Splunk Search

Community Activity

changing `host` and persisting the result I am trying to make this query work: index="main" \| eval host=asset_id \| collect index="scanned_app" where asset_id i... by mushkevych Explorer in Splunk Search 09-29-2020 0 11	0	11
Running a custom command via cli Hello All,We created a custom search on splunk which calculates a specific metric on all the servers that are part of... by rabrahaham Engager in Splunk Search 09-29-2020 0 1	0	1
query error tstat Hi when i ran this query: "\| tstats count, values(\"Authentication.tag\") as tag from datamodel=Authentication where... by havatz Explorer in Splunk Search 09-29-2020 0 2	0	2
Universal Forwarder functionality Hi! I'm searching for an appropriate agent to transmit Windows Event log to syslog server. Can Universal Forwarder co... by kevinsteeee Explorer in Splunk Search 09-29-2020 0 2	0	2
Compare the values from two fields ( one is from a lookup) Hi all Trying to build a query and struggling in "comparing" two fields. Essentially this is what i am trying to do 1... by ng87 Path Finder in Splunk Search 09-29-2020 0 3	0	3
How to manage accelerated datamodels in cluster ? Hello,We are planning to migrate single instance splunk installation to clustered deployment (1 MasterNode, 1 Search ... by AKG1_old1 Builder in Splunk Search 09-29-2020 0 1	0	1
How to sum 2 percent ? Hi,I have a table like that : namepercentAAA90BBB6070 I want to group the BBB percent in one percent.How I can do thi... by mah Builder in Splunk Search 09-29-2020 0 3	0	3
LOOKUP and NULL values Hello, I am new-ish to Splunk and had a question regarding the use of a lookup table and wanting to include all value... by shelleysm Loves-to-Learn in Splunk Search 09-29-2020 0 1	0	1
New rows for each of the Extracted values from a multi-valued field Hello Everyone!Currently the result of my query is below:Input:id URL101 ... by kiru2992 Path Finder in Splunk Search 09-29-2020 0 12	0	12
Spread a value over a variable duration I have several events that are structured like this:2020-09-28T15:18:40Z duration=8.0 somevalue=42 otherfield=A2020-0... by enenkey Loves-to-Learn in Splunk Search 09-29-2020 0 3	0	3
How to group values of the same field and display timechart counts for each group month over month? I first need to group values of the same field... Group1 (values match A1, A2, A3,...) Group2 (values match B1, B2, ... by tmaltizo Path Finder in Splunk Search 09-29-2020 0 6	0	6
hi team need to fetch the from the given files using operator >= I have got a field Vulnerability ages, which are having now in days like 120days,110, days,30days,45daysI need to fet... by shoyeb Observer in Splunk Search 09-29-2020 0 1	0	1
To get IP counts by no of occurence I have a query which can give DIfferent IPS that are hitting to the top URI's source= some source 404 \| stats count v... by naval1992 Engager in Splunk Search 09-29-2020 0 3	0	3
How to add a color to the field in one column based on the other column filed values Hi,How can I add a color to the field in one column based on the other column filed values? The example below, I need... by msr New Member in Splunk Search 09-29-2020 0 1	0	1
How to convert this time format with strptime()? I haven't found something for this time format in the docs:Mon Sep 28 00:00:00 GMT 2020How can I convert this with st... by Sundried Explorer in Splunk Search 09-28-2020 0 2	0	2
Subsearch and Join(?) for VPN+Azure+O365 correlation I'm trying to look at all of our users using personal VPN who have accessed O365 (Sharepoint, OneDrive, etc.) from th... by fdevera Path Finder in Splunk Search 09-28-2020 0 4	0	4
Stats count for multiple fields in search I have a query that has multiple states represented in each log event how do i get stats based on the state values my... by rockybhai Loves-to-Learn Lots in Splunk Search 09-28-2020 0 3	0	3
30 Minute Interval Search Hello,I'd like my search to return 30 min interval searches between 9/24/2020 20:00 and the current date; what's the ... by itsmevic Communicator in Splunk Search 09-28-2020 0 1	0	1
Macro at time field extraction Hi, we use a lot of base64 encoded fields to save traffic bandwidth.Is there any way to decode these fields at index ... by me74fhfd Path Finder in Splunk Search 09-28-2020 0 4	0	4
no events for distinct logins into an app in the last 30 days Requirement- I want to display distinct logins into an app in the last 30 days.My query returns zero events.index="12... by anikeshp7 Path Finder in Splunk Search 09-28-2020 0 6	0	6
Simplify REGEX Several months back I created a macro with the following regular expressions to "clean up" and concatenate several st... by CarbonCriterium Path Finder in Splunk Search 09-28-2020 0 1	0	1
Update CSV values without ovewriting old ones Hi, I am trying to make a CSV table with users that have logged in the system. The CSV file contains a field "Time" a... by Sasquatchatmars Communicator in Splunk Search 09-28-2020 0 7	0	7
What are my searches finding? Hi! This is my first post here so I apologise if the format is flawed. I am a Splunk novice and have been tinkering w... by Freddler Explorer in Splunk Search 09-28-2020 1 10	1	10
How to compare two searches and find common data between them Hi,I have following search where I'm searching for the common Plugin_ID between searches. However with the 'stats cou... by bhagatdd Explorer in Splunk Search 09-28-2020 1 12	1	12
How can I do fields from text-file? I need to get 3 columns: host, port, description from text:10.224.19.18 \| 2222\| New server10.198.18.18 \| 2443 \| IFTet... by Luninho Explorer in Splunk Search 09-28-2020 0 1	0	1