Splunk Search

Community Activity

Subsearching within time frame Hi everyone,I'm new to Splunk. I've got this search query:host="..." earliest=-30d latest=now \| stats distinct_count(... by barakb Engager in Splunk Search 10-26-2020 0 3	0	3
Lookup table for search exclusions using a combination of multiple fields I have an alert to discover logins from accounts on servers and workstations. Some of these logins are normal and so ... by geoffmoraes Path Finder in Splunk Search 10-26-2020 0 3	0	3
How to i match the latest date value in lookup file? Hi,I am a newbie to SPL and would like some help.I want to find the latest date field in my lookup file file.My test.... by hvdtol Path Finder in Splunk Search 10-26-2020 0 4	0	4
escape backslash in dynamic search hi there,i created a dashbord with drilldown values with backslash.how can i escape those backslash to ged values in ... by LiorG Engager in Splunk Search 10-26-2020 1 3	1	3
Combine and count results from two queries without join command So, if I have an index=abc with fields a,bAlso, I have index=xyz with fields b,cNow I want to count the results where... by Sakshi_Parashar Engager in Splunk Search 10-25-2020 0 2	0	2
Can find a field value only when using a wildcard prefix Hello,I have field name: let's call it - "foo" and a value I desire to add to my search - "bar".When I execute a norm... by ilyar Observer in Splunk Search 10-25-2020 0 6	0	6
what is the difference between 'usenull' and 'fillnull' command in splunk? I want to know what is the difference between usenull and fillnull command in the splunk? can anyone help me with it ... by aarthirajaraman Engager in Splunk Search 10-25-2020 1 2	1	2
Transaction not using time ordered events Hi,I am trying to order events of wireshark data i.e. events liketime1 src, dst,src_port,dst_port SYN time2 src, ... by huaraz Explorer in Splunk Search 10-24-2020 0 1	0	1
How to execute two join queries in different time interval? Hi Splunk Team,I have a quick question. I'm writing a join query wherein i want the query A ("Birth Test") to execute... by djroks89 Explorer in Splunk Search 10-24-2020 0 1	0	1
How do I pull text our of a log to create a visual? Hi, This might be a super basic question but I have a log and I need to create a dashboard that represents a value fo... by roderickjones Engager in Splunk Search 10-23-2020 0 2	0	2
Aggregate stats functions Hi folks,host=* AlertType="Warning" \|bucket _time span=day\| stats count min(count) max(count) avg(count) stdev(count... by Marco Communicator in Splunk Search 10-23-2020 0 1	0	1
Activity Counts I am looking for a way to list the counts by customer (for example, including 0 activity) for the past hour, among al... by OliverG91 Explorer in Splunk Search 10-23-2020 1 2	1	2
Need help with Tenable SC query I got a search query but I need help displaying the failed scans of the IP or devices. What field I use for that part... by mackmarvin New Member in Splunk Search 10-23-2020 0 1	0	1
View large data downloads What command would I use to check if anyone has downloaded a large file(s) before they were terminated? by Fei New Member in Splunk Search 10-23-2020 0 1	0	1
Find knowledge Objects that are using sourcetypes I need to find the users that are using sourcetypes in their savedsearches (reports/dashboards).I have list of source... by vamsigurram Path Finder in Splunk Search 10-23-2020 0 3	0	3
How to isolate a specific field in a lookup file I'm working on a project for work where I want to see employee entry data for specific groups. We have a lookup file ... by msage Path Finder in Splunk Search 10-23-2020 1 3	1	3
Could not use strptime to parse timestamp " having a problem creating proper TIME_FORMAT for the following data. Seeing "Could not use strptime to parse timesta... by fisuser1 Contributor in Splunk Search 10-23-2020 0 1	0	1
Count of computers user triggered event code to by count of events of that event code Hi All,I am trying to find:Users using event code 4769The count of computers a user connects to within 1hr which is g... by Mckechnie Engager in Splunk Search 10-23-2020 0 1	0	1
Extract variable between pipe symbol from log and use it for query I have a log generated in splunk which will have unique id in with pipe symbols:ex: 19:46:47.146 - [http-nio-8000... by krishman23 Explorer in Splunk Search 10-23-2020 0 7	0	7
Set difference between two output of two query I have two query i want to get those result that are in query 1 but not in query 2Query 1 :index=APP_SERVER- source=A... by Nilesh067 Explorer in Splunk Search 10-23-2020 0 3	0	3
Nessus add-on: How to obtain vulnerability count, host count, and vulnerability count per host My employer recently stood up the Tenable connector to Splunk and are looking to take full advantage of it. My experi... by giventofly08 Explorer in Splunk Search 10-23-2020 1 1	1	1
Calculate Index Size increase 24 hours. No admin privilege. Hi Team,Please note - No Admin privilege to run query on _internal indexI want to calculate the amount of data ingest... by asing13 Path Finder in Splunk Search 10-23-2020 1 4	1	4
Field Extraction - Hostname with inconsistent I'm trying to do a field extraction for a hostname field that has some inconsistency with the format.There are two ty... by jpsheridan Engager in Splunk Search 10-23-2020 1 4	1	4
Combine similar queries to create summary index How can I combine these 3 queries given everything before pipe is same:query1: index=abc source="*/d/e/f.log" artifac... by mukeshchandak Engager in Splunk Search 10-22-2020 0 1	0	1
How to use colors on Tree View Hi,I'd like to know how can I apply colors on the icon according to range values on Tree View (custom viz). The imag... by caioandrades Loves-to-Learn Lots in Splunk Search 10-22-2020 0 1	0	1