Splunk Search

Community Activity

Joining data from multiple events with stats Hoping someone can help me to join data in the same index across multiple events. Here is the event dataindexevent_ty... by mike_nau Engager in Splunk Search 10-26-2020 1 3	1	3
Getting a comma separate string from values function within stats command When I extract the list of values of a field in stats command, the values appear in separate lines making the output ... by ramesh Engager in Splunk Search 10-26-2020 3 7	3	7
Error extracting username when using the \| rex field= statement I have a user field where the name may or may not be prefixed with DOMAIN\ as shown below:DOMAIN\CWIX-USER-SC-4a.rose... by cantrellr New Member in Splunk Search 10-26-2020 0 2	0	2
Combine 3 queries using a common field Hi I have 3 queries as below and all 3 of them have a common field "loaderId". I used join to combine their results ... by vinoths_82 Explorer in Splunk Search 10-26-2020 1 3	1	3
Searching local directories I am trying to add and search data directly from my local file directory in splunk. I went to setting > data inputs >... by jjriver2 New Member in Splunk Search 10-26-2020 0 2	0	2
How to extract value from a string Hi everyoneI need to extract value from a string before a specific character "_X" Where X is any integerPlease note o... by Emily12 Explorer in Splunk Search 10-26-2020 0 2	0	2
Subsearching within time frame Hi everyone,I'm new to Splunk. I've got this search query:host="..." earliest=-30d latest=now \| stats distinct_count(... by barakb Engager in Splunk Search 10-26-2020 0 3	0	3
Lookup table for search exclusions using a combination of multiple fields I have an alert to discover logins from accounts on servers and workstations. Some of these logins are normal and so ... by geoffmoraes Path Finder in Splunk Search 10-26-2020 0 3	0	3
How to i match the latest date value in lookup file? Hi,I am a newbie to SPL and would like some help.I want to find the latest date field in my lookup file file.My test.... by hvdtol Path Finder in Splunk Search 10-26-2020 0 4	0	4
escape backslash in dynamic search hi there,i created a dashbord with drilldown values with backslash.how can i escape those backslash to ged values in ... by LiorG Engager in Splunk Search 10-26-2020 1 3	1	3
Combine and count results from two queries without join command So, if I have an index=abc with fields a,bAlso, I have index=xyz with fields b,cNow I want to count the results where... by Sakshi_Parashar Engager in Splunk Search 10-25-2020 0 2	0	2
Can find a field value only when using a wildcard prefix Hello,I have field name: let's call it - "foo" and a value I desire to add to my search - "bar".When I execute a norm... by ilyar Observer in Splunk Search 10-25-2020 0 6	0	6
what is the difference between 'usenull' and 'fillnull' command in splunk? I want to know what is the difference between usenull and fillnull command in the splunk? can anyone help me with it ... by aarthirajaraman Engager in Splunk Search 10-25-2020 1 2	1	2
Transaction not using time ordered events Hi,I am trying to order events of wireshark data i.e. events liketime1 src, dst,src_port,dst_port SYN time2 src, ... by huaraz Explorer in Splunk Search 10-24-2020 0 1	0	1
How to execute two join queries in different time interval? Hi Splunk Team,I have a quick question. I'm writing a join query wherein i want the query A ("Birth Test") to execute... by djroks89 Explorer in Splunk Search 10-24-2020 0 1	0	1
How do I pull text our of a log to create a visual? Hi, This might be a super basic question but I have a log and I need to create a dashboard that represents a value fo... by roderickjones Engager in Splunk Search 10-23-2020 0 2	0	2
Aggregate stats functions Hi folks,host=* AlertType="Warning" \|bucket _time span=day\| stats count min(count) max(count) avg(count) stdev(count... by Marco Communicator in Splunk Search 10-23-2020 0 1	0	1
Activity Counts I am looking for a way to list the counts by customer (for example, including 0 activity) for the past hour, among al... by OliverG91 Explorer in Splunk Search 10-23-2020 1 2	1	2
Need help with Tenable SC query I got a search query but I need help displaying the failed scans of the IP or devices. What field I use for that part... by mackmarvin New Member in Splunk Search 10-23-2020 0 1	0	1
View large data downloads What command would I use to check if anyone has downloaded a large file(s) before they were terminated? by Fei New Member in Splunk Search 10-23-2020 0 1	0	1
Find knowledge Objects that are using sourcetypes I need to find the users that are using sourcetypes in their savedsearches (reports/dashboards).I have list of source... by vamsigurram Path Finder in Splunk Search 10-23-2020 0 3	0	3
How to isolate a specific field in a lookup file I'm working on a project for work where I want to see employee entry data for specific groups. We have a lookup file ... by msage Path Finder in Splunk Search 10-23-2020 1 3	1	3
Could not use strptime to parse timestamp " having a problem creating proper TIME_FORMAT for the following data. Seeing "Could not use strptime to parse timesta... by fisuser1 Contributor in Splunk Search 10-23-2020 0 1	0	1
Count of computers user triggered event code to by count of events of that event code Hi All,I am trying to find:Users using event code 4769The count of computers a user connects to within 1hr which is g... by Mckechnie Engager in Splunk Search 10-23-2020 0 1	0	1
Extract variable between pipe symbol from log and use it for query I have a log generated in splunk which will have unique id in with pipe symbols:ex: 19:46:47.146 - [http-nio-8000... by krishman23 Explorer in Splunk Search 10-23-2020 0 7	0	7