Splunk Search

Community Activity

summing up rows by two column Hi there, I have a table with 5 fields. E column is numeric value, C is sub category of AI want to sum E by column C ... by ISP8055 Path Finder in Splunk Search 10-05-2020 0 2	0	2
\|rex field=_raw (? Hi All, I am trying to use below regex in my splunk SPL, which is working fin in rubular but not working as SPL. \|rex... by vijaya5 Engager in Splunk Search 10-05-2020 0 3	0	3
web event start time, splunk record time and endtime in http stream data Given free sample http stream data download from splunk website. I got two questions with start time, record time and... by cyberfan Explorer in Splunk Search 10-05-2020 0 1	0	1
how to convert bytes to second in report. Hello. I'm buliding a report where i want byte to be converted into seconds/millisecond.any idea how to do that sourc... by Aps17 Explorer in Splunk Search 10-05-2020 1 5	1	5
splunk external lookup returning multiple rows as a single row Hello,I'm very new to splunk. I have a task to query an external bug system and display the results in splunk using a... by binoy3012 Explorer in Splunk Search 10-05-2020 0 4	0	4
Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table. Hello, guysHave troubles with the output of lookup command.I know the right syntax of command:...\| lookup <lookup-tab... by user2020dy Path Finder in Splunk Search 10-05-2020 0 4	0	4
What alert search can I use to check and alert on a HF not forwarding any data. Is there a heart beat from the HF I can monitor and if not detected, alert on it ? by JTS911 Explorer in Splunk Search 10-05-2020 0 2	0	2
Vulnerabilty scanned systems per month Hi,I would like to do a search that gives me the number of systems with a vulnerability per month.I've tried this sea... by unitrium Explorer in Splunk Search 10-05-2020 0 4	0	4
Convert Decimal to Time Format Hello, I currently have the below search will calculates on average how much time is being spent on the alerts that S... by nlisle New Member in Splunk Search 10-05-2020 0 2	0	2
find ERROR and remove duplicate from those and then classify errors output should have result something like below:error countabc 40xyz 50 by twinkleparmar Loves-to-Learn in Splunk Search 10-05-2020 0 1	0	1
Split complex event to key value table Hi,I'm trying to split this event into anamevalueFieldAfalseFieldB5key-value table org.Data@28c839cfname=FieldA, valu... by ormoush Engager in Splunk Search 10-05-2020 0 1	0	1
automated web interface login for kiosk I am building a kiosk and before updating to 6.2 I was able to use the id and value tags for the web interface login.... by chanson Engager in Splunk Search 10-05-2020 1 5	1	5
search for net-logon with less false positive we want to check any zero-logon exploit in the environment, is there splunk search available? how to detect malicious... by cyberfan Explorer in Splunk Search 10-05-2020 0 4	0	4
Extract URL field in datamodel Hello, guysI`m trying to extract URL field from my log in Data Model (it is not extracted from _raw log and is not se... by user2020dy Path Finder in Splunk Search 10-05-2020 0 2	0	2
Eventstats not returning expected results Hi Splunk Gurus! I have come across an absurd issue where my eventstats is not recognizing the field value. Sample Pr... by smruti13 Observer in Splunk Search 10-05-2020 0 1	0	1
How to sort concatenated DATE&TIME field? Hi,I have concatenated my DATE & TIME Field as below\| eval DATE&TIME=DATE." ".TIMEEXAMPLE:(%m/%d/%Y %H:%S)12/09/2017... by Ashwini008 Builder in Splunk Search 10-05-2020 1 2	1	2
Usage of fieldname and field value for a foreach macro Hi,I am trying to produce a macro with an event summary that would contain both the field name and field value and a ... by esmond Engager in Splunk Search 10-05-2020 0 2	0	2
Search a field for multiple values I am attempting to search a field, for multiple values. this is the syntax I am using: < mysearch > field=value1,v... by tmarlette Motivator in Splunk Search 10-04-2020 2 7	2	7
benefits of using search command Hi, any one knows the benefits of search command?search src="10.9.165." and src_ip="10.9.165." , any difference? by cyberfan Explorer in Splunk Search 10-04-2020 1 2	1	2
Correlate data from two diffrent splunk logs and evaluate the diffrence of time fields in both logs. Hi, i am relatively newer to SPL, i have a usecase to evaluate time difference bwn two fields in two different logs ... by venky10 Loves-to-Learn Everything in Splunk Search 10-04-2020 0 13	0	13
Hello, I need help to extract a value from a string Hi everyone,I hope someone can help me with the following situation.I have multiple events generated from Azure Devop... by flck Path Finder in Splunk Search 10-03-2020 1 3	1	3
make multivalue field from job ID matching multiple customer IDs In events that we extract CID and JID from, I would like to have an output of all JID that interacted with multiple C... by jonzatlmi Explorer in Splunk Search 10-03-2020 0 5	0	5
Updating KV Store Field Value For Several Events Hello, I am having problems approaching this problem. Say we have a KV store that stores asset information from a few... by joemarty82 Explorer in Splunk Search 10-02-2020 0 0	0	0
lookup input value null Hey,I am trying to work with lookup table where input contains 3 fields (A,B,C) and output is DLookup table structure... by shayhibah Path Finder in Splunk Search 10-02-2020 0 1	0	1
first packet recorded of the reconnaissance any idea to write the query to capture the first packet recorded of the reconnaissance from the vulnerability scanne... by cyberfan Explorer in Splunk Search 10-02-2020 0 1	0	1