Splunk Search

Community Activity

Need a help with splunk query HI Team,When i am trying to exclude one field by inserting condition sessionId!=X its not working . even though I use... by jagan_vannala Observer in Splunk Search 08-29-2024 0 6	0	6
Extra data I have never been one to understand regex, however I need to extract everything after the first entry (#172...) into ... by btheneghan New Member in Splunk Search 08-28-2024 0 2	0	2
Handling nulls in a string I've got this searchindex=my_index data_type=my_sourcetype earliest=-15m latest=now \| eval domain_id=if(isnull(domain... by jwhughes58 Contributor in Splunk Search 08-28-2024 0 6	0	6
Simplifying/combining queries Howdy, Im fairly new to splunk and couldnt google the answer I wanted to Here we go. I am trying to simplify my queri... by OzzMann80 Engager in Splunk Search 08-28-2024 0 2	0	2
Split output of query into separate files Running queries on really large sets of data, and sending the output to an outputlookup works well for weekly refresh... by andreaswpv Explorer in Splunk Search 08-28-2024 0 2	0	2
2 different lookups in if statement. When I search I want something like this:if(ID =99): then lookup 1,else: lookup 2.What I have right now is something ... by sumarri Path Finder in Splunk Search 08-28-2024 0 2	0	2
Join two indexes with the same field data Good day, I have a query that I would like to add more information onto. The query pulls all users that accessed a AI... by JandrevdM Path Finder in Splunk Search 08-28-2024 0 3	0	3
Detecting successful login after multiple failed logins in a transaction I'm not very good with SPL. I currently have Linux application logs that show the IP address, user name, and if the u... by st1 Path Finder in Splunk Search 08-28-2024 0 2	0	2
Reference multiple fields into a single name Is there a way to reference or combine multiple fields into a single name so that it can be referenced by that new na... by irkey Explorer in Splunk Search 08-27-2024 1 5	1	5
Splunk wont open on localhost:8000. Im getting a "not found" error. On trying to start splunk in the 'bin' folder I am getting am error. Any help appreci... by ksukumaran New Member in Splunk Search 08-27-2024 0 10	0	10
Is it required to set a static ip on the localhost for Splunk with Universal Forwarder to work? I'm a student running the free Community Edition in my homelab. My host currently receives a dynamic IP. Is a static ... by elsaddiq Engager in Splunk Search 08-27-2024 0 4	0	4
Before and after values from separate events. Hi, I have a log that tracks user changes to a specific field in a form. The process is as follows:1. The user access... by apiprek2 Explorer in Splunk Search 08-27-2024 0 2	0	2
Is there a way to get the addcototals to show in the first column instead of appending to the last? Here is my current query. I either get the Totals label in the last column or not at all. I need it to show in the fi... by Substance82 Path Finder in Splunk Search 08-27-2024 0 3	0	3
REST Splunk job Hi Splunkers,I'm trying to get diskusage for searches running by user. \| rest /services/search/jobs \| rex field=event... by bharat Engager in Splunk Search 08-27-2024 0 3	0	3
Find Event B Based on the time of Event A I have a search which yields a time and correlated serial number for event A.I want to use this time and serial numbe... by nkavouris Path Finder in Splunk Search 08-27-2024 0 1	0	1
Summarize date per week Good day,I have a query to summarize data per week. Is there a way to display my tables in a better way as my dates f... by JandrevdM Path Finder in Splunk Search 08-27-2024 0 4	0	4
Suppression in Es by applying time limit Hello,I want to write a suppression in Splunk ES that suppresses an event if a specific process occurs at 11 AM every... by fahimeh Explorer in Splunk Search 08-27-2024 0 5	0	5
Confusing in Windows Export Certificate Rule According to Windows Export Certificate - Splunk Security Content it using macros in the first query `certificateserv... by zksvc Contributor in Splunk Search 08-27-2024 0 2	0	2
Where i can update legit_domains.csv Hi everyone i want to ask where can i get latest update for legit_domains.csv ?Ask here because when i check it in lo... by zksvc Contributor in Splunk Search 08-26-2024 0 6	0	6
Regex Query I am new to regex.I want to just extract Catalog-Import from the below query.. can anyone help how i can do this? [20... by AmrSK New Member in Splunk Search 08-26-2024 0 1	0	1
Ai to assist in creating valid regex expressions Ai to assist in creating valid regex expressions would be super helpful. by summersjc Engager in Splunk Search 08-26-2024 0 2	0	2
How can i filter out source IP addresses, based on results from previous search (syslog in splunk) HI, I have a customer using splunk for just syslog. There has recently been a ddos attack, we are looking to report o... by MrSuperSeven New Member in Splunk Search 08-26-2024 0 4	0	4
How to pull next 5 events that meet criteria after different event? I am looking to record a measurement which is taken after the transition from Home state to Diagnostic State, I am ca... by nkavouris Path Finder in Splunk Search 08-26-2024 0 2	0	2
how to add the total in GB I need to add the total GB. Please let me know how to add the over all total. Index Source-Type ... by harishsplunk7 Explorer in Splunk Search 08-26-2024 0 8	0	8
Check latest status and print the reason on failure Hi , I have the logs written in the below manner26/08/2024 10:27 method=are status=failed run_id_12326/08/2024 10:28 ... by Narmathavairava Loves-to-Learn in Splunk Search 08-26-2024 0 1	0	1