Splunk Search

Community Activity

Correlate data in JSON file without timestamp I have a JSON input with different types, all representing a data point at a certain time. I have the start time of t... by Patrick_Peeters Splunk Employee in Splunk Search 11-17-2020 0 1	0	1
How to change the color of specific columns in a table? What I want to do is add color formatting to multiple columns of a table depending upon the name of the columns. ... by ny34940 Path Finder in Splunk Search 11-17-2020 0 11	0	11
Search for events after a certain time Is it possible to run a search that will only include all the events for that day after a certain time? (using the ti... by jboustead Explorer in Splunk Search 11-17-2020 0 2	0	2
Hi team, i need to extract the locale field in BOLD , can you help me with it /en_sek/klarna by Hemant1 Explorer in Splunk Search 11-17-2020 0 2	0	2
Keeping history of AD groups Hi all,I have been making a search to know which account is in which groups using ldapsearch. I succesfully made the ... by Sasquatchatmars Communicator in Splunk Search 11-17-2020 0 2	0	2
Regex Help Please help create a Regex that will only take the 4 characters/number after MTCP from below events?For example below... by jboustead Explorer in Splunk Search 11-17-2020 0 1	0	1
Get event count for last hour, event count for yesterday, and use the two counts to get change % via tstats Hello, I'm trying to get a few things from my tstats search:count for last hourcount for yesterdayUse the two counts ... by SausagePizzza Engager in Splunk Search 11-17-2020 1 1	1	1
Comparing fields in XML with color I am trying to compare 2 fields in this xml. I have a field named avg that I want to compare with the other columns... by tefa627 Explorer in Splunk Search 11-17-2020 0 2	0	2
how to use a field as timestamp with epoch time for a timechart Hi there,I did already several trials with search commands like "eval _time=strptime(time,"%Y-%m-%dT%H:%M:%S")"but wa... by Ralf Explorer in Splunk Search 11-17-2020 0 10	0	10
How to search a field which contain text from another field? Hey, i want to search a field and get all the results which contain a value from another field.For example: I have 2... by dordavid Explorer in Splunk Search 11-17-2020 1 4	1	4
Extract multiple unmapped fields using Regex Hi,I have the following log from which I need to extract 2 fields: [INFO ] 2020-11-16 20:52:30,729 (http-nio-8085-exe... by Nidd Path Finder in Splunk Search 11-17-2020 0 5	0	5
How rex field list values assign dynamically to source path as subquery ? Hello,Query one returns a result with one fields as list of values. I want to pass those list of value as the search... by alok Loves-to-Learn Everything in Splunk Search 11-16-2020 0 3	0	3
How to position a value in table in the last column? I have result like this, parametercompliancenon-compliance64bit4322Bios2441Error065Inter641OS614 And I want Error to ... by vvemula Path Finder in Splunk Search 11-16-2020 0 3	0	3
Python SDK - getting username and password (without hard coding) HiI'm trying to get the username and password of the user calling a python script from the search bar in the Splunk U... by BernardEAI Communicator in Splunk Search 11-16-2020 0 4	0	4
Best way to search source IP in the events with a lookup table of IP ranges. Hello all,can some one suggest me the best method to compare the source_ip in events to the lookup table which have t... by ayushchoudhary Path Finder in Splunk Search 11-16-2020 0 0	0	0
Customized Sum Condition I have the following query:splunk_server=indexer* index=wsi sourcetype=fdpwsiperf (channel_type=ofx2 OR agent_service... by hollybross1219 Path Finder in Splunk Search 11-16-2020 0 1	0	1
match fields in different events and send a alert Hello Everyone,I have two searchessearch 1=> index="appv" sourcetype="AppV-User" PUT /packagesearch2=> index="appv"... by SS1 Path Finder in Splunk Search 11-16-2020 0 12	0	12
How do I print last 2 columns in a line and do a line chart on those values Hello Tem,I have log like below and I want to extract 3 fields and its values like below and do a line chart for top ... by chandukreddi Path Finder in Splunk Search 11-16-2020 0 9	0	9
Authentication Datamodel for Failed/Successful Logins Hi all,Newbie question here: I'm trying to set up some of the 'InfoSec App for Splunk' Dashboards, and running into d... by ian17 New Member in Splunk Search 11-16-2020 0 0	0	0
How to get the most recent event with search criteria I have the following resultset I want to get the most recent eventsResultset ACustom_IDEligibilityStart_dateEnd_DateU... by AshChakor Path Finder in Splunk Search 11-16-2020 0 3	0	3
How can I create duplicate events by duration hours? Hello experts, I am working on a stats of meetings. As the attached photo shows, this meeting lasts for 7 (duration_h... by Hanliamadeus Explorer in Splunk Search 11-16-2020 0 2	0	2
values mismatch i have issue where i am comparing values from 2 fields which will have same value always, but sometimes it differs. I... by akumar Loves-to-Learn Lots in Splunk Search 11-16-2020 0 6	0	6
Extract numerical value from text logs and get max occurrence of the number I want to extract a number from logs where the line of interest looks like,INFO 2020-11-16 12:11:47,161 [ThreadName-1... by vinayakolhapure Engager in Splunk Search 11-16-2020 0 2	0	2
Search for an adjacent IP address Hi.I have an alert that'll tell me if a host is down, and it runs for both Active and Standby hosts.The issue is that... by logginz85 Explorer in Splunk Search 11-16-2020 0 3	0	3
Compare search field to multiple lookup fields I have field src_ip in my data. My lookup fields: ip1, ip2, ip3, ip4, user What I want is to find matching pairs i... by user2020dy Path Finder in Splunk Search 11-16-2020 0 3	0	3