-30-2021 0 2	0	2
Searching for a specific users browsing history I am a newbie to Splunk and am trying to find out what query I can use to find a specific users browsing history for ... by redfan9 New Member in Splunk Search 01-30-2021 0 1	0	1
Disable app on UF using deployment server Hello All,i have a default app which gets installed on the UF during the installation (part of our install script). t... by AzmathShaik Path Finder in Splunk Search 01-29-2021 0 4	0	4
Search running slowly Hi, can anyone make any suggestions as to how I can make this search more efficient? index=prod_service_now sourcety... by shazbot79 Path Finder in Splunk Search 01-29-2021 0 4	0	4
Count By Date I have a search created, and want to get a count of the events returned by date. I know the date and time is stored ... by gn694 Communicator in Splunk Search 01-29-2021 3 5	3	5
How to display counts in the two weeks span for last two weeks and two weeks before I want to display counts latest two weeks (last two weeks), two weeks before and everything else before 4 weeks start... by AshChakor Path Finder in Splunk Search 01-29-2021 0 1	0	1
Replacing multiple values of a field with single value with rex sed Hi All,I have field called stepName which will have below three values.TextResource.getFirstLineTextResource.getSecon... by viswatejabolla New Member in Splunk Search 01-29-2021 0 3	0	3
SPL using search NOT comparing 2 Lookup (csv) files returns wrong results Greetings,I've 2 Lookup (csv) files, one generated from index _internal (approx 15k events) and another generated fro... by marceloalejandr Path Finder in Splunk Search 01-29-2021 0 6	0	6
How to set up an alert to trigger only if a second search does not return results within 30 seconds of the previous search? I have a current alert that is working as expected to capture a log event that states a service is down. We have sta... by dnsGuy314 New Member in Splunk Search 01-29-2021 0 10	0	10
Help Improve my search? All, I have this search here and it's pretty slow. Any recommendations to speed it up? Currently 250.249 seconds and ... by dpwtheitguy Loves-to-Learn Lots in Splunk Search 01-28-2021 0 2	0	2
Splunk Join Optimisation Hi,I have the below query which does the search on two different sources in the same index and join the results based... by deepuhassan Explorer in Splunk Search 01-28-2021 0 6	0	6
Event Field Data Lost When Using Collect to Populate Summary Index I'm having a bit of trouble trying to backfill a couple days in my summary index from a query using the collect comma... by EStallcup Path Finder in Splunk Search 01-28-2021 2 14	2	14
How to populate results from regex into an ldap search? How would I take the results from this search:\| rex field=initiatedBy.user.userPrincipalName "ex(?<GUID>\d+)z\@"And p... by fdevera Path Finder in Splunk Search 01-28-2021 0 3	0	3
Error in 'search' command: Unable to parse the search: Right hand side of IN must be a collection of literals. I'm trying to look for senders where they don't contain values from the lookup mimics.csv. Examples of values in the ... by TheBravoSierra Path Finder in Splunk Search 01-28-2021 0 3	0	3
ISE unique MAC reporting Been testing to get a ISE-Splunk successful authentication report and trying this but the "Calling-Station-ID" is not... by redrobish1 Engager in Splunk Search 01-28-2021 0 2	0	2
brake out individual row by host repeated for each line Here is what I've done. How to break out the results into individual software correctly in Splunk. Any tips could b... by youngsuh Contributor in Splunk Search 01-28-2021 0 3	0	3