Splunk Search

Community Activity

Users still showing after being deleted I am trying to delete users that just use Splunk authentication. I have the admin role. I have tried both the web GUI... by wpb162 Explorer in Splunk Search 09-05-2024 0 9	0	9
How to define max for a Fillergauge in dashboard studio? I'm missing something and it's probably blatantly obvious....I have a search returning a number but I want to have a ... by jeck11 Path Finder in Splunk Search 09-05-2024 0 1	0	1
I want rex command to return empty string if no match Let's say I have the following SPL query. Ignore the regexes, thery're not important for the example:index=abc \| rex... by jbrenner Path Finder in Splunk Search 09-05-2024 0 3	0	3
How to check who has updated a lookup Hi all,I have one lookup which was having around 1000 entries recently someone has updated the lookup and all entries... by nehamvinchankar Path Finder in Splunk Search 09-04-2024 0 5	0	5
MFA Fatigue Attack I am currently working on creating an alert for a possible MFA fatigue attack from our Entra ID sign in logs. The log... by BJanota29 New Member in Splunk Search 09-04-2024 0 1	0	1
Retrieving all fields that have a certain value My events have a few fields that are of the type: field_Name=failed What query should I write to get all that fields... by andra_pietraru Path Finder in Splunk Search 09-04-2024 0 8	0	8
Extract the words after Result=xxx ACCU_DILAMZ9884 Failed, cueType=Splicer, SpliceEventID=0x00000BBC, SessionID=0x1A4D3100 SV event=454708529 spot=VAF00... by Satcom9 Engager in Splunk Search 09-03-2024 0 2	0	2
Need help with a regex please. (Defining an action by user) I have a standard printed statement that shows something like this:[29/Aug/2024:23:59:48 +0000] "GET /rest/LMNOP[29/A... by tengugurl1 Engager in Splunk Search 09-03-2024 0 5	0	5
Difference between outputlookup and outputcsv Could anyone tell me the difference between outputlookup and outputcsv? If there no differences, is there any specif... by splunkn Communicator in Splunk Search 09-03-2024 5 5	5	5
Search commands to monitor Forinet Firewalls ? Hi Guys, Has anyone done a search were you can monitor the CPU on the Fortinet Firewalls? Its on the App but doesn't ... by TheWiszard Engager in Splunk Search 09-03-2024 0 3	0	3
Specify span option value in bin command with map I try to use lookup to specify span option value in bin command with map \| inputlookup mylookupup.csv \| fields Index,... by elensare Engager in Splunk Search 09-03-2024 0 1	0	1
Regular Expression hi i want to extract purple part.[Time:29-08@17:53:05.654] [60569222] 17:53:05.654 10.82.10.245 local3.notice [S=2952... by Siddharthnegi Contributor in Splunk Search 09-03-2024 0 2	0	2
Need to find where index was used in lookups, reports, alerts and dashboards. The data coming into one of our indexers recently changed. Now the format is different, and the fields are different.... by bwheelerice Engager in Splunk Search 09-02-2024 0 8	0	8
Help joining the 2 below searches Hi - We have a requirement to join the below eval statement searches, would it be possible if someone could assist w... by tomjb94 Observer in Splunk Search 09-02-2024 0 2	0	2
undefined by romanpro Explorer in Splunk Search 09-02-2024 0 3	0	3
Notepad++ SPL syntax highlighting Hi AllI did a look around for a syntax definition for SPL in Notepad++ and didn't find one. Attached is my attempt. F... by dataisbeautiful Communicator in Splunk Search 09-02-2024 3 0	3	0
searching in splunk indexes Hello everyone! How can we solve the problem of searching for secrets in all or some splunk indexes so that splunk is... by user487596 Explorer in Splunk Search 09-02-2024 0 5	0	5
Why is the map command a risky command? Other than poor speed and performance, is there a reason why the map command is considered dangerous?The official doc... by munang Path Finder in Splunk Search 09-02-2024 1 2	1	2
regx Hi , I want to extract this line from an event.RAISE-ALARM:acProxyConnectionLost: [KOREASBC1] Proxy Set Alarm Proxy S... by Siddharthnegi Contributor in Splunk Search 09-02-2024 0 5	0	5
Skipped search Hi All,I am able to see only 4 status, why am I not able to see status=skipped and status = continued by VijaySrrie Builder in Splunk Search 09-02-2024 0 1	0	1
Create static fields after matching the field value I want to create one static field by looking status value = Issuehostm_nnamestatusAcpuOkBdiskOkCmemoryIssueDnetwokOkE... by RSS_STT Explorer in Splunk Search 09-02-2024 0 7	0	7
Splunk Query I would like to calculate the success rate of the Toup transaction via Channel( APP Or Web) in 4 API calls( E.g 4 Lev... by dinesh001kumar Explorer in Splunk Search 09-02-2024 0 9	0	9
Field extraction using regex Hi All,Can anbody help us with the Regex expression to extract the feild of Channel: values will be either APP or We... by dinesh001kumar Explorer in Splunk Search 09-01-2024 0 4	0	4
Group Events with pattern Hi Splunk Experts,I've been trying to group "WARN" logs, but they have a pattern (Dynamic/ Argument values) in them. ... by Thulasinathan_M Contributor in Splunk Search 09-01-2024 0 2	0	2
alternative to join that works with wildcards in lookups I am trying to use a lookup of "known good" filenames that are within FTP transfer logs, to add extra data to files ... by thx Explorer in Splunk Search 08-30-2024 0 2	0	2