Splunk Search

Community Activity

finding alerts (saved searchs) based on alarm IDs or other event contents Usually I find an individual alert, i.e., a saved search, among a large number of alerts by searching for it by name.... by MarcRiese Explorer in Splunk Search 10-06-2020 0 1	0	1
How to remove first 8 numbers of a field I have a set of devices that are identified by a very long 15 number. The first 8 numbers are just a prefix which we ... by adrianrepublic Explorer in Splunk Search 10-06-2020 1 3	1	3
Splunk relative time Today is 10/2/2020. I need to execute 6 searches using relative time for last month (earliest= & latest=) that are ea... by jdmclemore Path Finder in Splunk Search 10-06-2020 1 6	1	6
Problem with Date Time Manipulation for date in the year 1970 I have an index that has the fields start date and end date. I need to find the difference between the two timestamps... by MohammadYusuf Engager in Splunk Search 10-06-2020 0 2	0	2
slow splunk seaches A simple search(index="xx" source="/aa/bb/cc.log") made on my searchead takes 4 minutes to display 7.5 millon events ... by gauravmsharma Path Finder in Splunk Search 10-06-2020 0 3	0	3
Search with lookup and several fields to match Hi splunkers,After several days to be block with an issue regarding lookup, I try to have a little help here,Here is ... by mcayrol Explorer in Splunk Search 10-06-2020 1 4	1	4
How to chooose one value based on applying conditions to table column I have a table like below. Which plots different services under one column Service A (Subservices - A1 to A5) / Servi... by Naga Engager in Splunk Search 10-06-2020 0 1	0	1
How to add/force line chart to show all the months of the year even if there are zero values for certain months Hello. I'm having a bit of an issue that I cant' figure out. I have a query that references an inputlookup and prod... by motaghis Explorer in Splunk Search 10-05-2020 0 3	0	3
summing up rows by two column Hi there, I have a table with 5 fields. E column is numeric value, C is sub category of AI want to sum E by column C ... by ISP8055 Path Finder in Splunk Search 10-05-2020 0 2	0	2
\|rex field=_raw (? Hi All, I am trying to use below regex in my splunk SPL, which is working fin in rubular but not working as SPL. \|rex... by vijaya5 Engager in Splunk Search 10-05-2020 0 3	0	3
web event start time, splunk record time and endtime in http stream data Given free sample http stream data download from splunk website. I got two questions with start time, record time and... by cyberfan Explorer in Splunk Search 10-05-2020 0 1	0	1
how to convert bytes to second in report. Hello. I'm buliding a report where i want byte to be converted into seconds/millisecond.any idea how to do that sourc... by Aps17 Explorer in Splunk Search 10-05-2020 1 5	1	5
splunk external lookup returning multiple rows as a single row Hello,I'm very new to splunk. I have a task to query an external bug system and display the results in splunk using a... by binoy3012 Explorer in Splunk Search 10-05-2020 0 4	0	4
Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table. Hello, guysHave troubles with the output of lookup command.I know the right syntax of command:...\| lookup <lookup-tab... by user2020dy Path Finder in Splunk Search 10-05-2020 0 4	0	4
What alert search can I use to check and alert on a HF not forwarding any data. Is there a heart beat from the HF I can monitor and if not detected, alert on it ? by JTS911 Explorer in Splunk Search 10-05-2020 0 2	0	2
Vulnerabilty scanned systems per month Hi,I would like to do a search that gives me the number of systems with a vulnerability per month.I've tried this sea... by unitrium Explorer in Splunk Search 10-05-2020 0 4	0	4
Convert Decimal to Time Format Hello, I currently have the below search will calculates on average how much time is being spent on the alerts that S... by nlisle New Member in Splunk Search 10-05-2020 0 2	0	2
find ERROR and remove duplicate from those and then classify errors output should have result something like below:error countabc 40xyz 50 by twinkleparmar Loves-to-Learn in Splunk Search 10-05-2020 0 1	0	1
Split complex event to key value table Hi,I'm trying to split this event into anamevalueFieldAfalseFieldB5key-value table org.Data@28c839cfname=FieldA, valu... by ormoush Engager in Splunk Search 10-05-2020 0 1	0	1
automated web interface login for kiosk I am building a kiosk and before updating to 6.2 I was able to use the id and value tags for the web interface login.... by chanson Engager in Splunk Search 10-05-2020 1 5	1	5
search for net-logon with less false positive we want to check any zero-logon exploit in the environment, is there splunk search available? how to detect malicious... by cyberfan Explorer in Splunk Search 10-05-2020 0 4	0	4
Extract URL field in datamodel Hello, guysI`m trying to extract URL field from my log in Data Model (it is not extracted from _raw log and is not se... by user2020dy Path Finder in Splunk Search 10-05-2020 0 2	0	2
Eventstats not returning expected results Hi Splunk Gurus! I have come across an absurd issue where my eventstats is not recognizing the field value. Sample Pr... by smruti13 Observer in Splunk Search 10-05-2020 0 1	0	1
How to sort concatenated DATE&TIME field? Hi,I have concatenated my DATE & TIME Field as below\| eval DATE&TIME=DATE." ".TIMEEXAMPLE:(%m/%d/%Y %H:%S)12/09/2017... by Ashwini008 Builder in Splunk Search 10-05-2020 1 2	1	2
Usage of fieldname and field value for a foreach macro Hi,I am trying to produce a macro with an event summary that would contain both the field name and field value and a ... by esmond Engager in Splunk Search 10-05-2020 0 2	0	2