Splunk Search

Community Activity

Combine and count results from two queries without join command So, if I have an index=abc with fields a,bAlso, I have index=xyz with fields b,cNow I want to count the results where... by Sakshi_Parashar Engager in Splunk Search 10-25-2020 0 2	0	2
Can find a field value only when using a wildcard prefix Hello,I have field name: let's call it - "foo" and a value I desire to add to my search - "bar".When I execute a norm... by ilyar Observer in Splunk Search 10-25-2020 0 6	0	6
what is the difference between 'usenull' and 'fillnull' command in splunk? I want to know what is the difference between usenull and fillnull command in the splunk? can anyone help me with it ... by aarthirajaraman Engager in Splunk Search 10-25-2020 1 2	1	2
Transaction not using time ordered events Hi,I am trying to order events of wireshark data i.e. events liketime1 src, dst,src_port,dst_port SYN time2 src, ... by huaraz Explorer in Splunk Search 10-24-2020 0 1	0	1
How to execute two join queries in different time interval? Hi Splunk Team,I have a quick question. I'm writing a join query wherein i want the query A ("Birth Test") to execute... by djroks89 Explorer in Splunk Search 10-24-2020 0 1	0	1
How do I pull text our of a log to create a visual? Hi, This might be a super basic question but I have a log and I need to create a dashboard that represents a value fo... by roderickjones Engager in Splunk Search 10-23-2020 0 2	0	2
Aggregate stats functions Hi folks,host=* AlertType="Warning" \|bucket _time span=day\| stats count min(count) max(count) avg(count) stdev(count... by Marco Communicator in Splunk Search 10-23-2020 0 1	0	1
Activity Counts I am looking for a way to list the counts by customer (for example, including 0 activity) for the past hour, among al... by OliverG91 Explorer in Splunk Search 10-23-2020 1 2	1	2
Need help with Tenable SC query I got a search query but I need help displaying the failed scans of the IP or devices. What field I use for that part... by mackmarvin New Member in Splunk Search 10-23-2020 0 1	0	1
View large data downloads What command would I use to check if anyone has downloaded a large file(s) before they were terminated? by Fei New Member in Splunk Search 10-23-2020 0 1	0	1
Find knowledge Objects that are using sourcetypes I need to find the users that are using sourcetypes in their savedsearches (reports/dashboards).I have list of source... by vamsigurram Path Finder in Splunk Search 10-23-2020 0 3	0	3
How to isolate a specific field in a lookup file I'm working on a project for work where I want to see employee entry data for specific groups. We have a lookup file ... by msage Path Finder in Splunk Search 10-23-2020 1 3	1	3
Could not use strptime to parse timestamp " having a problem creating proper TIME_FORMAT for the following data. Seeing "Could not use strptime to parse timesta... by fisuser1 Contributor in Splunk Search 10-23-2020 0 1	0	1
Count of computers user triggered event code to by count of events of that event code Hi All,I am trying to find:Users using event code 4769The count of computers a user connects to within 1hr which is g... by Mckechnie Engager in Splunk Search 10-23-2020 0 1	0	1
Extract variable between pipe symbol from log and use it for query I have a log generated in splunk which will have unique id in with pipe symbols:ex: 19:46:47.146 - [http-nio-8000... by krishman23 Explorer in Splunk Search 10-23-2020 0 7	0	7
Set difference between two output of two query I have two query i want to get those result that are in query 1 but not in query 2Query 1 :index=APP_SERVER- source=A... by Nilesh067 Explorer in Splunk Search 10-23-2020 0 3	0	3
Nessus add-on: How to obtain vulnerability count, host count, and vulnerability count per host My employer recently stood up the Tenable connector to Splunk and are looking to take full advantage of it. My experi... by giventofly08 Explorer in Splunk Search 10-23-2020 1 1	1	1
Calculate Index Size increase 24 hours. No admin privilege. Hi Team,Please note - No Admin privilege to run query on _internal indexI want to calculate the amount of data ingest... by asing13 Path Finder in Splunk Search 10-23-2020 1 4	1	4
Field Extraction - Hostname with inconsistent I'm trying to do a field extraction for a hostname field that has some inconsistency with the format.There are two ty... by jpsheridan Engager in Splunk Search 10-23-2020 1 4	1	4
Combine similar queries to create summary index How can I combine these 3 queries given everything before pipe is same:query1: index=abc source="*/d/e/f.log" artifac... by mukeshchandak Engager in Splunk Search 10-22-2020 0 1	0	1
How to use colors on Tree View Hi,I'd like to know how can I apply colors on the icon according to range values on Tree View (custom viz). The imag... by caioandrades Loves-to-Learn Lots in Splunk Search 10-22-2020 0 1	0	1
Dashboard i want add Radio button in which i want setting that when i will select MFG host it will show all MFG host result a... by uagraw01 Motivator in Splunk Search 10-22-2020 0 1	0	1
How to split user agent details Hi I am new to splunk, and I need some help with SPL query to execute the below user agentLog File - " Mozilla/5.0 (L... by jaibalaraman Path Finder in Splunk Search 10-22-2020 0 11	0	11
CloudTrail Alert: Instances: Reboot/Stop/Terminate Actions - query not working Hi We have installed " Splunk for AWS", how the below alert is not working and search result turn up as " No result f... by jaibalaraman Path Finder in Splunk Search 10-22-2020 0 1	0	1
How to show the Minimum and Maximum duration for last 90 days in a timechart? Hello guys I am displaying a TimeChart of average of Duration and a Baseline for last 30 days..It is working proper... by Rohit_Mallah New Member in Splunk Search 10-22-2020 0 10	0	10