Splunk Search

Community Activity

	Invalid Threatlist Stanza Morning All,I've setup several internal lookup files and made them part of an Intelligence download. I've added in lo... by OiskyPoisky Explorer in Splunk Search 12-31-2020 0 0	0	0
	Inputlookup - Pulling Mutiple columns Morning Community,Looking at a way to pull multiple columns into an alert Im attempting to build. In the below syntax... by OiskyPoisky Explorer in Splunk Search 12-31-2020 0 3	0	3
	How to maintain latest value for multiple values of a field Given the following eventsHOSTVALUEHost11Host24Host32Host27Host35Host18 How do I maintain the latest value for each h... by timbilt Loves-to-Learn Lots in Splunk Search 12-31-2020 0 1	0	1
	How to combine two queries along with eventstats Hi , Based on your suggestion I prepared queries for two different apps as below. Now I need to combine these two an... by rkishoreqa Communicator in Splunk Search 12-30-2020 0 0	0	0
	Lookup Table Comparison with field and to return field value that is not in the lookup All,I know there are a lot of postings with answers on lookup tables but I am still stuck. I have not splunked in a ... by peetchow Loves-to-Learn Lots in Splunk Search 12-30-2020 0 2	0	2
	how to get a value for now and 7 days ago I want the values of TID_now and TID_7 days ago in my table I tried \| eval TID_7days=TID(now(), "-7d@d")it says expre... by Sam_2020 New Member in Splunk Search 12-30-2020 0 3	0	3
	How to convert version number so the dots are consistent See the example values below. How do I convert the value of the version field, so that they have the same number of d... by splunkyj Path Finder in Splunk Search 12-30-2020 0 4	0	4
	Generate CSV every 24 hours I have been asked to generate a csv with the indexed information of 1 index after 02:00 hours and that the name of th... by splunkcol Builder in Splunk Search 12-30-2020 0 1	0	1
	How to supress the Trusted location Hi Team,We have designed a dashboard panel where all the azure identity protection center logs has been enabled, We s... by SabariRajanT Path Finder in Splunk Search 12-30-2020 0 0	0	0
	fetch one field value from json I need to fetch the 'sid' value from the below JSON. For that I prepared the below query, but it is not working. \|re... by rkishoreqa Communicator in Splunk Search 12-30-2020 0 1	0	1
	How I can compare 1 day security metric to another day and also generate a metric report that shows low and high I need help on how I can compare 1 day security metric to another day and also generate a metric report that shows l... by ngwodo Path Finder in Splunk Search 12-30-2020 0 2	0	2
	How to find count of transactions with unique id having more than 2 jobid's and ran more than 5 mins I need to build a query to get count of transactions having multiple 'jId' and time difference greater than 5 mins. W... by rkishoreqa Communicator in Splunk Search 12-30-2020 0 5	0	5
	Unable to obtain output using REX command ( User Agent) Hi First , I would like to thank everyone in this community who guided and helped me a lot. Now i have a problem exec... by jaibalaraman Path Finder in Splunk Search 12-30-2020 0 16	0	16
	Need help on rex wed } } }, { "S" : "12:00" } } }, "day" M" : { "close" : { "S" : "23:00" open "S" : "12:00" } } } } }, "email" : { "S... by Annna Explorer in Splunk Search 12-30-2020 0 3	0	3
	Using macro in macro validation expression Hi,I am trying to use a macro inside a macro validation expression. This is because I plan to make a number of simila... by Yolan Explorer in Splunk Search 12-30-2020 0 0	0	0
	more than 50,000 rows in a KV Store Hi at all,I developed an app that uses a KV Store to manage a whitelist and it runs without problems.But when I start... by gcusello SplunkTrust in Splunk Search 12-30-2020 0 1	0	1
	I can't see the search.log of a bd output in the job inspector. How can you see the search.log of a bd output?Good evening, it is required to validate the information of a certain d... by efaundez Path Finder in Splunk Search 12-30-2020 0 1	0	1
	How to determine if searches are being executed each hour the number of times expected per their cron configuration I have a saved search need to check the each hour the search is being executed based on the cron configuration.Expect... by Vignesh-107 Path Finder in Splunk Search 12-30-2020 0 2	0	2
	Splunk query to show my entire security metrics which is 68 in number The splunk query below is only showing just one line of Metric_ID which starts at 1. I need help with the splunk quer... by ngwodo Path Finder in Splunk Search 12-29-2020 0 1	0	1
	How to convert version number to numerical value How do I convert the following string value to a numerical value that represents two digits between the dots?version ... by splunkyj Path Finder in Splunk Search 12-29-2020 0 2	0	2
	Is it possible to turn a multivalued field with an arbitrary number of elements into columns? I have a search that generates two fields -- host and application. Application is a multivalued field with varying n... by responsys_cm Builder in Splunk Search 12-29-2020 0 4	0	4
	Splunk Integration with Umbrella: Problem to show the data Hello Splunk Forum TEAM, I have a question refered to the integration because right now I receive the information whi... by jaciro11 Path Finder in Splunk Search 12-29-2020 0 1	0	1
	how to see if end event didnt occur after 15 min from other event Hi all,i am new to Splunk and i need to create search which will show that event with end didnt occur after 15 min f... by ivana27 Path Finder in Splunk Search 12-29-2020 0 6	0	6
	Mismatch in Stats UI & Splunk API index=<<My_index>> earliest="12/23/2020:10:00:00" latest="12/23/2020:11:00:00" "<<url>>" \| eval MyFeild=replace(MyFe... by sugankrish88 New Member in Splunk Search 12-29-2020 0 1	0	1
	Search Result Sorting as per values in a field I have a search query that gives the supposed following results.NameWWName2ResultTypeValueAbc50.5ProdPassA1280Xyz47.2... by sdhawanx Path Finder in Splunk Search 12-29-2020 0 5	0	5