Splunk Search

Community Activity

	How to extract all vault in a one _raw data ? Hi all: I'm a rookie user ask for help, I want to extract all vault in one _raw data(CLI command log as belo... by Juns Loves-to-Learn in Splunk Search 08-17-2024 0 1	0	1
	Exclude specific values from Eval case matches Hello, How can I get my eval case like to match all values except a specific value ? I have below values for a fie... by neerajs_81 Builder in Splunk Search 08-17-2024 0 2	0	2
	Need help with a Query I have a dataset to visualize my organization in Splunk. When I search for Org=CDO, I get all the direct reports unde... by satyaallaparthi Communicator in Splunk Search 08-16-2024 0 1	0	1
	Adding of value in splunk number string Hello Splunkers!!I want to achieve below results in Splunk. Please help me how to achieve this in SPL. Whenever the f... by uagraw01 Motivator in Splunk Search 08-16-2024 0 5	0	5
	Cisco ASA versus FTD parsing We have both Cisco ASA and FTD firewalls. The ASA is parsing fine where the appropriate fields are extracted. As fo... by FPERVIL Explorer in Splunk Search 08-16-2024 0 3	0	3
	How do you dynamically remove fields containing NULL value in a table? Hi, I have a table with dynamic fields, some of these fields contain no value or NULL, how do I remove these fields w... by RonWonkers Path Finder in Splunk Search 08-16-2024 0 3	0	3
	Query to search splunk data result into Postman Hello,I send a GET request to Postman as follows -curl -u <username> -k https://<url>.net:8089/services/jobs/export -... by MK3 Explorer in Splunk Search 08-16-2024 0 1	0	1
	Updating one Field in a lookup table Hello All, I'm having a task to measure the compliancy of Security solution onboarded on the SIEM, that means i have... by MoeTaher Observer in Splunk Search 08-16-2024 0 5	0	5
	How/Why am I am getting more events and less statistics for a last 24 hours period as compared to a last 4 hours window Hi all,index=sky sourcetype=sky_trade_wss_timestamp\| rex field=_raw "trade_id=\"(?<trade_id>\X+)\", event_id"\| rex fi... by wm Loves-to-Learn Everything in Splunk Search 08-16-2024 0 2	0	2
	Getting error ImportError: libssl.so.1.0.0: cannot open shared object file: No such file or directory we have recently upgraded from splunk 8.x to 9.x after which all python scripts are failing with ssl errors we have u... by deepthi5 Path Finder in Splunk Search 08-15-2024 0 2	0	2
	Splunk search query: monitoring between specified log lines and getting count Hi all!I would like to create a no_msg_wait_time column here.This is my existing splunk search query: index=index sou... by wm Loves-to-Learn Everything in Splunk Search 08-15-2024 0 9	0	9
	How to include arguments in search macros with non-alphanumeric values I have arguments for my macro that contain other values e.g. $env:user$ and $timepicker.earliest$/$timepicker.latest$... by cherrypick Path Finder in Splunk Search 08-15-2024 0 4	0	4
	How to trigger an alert when status field is true for more than 5 min no matter the amount of event I have search query, if the Status is field is true for more than 5 min, I need to trigger an alert no matter the Ev... by Cheng2Ready Communicator in Splunk Search 08-15-2024 0 3	0	3
	Count not showing up for events I am not seeing results for count on each of the fields for the 2 different searches below: The first one shows the... by kmm2 Path Finder in Splunk Search 08-15-2024 0 5	0	5
	HOWTO monitor previous 2 log lines from a specific log line and calculate time difference? This is my current search queryindex=abc sourcetype = example_sourcetype \| transaction startswith="Saved messages to ... by wm Loves-to-Learn Everything in Splunk Search 08-15-2024 0 3	0	3
	inputlookup I have a csv with ip addresses. I would like to conduct a search for addresses that are NOT listed in that csv. I wa... by timgmanCORP Observer in Splunk Search 08-14-2024 0 2	0	2
	Time Stamp Help! Hello, I have time stamps that are not matching. How do I table the actual "Event log time stamp" ? Splunk Time stamp... by kc_prane Communicator in Splunk Search 08-14-2024 0 5	0	5
	Search multiple hosts with one search string How would I search multiple hosts with one search string? I have 6 hosts and want the results for all: Search Strin... by Xe03kfp Path Finder in Splunk Search 08-14-2024 0 10	0	10
	search for who modified system settings in splunk cloud Is there a way to see who modified system settings in Splunk Cloud? For example we recently had an issue where an Sp... by jay_cambra Observer in Splunk Search 08-14-2024 0 1	0	1
	Splunk data to Postgres database Hello.I have Splunk Enterprise (https://splunk6.****.net run from a browser) and am running a query collecting result... by MK3 Explorer in Splunk Search 08-14-2024 0 1	0	1
	I want to find the percentage of success rate over the total amount events need help Hi, So, I got an issue where I have a log and the log has a field called ERROR_MESSAGES for each event that ends in... by OgoNARA Explorer in Splunk Search 08-14-2024 0 2	0	2
	Using input lookup Hello,If I want to use a external file that contains 2 columns C and D and use those mappings to a existing query tha... by MK3 Explorer in Splunk Search 08-14-2024 0 3	0	3
	Wants to compare last 4 hours data with last 2 days data over the same time Hi Splunk experts,I want to compare the response code of our API for last 4 hours with last 2 days data over the same... by Sishad Explorer in Splunk Search 08-14-2024 0 4	0	4
	Compare 2 calculated values in a chart Hi All,I am trying to calculate 2 values by multiplication and then compare these 2 values on a column/bar chart. My ... by Declan123 Explorer in Splunk Search 08-14-2024 0 2	0	2
	Help with self join Hi, I have a single search that produces the following table where fieldA and fieldB are arbitrary strings that may b... by tly22 Explorer in Splunk Search 08-14-2024 0 5	0	5