Splunk Search

Community Activity

search pattern sum count if it repeated more than a day Hi Team,index=AA source=*XXX.log\| rex field=_raw "- (?<uc>U(\d{7}\|\d{8})) "\| rex field=uc "(?<ul5>\d{5})$"\| rex "[^\w... by harsush Path Finder in Splunk Search 12-18-2020 0 4	0	4
Parse JSON object map and mvexpand to separate events I'm struggling with parsing this JSON. This query shows the part of a larger JSON element (response.rules). \| makeres... by bowesmana SplunkTrust in Splunk Search 12-17-2020 0 2	0	2
Alert on user activity past 7 days and today I have a need to find a user(s) that have multiple infections over a 7 day period. Example would be user1 has an inf... by wtaylor149 Explorer in Splunk Search 12-17-2020 0 6	0	6
時間範囲内にあるイベントを検索したい。教えてください。STARTとENDの時間範囲のあるCSVを作成し、その範囲内にあるイベントを数えたいのですが、どのようにクエリを書けばよいでしょうか<pre>started,completed2020/10/2 08:00,2020/... by asukaka Engager in Splunk Search 12-17-2020 0 1	0	1
What is the maximum number of rows we get when we use table command? Environment: Splunk Cloud I am running the below search with table command. The data which I am searching is very hu... by bsuresh1 Path Finder in Splunk Search 12-17-2020 2 3	2	3
How to use IN function with KV tuple lists as a search... This question: How to use IN function with VALUE-LIST as a search or lookup discusses using IN for a single key and ... by alancalvitti Path Finder in Splunk Search 12-17-2020 0 2	0	2
chart totals for series of columns I seem to have tied myself in a knot.I have data similar to:h1 h2 h3 h4a 12 123 231a 32 45 678b 4... by mcaulsc Path Finder in Splunk Search 12-17-2020 0 5	0	5
stats count by : Field value not fully displaying in screen Below are my log entry DateTime=2020-12-16 14:19:01:888 UTC, Type=Orchestrator Event Log, Environment=prod, Thread=[P... by binurajps Engager in Splunk Search 12-17-2020 0 4	0	4
Search Query Hi Team,I have a logfile in which I have few keywords such as ORA-1 , ORA-212, ORA-609 and similarly we have more tha... by anandhalagaras1 Contributor in Splunk Search 12-17-2020 0 7	0	7
how to use rex to extract two words ...from raw logs 2020-12-17T01:21:44.690341+00:00 txn1.test-fdb-us-south-004 2020-12-17T01:21:44Z { "Severity": "10", "Time": "1608168... by rajneeshdba Explorer in Splunk Search 12-16-2020 0 1	0	1
SPL Query Hello Team,I have my service now ticketing logs enabled into my splunk. I do required a below help and suggestions.L... by SabariRajanT Path Finder in Splunk Search 12-16-2020 0 1	0	1
Match mix of CIDR Ips and IPv4 Ips from a lookup to search I have a lookup table which consists of src_ip. This source Ip has mix of Ips in the format:Src_ip163.74.7.212163.74.... by dwibedi03 Explorer in Splunk Search 12-16-2020 0 3	0	3
how to dynamically change rex pattern Hello All,I hope you all are doing well.I have a situation wherein i have to pass current day value (Sun, Mon, Tue et... by vikasverma Engager in Splunk Search 12-16-2020 0 4	0	4
Alert when row count for two searches are not equal I have two events: items received, and items acted on. I want to set an alert when the count by transactionID is not ... by seomaniv Explorer in Splunk Search 12-16-2020 0 2	0	2
Search by values in field In the below table, I was to search by field "Core Content" where "Core Content" should take top 2 highest value. Co... by nivethainspire_ Explorer in Splunk Search 12-16-2020 0 8	0	8
Where are the results of a base search stored? I'm interested in the mechanics of a base search (for a dashboard). Where would the results of a base search be store... by BernardEAI Communicator in Splunk Search 12-16-2020 0 1	0	1
Splunk search Using CURL is not working Hi,Below used query is working perfectly fine when i searched directly in SPLUNK WEB. but when i use the same query i... by manoharkalva Engager in Splunk Search 12-16-2020 0 1	0	1
Regex a value Hello,I have multiple values for a field in my search results and they look like the ones below. Can you show me the ... by timyong80 Explorer in Splunk Search 12-16-2020 0 3	0	3
how to monitor and alert Auto-forwarding rule using O365 activity logs Hi all,Need help to build a query which helps to identify the users that possibly leaking /auto-forwarding emails t... by Newton Engager in Splunk Search 12-15-2020 0 1	0	1
how to replace join in this query? Hi,Anyone please help me in rewplacing join in this below queryindex=168347-np [ \| `last_np_sourcetype("index=168347-... by pstalin_ Engager in Splunk Search 12-15-2020 0 7	0	7
How to replace join in below query? @bowesmana Hi,could you please help me in replacing the join in below query?index=168347-np [ \| `last_np_sourcetype("... by priyastalin Explorer in Splunk Search 12-15-2020 0 5	0	5
Tokens I have a dashboard with two panels. One is sales data and one is returns. I would like to have a drop down that I ent... by kwholley63 Loves-to-Learn Lots in Splunk Search 12-15-2020 0 2	0	2
stats command to get count of NULL values I am using a DB query to get stats count of some data from 'ISSUE' column. This column also has a lot of entries whic... by anoopambli Communicator in Splunk Search 12-15-2020 1 3	1	3
Calculate Bucket Thaw Time Hey All,Was just curious if there is a way to calculate how long it should take to thaw\rebuild frozen buckets for se... by adalbor Builder in Splunk Search 12-15-2020 0 0	0	0
how to split string in splunk Hi @all, i have following string which i want to break into there fields: service_name, host and port_idmetics-ha-592... by Khushboo Explorer in Splunk Search 12-15-2020 0 3	0	3