Splunk Search

Community Activity

How to find all alerts with a specific alert action? I'm trying to find all the saved alerts that have a certain action. I've found this search:\|rest/servicesNS/-/-/saved... by TylerJVitale Explorer in Splunk Search 10-27-2020 0 0	0	0
Merging 2 stats from one search query Hi guys, This little (?) thing's has been wrecking my head all weekend. I'm trying to merge 2 stats commands, or some... by klaudiac Path Finder in Splunk Search 10-27-2020 0 1	0	1
How to extract json values I have an event in json which has key pairs like:{<!-- -->"timestamp": 157281937,"message":"abc\xyz\pqr\efg",} I have to crea... by tsm0099 Explorer in Splunk Search 10-27-2020 0 6	0	6
Jenkins JSON test results into table by build I'm wondering if the following table structure is possible (without custom JS).Raw events are from Jenkins plugin. Be... by JykkeDaMan Path Finder in Splunk Search 10-27-2020 0 10	0	10
[Need Help] how to reverse the time scale and corresponding count in x axis from timechart. Hi team,I have below query index=*bizx_application AND sourcetype=perf_log_bizx AND AutoSaveForm OR SaveFormV2 OR Sav... by cheriemilk Path Finder in Splunk Search 10-26-2020 0 7	0	7
Rename the existing Correlation search? Hi Splunkers, Whats the best way to rename the existing correlation search.? by renjujacob88 Path Finder in Splunk Search 10-26-2020 1 4	1	4
Joining data from multiple events with stats Hoping someone can help me to join data in the same index across multiple events. Here is the event dataindexevent_ty... by mike_nau Engager in Splunk Search 10-26-2020 1 3	1	3
Getting a comma separate string from values function within stats command When I extract the list of values of a field in stats command, the values appear in separate lines making the output ... by ramesh Engager in Splunk Search 10-26-2020 3 7	3	7
Error extracting username when using the \| rex field= statement I have a user field where the name may or may not be prefixed with DOMAIN\ as shown below:DOMAIN\CWIX-USER-SC-4a.rose... by cantrellr New Member in Splunk Search 10-26-2020 0 2	0	2
Combine 3 queries using a common field Hi I have 3 queries as below and all 3 of them have a common field "loaderId". I used join to combine their results ... by vinoths_82 Explorer in Splunk Search 10-26-2020 1 3	1	3
Searching local directories I am trying to add and search data directly from my local file directory in splunk. I went to setting > data inputs >... by jjriver2 New Member in Splunk Search 10-26-2020 0 2	0	2
How to extract value from a string Hi everyoneI need to extract value from a string before a specific character "_X" Where X is any integerPlease note o... by Emily12 Explorer in Splunk Search 10-26-2020 0 2	0	2
Subsearching within time frame Hi everyone,I'm new to Splunk. I've got this search query:host="..." earliest=-30d latest=now \| stats distinct_count(... by barakb Engager in Splunk Search 10-26-2020 0 3	0	3
Lookup table for search exclusions using a combination of multiple fields I have an alert to discover logins from accounts on servers and workstations. Some of these logins are normal and so ... by geoffmoraes Path Finder in Splunk Search 10-26-2020 0 3	0	3
How to i match the latest date value in lookup file? Hi,I am a newbie to SPL and would like some help.I want to find the latest date field in my lookup file file.My test.... by hvdtol Path Finder in Splunk Search 10-26-2020 0 4	0	4
escape backslash in dynamic search hi there,i created a dashbord with drilldown values with backslash.how can i escape those backslash to ged values in ... by LiorG Engager in Splunk Search 10-26-2020 1 3	1	3
Combine and count results from two queries without join command So, if I have an index=abc with fields a,bAlso, I have index=xyz with fields b,cNow I want to count the results where... by Sakshi_Parashar Engager in Splunk Search 10-25-2020 0 2	0	2
Can find a field value only when using a wildcard prefix Hello,I have field name: let's call it - "foo" and a value I desire to add to my search - "bar".When I execute a norm... by ilyar Observer in Splunk Search 10-25-2020 0 6	0	6
what is the difference between 'usenull' and 'fillnull' command in splunk? I want to know what is the difference between usenull and fillnull command in the splunk? can anyone help me with it ... by aarthirajaraman Engager in Splunk Search 10-25-2020 1 2	1	2
Transaction not using time ordered events Hi,I am trying to order events of wireshark data i.e. events liketime1 src, dst,src_port,dst_port SYN time2 src, ... by huaraz Explorer in Splunk Search 10-24-2020 0 1	0	1
How to execute two join queries in different time interval? Hi Splunk Team,I have a quick question. I'm writing a join query wherein i want the query A ("Birth Test") to execute... by djroks89 Explorer in Splunk Search 10-24-2020 0 1	0	1
How do I pull text our of a log to create a visual? Hi, This might be a super basic question but I have a log and I need to create a dashboard that represents a value fo... by roderickjones Engager in Splunk Search 10-23-2020 0 2	0	2
Aggregate stats functions Hi folks,host=* AlertType="Warning" \|bucket _time span=day\| stats count min(count) max(count) avg(count) stdev(count... by Marco Communicator in Splunk Search 10-23-2020 0 1	0	1
Activity Counts I am looking for a way to list the counts by customer (for example, including 0 activity) for the past hour, among al... by OliverG91 Explorer in Splunk Search 10-23-2020 1 2	1	2
Need help with Tenable SC query I got a search query but I need help displaying the failed scans of the IP or devices. What field I use for that part... by mackmarvin New Member in Splunk Search 10-23-2020 0 1	0	1