Splunk Search

Community Activity

creating a correlation search for data exfiltration via email using datamodel Hi all,I am trying to create a correlation search query for "data exfiltration via email" using email datamodelthe ru... by elaozz New Member in Splunk Search 12-02-2020 0 0	0	0
Is there a SPL query pattern that can perform hierarchical counting? Is there a SPL query pattern that can perform "hierarchical counting" beyond the two levels of depth outlined in thes... by jfhopkins2 Engager in Splunk Search 12-02-2020 0 2	0	2
List of events from transactions starting with A Hi all,I am using data from 3 different indexes. They contain events which can be attributed to specific transactions... by daisy_st Loves-to-Learn Everything in Splunk Search 12-02-2020 0 2	0	2
How to count filled and blank cells in excel spreadsheet by writing splunk query? I need help on splunk query that will count both filled and empty cells in excel spreadsheet differently and give th... by ngwodo Path Finder in Splunk Search 12-02-2020 0 6	0	6
Does Splunk distribute individual member searches of a multisearch to available Slots on any/all available Search Heads? Like the title says - how are individual searches in a multisearch handled?Are they distributed across any/all availa... by wmyersas Builder in Splunk Search 12-02-2020 0 1	0	1
How to extract multiple hostname from one regex search in globalprotect logs? Hi everyone, I'm trying to create a simple list with all the devices found on the logs from globalprotect. The deal i... by briansarmiento Explorer in Splunk Search 12-02-2020 0 6	0	6
List of all indexes containing access logs Hello all, and thanks for the assistance ahead of time. How can I produce a list of all Splunk index names for indexe... by bl Engager in Splunk Search 12-02-2020 0 3	0	3
Extract multiple words in a filed Hi,I have some syslog logs and I need to extract the first words of a field values. The field value starts like this:... by marco_massari11 Communicator in Splunk Search 12-02-2020 0 3	0	3
Transaction command - Way to change from timestamp to a different field? Good morning all,I'm leveraging the transaction command in order to gather statistics around the duration of my reque... by Maycockk Explorer in Splunk Search 12-02-2020 0 3	0	3
Correlate different events with a common value Hi all, I'm a new Splunk user and I would like to have some help from you.I have two query:First query:index=osb sour... by Burton_snow82 Engager in Splunk Search 12-02-2020 0 4	0	4
search Hi, I have 2 different events. these 2 events can be identified by "Id". I am trying to display it in table in the b... by ashukp Loves-to-Learn Lots in Splunk Search 12-01-2020 0 4	0	4
Is there a workflow to populate field on page not in URL? I know through a workflow action I can add add a token value to a URL string. Is there any way to populate a value on... by aohls Contributor in Splunk Search 12-01-2020 0 0	0	0
when consulting for sourcetype it does not bring data I understand that I should obtain results if I also consult only specifying the sourcetype and the rest of the search... by splunkcol Builder in Splunk Search 12-01-2020 0 4	0	4
Best Way to Search based on a Token Value Hello,I am trying to find the best way to change my search based on a token value that I will pass through an input. ... by strehb18 Path Finder in Splunk Search 12-01-2020 0 2	0	2
This search has encountered a fatal error and has been marked as zombied. I'm trying to optimize this report to successfully run without errors. It will currently run for 3-5 hours and grow ... by jhampton_3rd Explorer in Splunk Search 12-01-2020 0 0	0	0
combining 2 rows in to a single row Hi,I was trying to add 2 rows in to a single row . After combining,I am getting results for 1st column .but not for 2... by shashidharh Explorer in Splunk Search 12-01-2020 0 0	0	0
Newbee question: Looking for start events without end events with the same key Our system logs an event when it receives a message (with a unique key)Some time later our system also logs an event ... by mpjjonker Explorer in Splunk Search 12-01-2020 0 1	0	1
Negate the field containing both the values in SPLUNK query Hi,I have written following query where a field consisting of 2 actions as below,Query:sourcetype="my_sourcetype" ses... by Janani_Krish Path Finder in Splunk Search 12-01-2020 0 1	0	1
Lookup file 3000 entries, need to divide into events, so I can isolate user flow of client ip events My search is \| inputlookup "edgarlog2.csv"The lookup file has no events attached to it, what is a way to add events f... by roderick001 Explorer in Splunk Search 12-01-2020 0 4	0	4
Help on xml formatting with css Hi I need to format background in <h1> tag and <p> tags in my xml <row> <panel> <html> <h1> ... by jip31 Motivator in Splunk Search 12-01-2020 0 17	0	17
How to remove automatic real-time searches that run when users visit the Home page and Search app? I would like to remove the realtime searches that get kicked off automatically when a user is on the following pages ... by cramasta Builder in Splunk Search 12-01-2020 10 14	10	14
Extract a specific field values from a table in Splunk Dear All,My question might seem naive and pardon me for that.I want to create an alert for data not being processed. ... by asing13 Path Finder in Splunk Search 12-01-2020 0 2	0	2
Same ip address in different host I want to catch from my index=ip the field value ip_address in common in one or more hosts.I want to get something li... by Anto Explorer in Splunk Search 12-01-2020 0 2	0	2
How to use search field as an input in another search query within same index. Hello Friends, I am trying to fetch value of "F5_device" from search and use as a input to another search to find th... by abhijeet Explorer in Splunk Search 12-01-2020 0 3	0	3
How to assign multiple values to the same checkbox Hey Splunkers,Currently, I have 3 checkboxes to filter data for the panel.eg: My checkbox names are : Critical, Major... by NS Explorer in Splunk Search 11-30-2020 0 1	0	1