Splunk Search

Community Activity

Detecting successful login after multiple failed logins in a transaction I'm not very good with SPL. I currently have Linux application logs that show the IP address, user name, and if the u... by st1 Path Finder in Splunk Search 08-28-2024 0 2	0	2
Reference multiple fields into a single name Is there a way to reference or combine multiple fields into a single name so that it can be referenced by that new na... by irkey Explorer in Splunk Search 08-27-2024 1 5	1	5
Splunk wont open on localhost:8000. Im getting a "not found" error. On trying to start splunk in the 'bin' folder I am getting am error. Any help appreci... by ksukumaran New Member in Splunk Search 08-27-2024 0 10	0	10
Is it required to set a static ip on the localhost for Splunk with Universal Forwarder to work? I'm a student running the free Community Edition in my homelab. My host currently receives a dynamic IP. Is a static ... by elsaddiq Engager in Splunk Search 08-27-2024 0 4	0	4
Before and after values from separate events. Hi, I have a log that tracks user changes to a specific field in a form. The process is as follows:1. The user access... by apiprek2 Explorer in Splunk Search 08-27-2024 0 2	0	2
Is there a way to get the addcototals to show in the first column instead of appending to the last? Here is my current query. I either get the Totals label in the last column or not at all. I need it to show in the fi... by Substance82 Path Finder in Splunk Search 08-27-2024 0 3	0	3
REST Splunk job Hi Splunkers,I'm trying to get diskusage for searches running by user. \| rest /services/search/jobs \| rex field=event... by bharat Engager in Splunk Search 08-27-2024 0 3	0	3
Find Event B Based on the time of Event A I have a search which yields a time and correlated serial number for event A.I want to use this time and serial numbe... by nkavouris Path Finder in Splunk Search 08-27-2024 0 1	0	1
Summarize date per week Good day,I have a query to summarize data per week. Is there a way to display my tables in a better way as my dates f... by JandrevdM Path Finder in Splunk Search 08-27-2024 0 4	0	4
Suppression in Es by applying time limit Hello,I want to write a suppression in Splunk ES that suppresses an event if a specific process occurs at 11 AM every... by fahimeh Explorer in Splunk Search 08-27-2024 0 5	0	5
Confusing in Windows Export Certificate Rule According to Windows Export Certificate - Splunk Security Content it using macros in the first query `certificateserv... by zksvc Contributor in Splunk Search 08-27-2024 0 2	0	2
Where i can update legit_domains.csv Hi everyone i want to ask where can i get latest update for legit_domains.csv ?Ask here because when i check it in lo... by zksvc Contributor in Splunk Search 08-26-2024 0 6	0	6
Regex Query I am new to regex.I want to just extract Catalog-Import from the below query.. can anyone help how i can do this? [20... by AmrSK New Member in Splunk Search 08-26-2024 0 1	0	1
Ai to assist in creating valid regex expressions Ai to assist in creating valid regex expressions would be super helpful. by summersjc Engager in Splunk Search 08-26-2024 0 2	0	2
How can i filter out source IP addresses, based on results from previous search (syslog in splunk) HI, I have a customer using splunk for just syslog. There has recently been a ddos attack, we are looking to report o... by MrSuperSeven New Member in Splunk Search 08-26-2024 0 4	0	4
How to pull next 5 events that meet criteria after different event? I am looking to record a measurement which is taken after the transition from Home state to Diagnostic State, I am ca... by nkavouris Path Finder in Splunk Search 08-26-2024 0 2	0	2
how to add the total in GB I need to add the total GB. Please let me know how to add the over all total. Index Source-Type ... by harishsplunk7 Explorer in Splunk Search 08-26-2024 0 8	0	8
Check latest status and print the reason on failure Hi , I have the logs written in the below manner26/08/2024 10:27 method=are status=failed run_id_12326/08/2024 10:28 ... by Narmathavairava Loves-to-Learn in Splunk Search 08-26-2024 0 1	0	1
sPath command Missing random few values from JSON Array In the data, there is an array of 5 commit IDs. For some reason, it is only returning 3 values. Not sure why 2 value... by premrajvs Explorer in Splunk Search 08-26-2024 0 3	0	3
Join two queries with different fields Hi All,I have two queries which searches for users that use an app. The apps are not in the same fields which was why... by JandrevdM Path Finder in Splunk Search 08-26-2024 0 1	0	1
Collecting Stormshield logs Hello,I need to collect logs from a firewall Stormshield. Do you have any suggestions on how to gather these logs, or... by BRFZ Communicator in Splunk Search 08-26-2024 0 3	0	3
botsv1 how do i determine when to use index=botsv1 ? by whales New Member in Splunk Search 08-25-2024 0 1	0	1
what's the best way to create a table of the app name, found data, and log snippet requirements:find and save sensitive data fields from logsSave log snippet around sensitive data fieldRemove duplicat... by llh New Member in Splunk Search 08-23-2024 0 1	0	1
Search Help- Not sure how to Title I'm trying to achieve the following output using the table command, but am hitting a snag. Vision IDTransactionsGood... by Substance82 Path Finder in Splunk Search 08-23-2024 0 1	0	1
How to find variable in argument map for a saved search? Hello, When trying to execute a savedsearch from the UI , it throws an error :Error in 'savedsearch' command: Encoun... by neerajs_81 Builder in Splunk Search 08-23-2024 0 5	0	5