Splunk Search

Community Activity

	Searching for computer information I need to do a basic search to find when a computer was last logged on and any network traffic information based off ... by redfan9 New Member in Splunk Search 12-21-2020 0 1	0	1
	Сombine several sourcetypes into one table сonsidering that one of the sourcetypes may not exist I want to combine several sources into one table and I'm using this search: sourcetype="firstsourcetype" somefield="v... by emerald Engager in Splunk Search 12-21-2020 0 1	0	1
	iplocation query returning wrong location for some IP We have Splunk enterprise 6.2. We built splunk query that returns me all IP transacting with their country location a... by rbathla New Member in Splunk Search 12-21-2020 0 4	0	4
	Help) spl query Hey guys. I'm a beginner of Splunk I have a one question. I get a input valuebut value has a space. so I want to rem... by tkdguq0110 Path Finder in Splunk Search 12-21-2020 0 4	0	4
	XML in Windows Evenlogs and xpath Can anyone advise on how to extract the fields in the following sample Eventlog Entry using xpath? I can't see to ge... by ehoward Path Finder in Splunk Search 12-21-2020 0 0	0	0
	How to display Date along with day Hi Team,We could pull day with date_wday - i tried few ways iam unable to display day along with date . Can you pls h... by harsush Path Finder in Splunk Search 12-21-2020 0 1	0	1
	Splunk 8.0.5 Plain text email with garbled headers Hi Team,We are currently using 8.0.5 Splunk Enterprise.Only in the plain text emails, we could see some junk on the S... by Priya312 Explorer in Splunk Search 12-21-2020 0 0	0	0
	how to replace join? Hi, @493669 @MuS @dturnbull_splun @bowesmana Anyone please help me in replacing join in the below query??" index=... by priyastalin Explorer in Splunk Search 12-21-2020 0 4	0	4
	Two Differnet searches in same index match second search with first Key-value I have Two Different searches in same index, In the first search I have to find using user ID and Session ID But in o... by chetan022 Engager in Splunk Search 12-21-2020 0 7	0	7
	How to Exclude private IP range from transforms I want to exclude the (dst="10.0.0.0/8" OR dst="172.16.0.0/12" OR dst="192.168.0.0/16") IP ranges. my configuration... by neelamsantosh Path Finder in Splunk Search 12-21-2020 0 3	0	3
	How to extract data using rex? Hi all, I am having data as follows: REPORT RequestId: xxxx2722-xx0d-xx35-95xx-xxxxxxb6b2e1 i want a field as Correla... by Learner Path Finder in Splunk Search 12-20-2020 0 11	0	11
	Lookup table question Hi, I have multiple files being delivered on a daily basis are in the below format:<filename>.<yyyymmdd>.xml - Exampl... by worldexplorer81 Path Finder in Splunk Search 12-20-2020 0 1	0	1
	App ServiceNow (SNOW) - Lookup File Errors for ServiceNow App. The lookup table 'xxxxx_xxxx_xxxx' does not exist. It is referenced by configuration 'snow:change_request'. Add-on v... by dkolekar_splunk Splunk Employee in Splunk Search 12-20-2020 0 2	0	2
	If found result wait 15 minutes and search for other result, alarm if not found Hi All,I'm trying to figure out a way to setup a splunk alert to do the following...When the string "GFX_On" is found... by Gord1020 Loves-to-Learn Lots in Splunk Search 12-19-2020 0 1	0	1
	Is it possible to fill in default values for lookup value not found Hello fellow Splunk users,I understand it is possible to default in a single value in the event a lookup is not found... by Maycockk Explorer in Splunk Search 12-19-2020 0 2	0	2
	Is there a way to get a table of all fields that have a specific value? Is there a way if I do a search for a username (ex. first_initial.lastname) under a specific index, that i can get a ... by jrevolorio Explorer in Splunk Search 12-18-2020 0 1	0	1
	How to drop domain from results In splunk I have fully qualified sources and destinations. Example:src=host1.mydomain.comWhen I table it out I just w... by fdevera Path Finder in Splunk Search 12-18-2020 0 2	0	2
	edit fields with eval expressions I am receiving an error of "The expression is malformed. Expected IN." any time we search utilizing the web data mode... by jerm1020rq Explorer in Splunk Search 12-18-2020 0 3	0	3
	dbxquery not able to update value Hello Team , i try to pass value of time token in dbxquery to update current time , it not working. Without it is wor... by lmjoin115 Explorer in Splunk Search 12-18-2020 0 0	0	0
	How to replace join in this below query? @dmarling Hi, I've replaced join in the below query and posted that query as well but I'm not getting proper output c... by priyastalin Explorer in Splunk Search 12-18-2020 0 7	0	7
	How to Calculate SLA of Different Teams for a Specific Ticket Hi all,We are trying to calculate SLA from Jira logs in our Splunk. What we want to achieve to calculate the time bet... by gozdeyildizz Engager in Splunk Search 12-18-2020 0 5	0	5
	Lookup table with several IP ranges per row Hi, I have a lookup table with IP ranges and locations. The problem is in the IP range column there can be several IP... by pgomezji Engager in Splunk Search 12-18-2020 0 2	0	2
	Eventtime(_time) is showing 5hours prior to indextime Good morning everyone, I have a source type that is showing the event time as 5 hours prior to indextime. I have trie... by djreschke Communicator in Splunk Search 12-18-2020 0 1	0	1
	Splunk Admin searches being queued, but not running. Good afternoon everyone, I am the Splunk admin for our instance of Splunk, and yesterday later in the afternoon, I no... by djreschke Communicator in Splunk Search 12-18-2020 0 5	0	5
	How to display output of the stats values function for two fields that have corresponding/related values Hi,I have the below search:\| tstats values(Authentication.src_ip) as src_ip values(Authentication.src_host) as src_ho... by ezmo1982 Path Finder in Splunk Search 12-18-2020 0 1	0	1