Splunk Search

Community Activity

Splunk Security Essential - MITRE ATT&CK Matrix HI all,I just installed the security essential app on my splunk but i'm having issues retrieving the MITRE matrix.I g... by lorispiana Loves-to-Learn in Splunk Search 08-08-2024 0 4	0	4
How do report for Windows logon and logoff per user day-by-day Is it possible to get each day first login event( EventCode=4634) as "logon" and Last event of (EventCode=4634) as... by Nraj87 Explorer in Splunk Search 08-08-2024 0 1	0	1
splunk query with substring not working Hello Everyone,I have written the splunk query to remove last 2 character from the string:processingDuration = 102ms ... by super_edition Path Finder in Splunk Search 08-08-2024 0 1	0	1
Combining 3 queries output to produce table \|union [ search index=osp source=xxx EVENT_TYPE=xxx EVENT_SUBTYPE=xxx field1=* field3=xxx field4="" \| eval DATE = s... by jjohn149 Observer in Splunk Search 08-07-2024 0 5	0	5
Troubleshooting how can i troubleshoot when using a dashboard to export data, the data exported has numerous NULL values where there ... by whitecat001 Explorer in Splunk Search 08-07-2024 0 1	0	1
Could not load lookup=LOOKUP-reply_code Good morning!I am receiving the Error: Could not load lookup=LOOKUP-reply_code on multiple boxes. Any similar situat... by mamagreen Engager in Splunk Search 08-07-2024 0 1	0	1
How to get count 0 for the field value which is not matching with events Hi Splunkers, My requirement is below . I have lookup where 7 hosts defined . when my search is running for both tsta... by ssuluguri Path Finder in Splunk Search 08-07-2024 0 10	0	10
Splunk Citrix get-brokersession I have a powershell script running get-brokersession which then exports the results to a txt file. The file is then... by kmm2 Path Finder in Splunk Search 08-07-2024 0 8	0	8
SPL Time range is giving issue Hi Splunkers!I wish to get data in a specific time range using earliest and latest command .I have checked with time ... by chimpui New Member in Splunk Search 08-07-2024 0 4	0	4
Framing query with tstats command Hi, Can anyone please help me to frame the SPL script.I have to collect the list of devices reporting in splunk along... by RanjiRaje Explorer in Splunk Search 08-07-2024 0 7	0	7
Head for each value of a field Hi there.I'm relatively new to searching in Splunk so I can't sometimes get my head wrapped up around some Splunk con... by PickleRick SplunkTrust in Splunk Search 08-07-2024 0 5	0	5
"Corrupt csv header" : how to find the corrupted csv? I find on splunkd.log a lot of warnings as: "Corrupt csv header, contains empty value (col #3)" without any other det... by mekamundia Explorer in Splunk Search 08-06-2024 1 12	1	12
How to remove missing value timestamps for accurate delta calculation HI, I'm running a search for two different timeranges, for missing datapoint pair it's creating discrepancy with my c... by Bart Explorer in Splunk Search 08-06-2024 0 2	0	2
Hi Splunkers - Heat Map Index - Host Hello friends, I am trying to create a heat map where I can see the indexes on the left side and in each cell of the ... by JuanPerez New Member in Splunk Search 08-06-2024 0 2	0	2
Multiple Server New Field Can we create a new field which contains the group of multiple servers name and that field I can use directly in all ... by Chirag812 Explorer in Splunk Search 08-06-2024 0 2	0	2
Regex issue Hi Teami am trying to make below field regex which is coming in every single event. but its not allowing me to use sa... by cbiraris Path Finder in Splunk Search 08-06-2024 0 3	0	3
How to loop through times for same search Hi Splunk Experts,I'm not sure how easy it's using Splunk, I've a field (_time) with list of epoch_time values in it.... by Thulasinathan_M Contributor in Splunk Search 08-06-2024 0 2	0	2
How to extract the json based key value pair for defined match? below is my json file. I want to notify whenever there is a change in last property , "displayName": Included Update... by nb662x Observer in Splunk Search 08-06-2024 0 6	0	6
Fill field with first value I have a data set for web traffic. A sessionID ties all traffic for an individual browsing session together - all ev... by cxs6345 Engager in Splunk Search 08-05-2024 0 1	0	1
Regex to query csv raw data I have a CSV raw data which has files names and data inside the files which is seperated by double quotes and comma. ... by ravir_jbp Explorer in Splunk Search 08-05-2024 0 14	0	14
Getting unique values of a field. Hi all. I have a field called TaskAction that has some 400 values. But, I only want the distinct values of that field... by splunkpoornima Communicator in Splunk Search 08-05-2024 17 4	17	4
How to use eval with If ,AND Hello Splunkers,I have the following query returning the search results, index="demo1" \| search "metrics.job.overall_... by Gaya3_devi Explorer in Splunk Search 08-05-2024 0 3	0	3
Optmise dedup Splunk search Hi - I am looking to optimise this search by removing dedup, the idea of the search is to remove duplicate paymentId... by tomjb94 Observer in Splunk Search 08-05-2024 0 1	0	1
Export I want to export results of a search in pdf format but it shows by Siddharthnegi Contributor in Splunk Search 08-05-2024 0 1	0	1
Users who are logged in right now Hey, Is there a search that shows all of the users that are logged in to my Splunk instance right now? I have some ... by Ant1D Motivator in Splunk Search 08-04-2024 5 11	5	11