Splunk Search

Community Activity

	Certain extracted fields not showing in Fields Sidebar on one SH, but is on another SH. Hello,I have a problem where fields are not showing on the Field Sidebar when i run a search against certain indexes/... by ezmo1982 Path Finder in Splunk Search 12-08-2020 0 4	0	4
	Another Join Question - Searches With Matching sourcetype but Different index I have read through almost every Join label topic on the Splunk Community page and I don't seem to see one that fits ... by ArchieCrozier Path Finder in Splunk Search 12-08-2020 0 8	0	8
	Execute a Search if the condition is met else not Hi Splunkers, I am writing on SPL in the report which has lookup. And if the lookup has less number of rows then over... by jugalkinariwala Explorer in Splunk Search 12-08-2020 0 0	0	0
	How to compare two fields from two different index and display results with match or No-match? I am running 2 different Index and have to compare each value in field 1 from 1st index with the values in field2 fro... by rohitnaz007 Loves-to-Learn Lots in Splunk Search 12-07-2020 0 2	0	2
	Is there a REGEX character limit on field replacement in transforms.conf? I have data that is in json format but I only want to keep the value of the MESSAGE field from it. I created a trans... by heath Path Finder in Splunk Search 12-07-2020 0 4	0	4
	Is there a way to format a string when it's used to fillnull? I have created a dashboard that is monitoring the number of events received at corporate to the number of events repo... by bhavlik Path Finder in Splunk Search 12-07-2020 0 2	0	2
	How to match string and apply stats count on a stats count table I have a requirement to fetch stats count from raw data logs. Sharing you the query and results.Query : index="bw6_st... by rkishoreqa Communicator in Splunk Search 12-07-2020 0 1	0	1
	Extract two different values and set it to _time in props/transforms this is how my xml events look like: <AttackCoords>-80.33100097073213,25.10742916222947</AttackCoords> <Outcome>Int... by avoelk Communicator in Splunk Search 12-07-2020 0 2	0	2
	EVAL Command Help Hello Splunkers,I am trying to write is a condition that says if command starts with "CHA" or "INS" add one.The Query... by Marco Communicator in Splunk Search 12-07-2020 0 4	0	4
	compare row by row values Hi All, i'm trying to compare row values .my table is like App label env spacemi... by kirrusk Communicator in Splunk Search 12-07-2020 0 2	0	2
	Verify if users are in an Active Directory group Hi all,I have been trying to create a search which compares results from an index with results from an ldap search. T... by Sasquatchatmars Communicator in Splunk Search 12-07-2020 0 5	0	5
	Simple attacks detected by Fortigate Hi there,I'm pretty new to Splunk, but have got a fortigate set up to send all logs to Splunk.Simply looking to find ... by logginz85 Explorer in Splunk Search 12-07-2020 0 1	0	1
	ASA searching for current open connections that have been Built but with no teardown Hello,I'm pretty new to SPLUNK and I'm looking for help trying to find ASA open connections between two endpoints.Mos... by FC50 Path Finder in Splunk Search 12-07-2020 0 4	0	4
	result of makemv not as expected With this searchindex=useradmin sourcetype=role_capabilities\| eval capabilities=replace(capabilities,"\s",",")\| makem... by rrovers Contributor in Splunk Search 12-07-2020 0 3	0	3
	Concatenation of records between two keywords ? Hello.It is not a question, it is a use case that I don't arrive to resolve.The situation :a log file on remote serve... by pck_npluyaud Explorer in Splunk Search 12-07-2020 0 0	0	0
	Display row, even when count over value is zero I have the following search:index=aa sourcetype="bb" Service="/abc" OR Service="/mno" OR Service="/xyz" \| chart count... by JMFrank215 Explorer in Splunk Search 12-06-2020 0 8	0	8
	How to replace join from the below query? index=105261-cli sourcetype=show_system_resources\| dedup deviceId\| eval nexus_percent_used=round(100*memory_used/memo... by pstalin_ Engager in Splunk Search 12-06-2020 0 4	0	4
	Trying to take a value from one search and place it in another search I have a search that runs with no issues-ComputerName=CompName* (event_simpleName=written OR event_simpleName=Direc... by aking76 Path Finder in Splunk Search 12-06-2020 0 3	0	3
	Evaluate multiple events as one Hi everyone,I have a data set such as:Log1: EventId + EventType1Log 2: EventId + EventType2Log 3: EventId + EventTyp... by insatiableavi Observer in Splunk Search 12-06-2020 0 3	0	3
	How to filter out few data showing up from my search string while setting a alert notification on triggering condition Hello team,My search string is as below: index=qrp STAGE IN ("*_RAW", T_FEED_MESSAGES) \| stats sum(TRADES) as "TradeC... by Snehaan Explorer in Splunk Search 12-04-2020 0 1	0	1
	Join field form inputlookup failed Hi, I am getting crazy with a simply JOIN statement to use Tenable data in Splunk.The goal is to enrich the KV store ... by jacortijo Explorer in Splunk Search 12-04-2020 0 1	0	1
	Query to delete multiple row in kvtable or csv table using splunk query I have kv lookup table named bingo_kv_table. There are multiple rows having same hosts along with other hosts. I wan... by Saikat001 Explorer in Splunk Search 12-04-2020 0 1	0	1
	Number of aggregated events per username in a time window I am trying to monitor for higher than threshold number of events per user. Alert is run once in an hour and I need t... by LegalPrime Path Finder in Splunk Search 12-04-2020 0 2	0	2
	LDAP query for users Hello,I want to search AD for all users in my organization. But as the list is huge, there is memory error occurring ... by Rody333 New Member in Splunk Search 12-04-2020 0 0	0	0
	Using rex to filter fields Hello everyone,I have the following pattern of logs and I'm trying to use rex to filter the values.I started doing it... by leandromatperei Path Finder in Splunk Search 12-04-2020 0 1	0	1