Splunk Search

Community Activity

Extracting key-value pairs using regex at search time I am trying to extract multiple key value pairs from data like this: Image \|Loading \|\path\to\obfuscated\\CT_384.dcm ... by jmartens Path Finder in Splunk Search 12-10-2020 0 1	0	1
Windows Logon_Type When I am running this search I am not getting the results for EventType=4769: index=main (EventCode=4634 OR EventCo... by geekf Path Finder in Splunk Search 12-09-2020 0 3	0	3
Difficult extracting fields I have events that look like this and I am using the field extractor "timestamp": "2020-12-09T18:05:03.6664112Z", "s... by jcioffari Explorer in Splunk Search 12-09-2020 0 3	0	3
How to exclude IPs through lookup Hi,I want to exclude IPs when performing this search, but despite the IPs being present in the lookup they still aren... by ebs Communicator in Splunk Search 12-09-2020 0 3	0	3
Get Count for Each of the Values Listed I have the query below and I'm trying to get the count of hosts affected by the vulnGrouping split by priority. Where... by chaday00 Path Finder in Splunk Search 12-09-2020 0 4	0	4
Monotonic Time Stuck and Search_Telemetry Good day, We have been preriodically receiving the following message in our splunkd.log and I am having issues findi... by gearmstrong Path Finder in Splunk Search 12-09-2020 0 2	0	2
Can i extract a dataset from a single column and show it as another field Hey Splunkers!I have several events from a particular index, and am looking to extract field value pair from one of t... by NS Explorer in Splunk Search 12-09-2020 0 2	0	2
stats automatically converts to tstats Greetings Splunkers,I recently attended Splunk Fundamentals 3 and the instructor mentioned about a Splunk feature tha... by marceloalejandr Path Finder in Splunk Search 12-09-2020 0 0	0	0
How do you create multiple timechart graphs with the same time scale? I have many different but simultaneous metrics that I am graphing over time. The y axis for each have different range... by peterson_wwt New Member in Splunk Search 12-09-2020 0 5	0	5
Lookup filter based on time Hi Everyone,I have subnet of IP's. whenever we see any traffic from that IP's we need alert but in between we have on... by riqbal47010 Path Finder in Splunk Search 12-09-2020 0 0	0	0
Calculation of availability Hello dear community.I'm a beginner on Splunk. I would like to have your help today on a project that I am doing. I h... by wcastillocruz Path Finder in Splunk Search 12-09-2020 0 8	0	8
Regex Truncation vs Rex Hi,I searched and found several tickets regarding my situation, but all lead to nowhere. So, my situation...Unfortun... by cdstealer Contributor in Splunk Search 12-09-2020 0 0	0	0
Duration Filter help Hi All,Need help in the Duration filter.Code: index=opennms "ciscoLwappApIfUpNotify" OR "ciscoLwappApIfDownNotify" \|... by jerinvarghese Communicator in Splunk Search 12-09-2020 0 1	0	1
Sourcetype not same in index & tstats I am trying to create a query using tstats from datamodel Malware, one of the sourcetype 'abc' that i want to includ... by warsaw Loves-to-Learn Lots in Splunk Search 12-09-2020 0 3	0	3
Results on daily basis with rangemap My Query : --- \| stats count by "response time" \| rename "response time" as "time_taken" \| rangemap field=time_taken ... by vijkuma Engager in Splunk Search 12-08-2020 0 2	0	2
How to input a file and retrieve output in splunk dashboard? Hi Team, I have a query that executes in my dashboard. I want to provide the input as a CSV file(with list of IDs) an... by djroks89 Explorer in Splunk Search 12-08-2020 0 0	0	0
Help with Stats count expression?? Hi Everyone,I'm newer-ish to splunk. I'm doing a search similar to this in splunk : index=mfa sourcetype=lexus Subca... by kfinn Explorer in Splunk Search 12-08-2020 0 7	0	7
count events by day when stats has multiple BY clause Goal - I am searching for "number of actions per unique customer" metrics from API metric logs.below is my query. Be... by mrmiddleclass1 Observer in Splunk Search 12-08-2020 0 3	0	3
Maniupulating _time to remove 0 values from line chart I have a line chart in which I'm trying to monitor response time for a certain network call. I want to see the averag... by ericwindmill Observer in Splunk Search 12-08-2020 0 1	0	1
Eval JSON_EXTRACT Issues All,I'm working on extracting some key info out of an Ansible HEC collector. I'm hoping to use json_extract stuff li... by indigo42 Explorer in Splunk Search 12-08-2020 1 8	1	8
Extracting fields from nested JSON event I have a very complex nested JSON event and need to extract 2 fields. I've managed it with less complicated ones but ... by kmaron Motivator in Splunk Search 12-08-2020 0 5	0	5
How to correlate an event using two different indexes? I'm trying to create a query that will provide me with events that use two indexes. The results are to show events wh... by bcjammer03 Explorer in Splunk Search 12-08-2020 0 2	0	2
Extracting new fields from data in another field Hi gurus,I am new to Splunk but have this task that I'm stumped on:I have a query that looks like this:index=pp_secur... by squoggle Engager in Splunk Search 12-08-2020 0 2	0	2
Spl Hello Splunkers,Can you please guide me, my assignment_group column is not populating. Any issues i have done while c... by uagraw01 Motivator in Splunk Search 12-08-2020 0 1	0	1
Reporting Hi Splunkers!Hope you guys are doing good. I'm working on a usecase where I have to show daily chart of overall resul... by revanthammineni Path Finder in Splunk Search 12-08-2020 0 3	0	3