Splunk Search

Community Activity

Help with creating an index search based on the _time value (beginner) Beginner here, I'm trying to run a search on unique logins for a web-based application. The current logs, however, do... by Bassik Path Finder in Splunk Search 07-16-2020 0 28	0	28
Datamodel summariesonly Why are we seeing logs from year ago even we use sumarriesonly=t\| tstats summariesonly=t earliest(_time) as Earliest... by jadengoho Builder in Splunk Search 07-15-2020 0 0	0	0
Splunk Search String Hi! I'm new to splunk, I'm just learning it now because I need to understand the splunk search string given to me by ... by Deniserity Engager in Splunk Search 07-15-2020 0 2	0	2
Display only few sentences and show all with arrorw when you click Hi Splunkers, my search is like that and it makes table with data and error message. But error message includes like... by summerura Explorer in Splunk Search 07-15-2020 0 3	0	3
Need to change the _time to log event time Hi ,I need to replace value of _time with special extracted log time event. I am using this search but its not workin... by rashi83 Path Finder in Splunk Search 07-15-2020 0 2	0	2
Splunk - Alerting if ip address/ url changed over last 24 hours Hi Guys,I am trying find changes in office 365 ip address and URL using SPL by comparing results from today to yester... by asahni Loves-to-Learn in Splunk Search 07-15-2020 0 0	0	0
How to create a Splunk alert upon any new table entry Hi. I have a splunk table which tracks all the plugin version available to install for each plugin. Please note that... by rsantkumar Observer in Splunk Search 07-15-2020 0 3	0	3
Using TimeWrap for specific time window. Hello Everyone, I am trying to count the events for the window 8PM(Day1) to 6AM(Day2) for last 3 days so that I can ... by rajatsinghbagga Explorer in Splunk Search 07-15-2020 0 1	0	1
Passing Value from Subsearch to Parent Search I am fairly new to Splunk and only have the basics under my belt at best. I'm having trouble proving out the followin... by jstocker New Member in Splunk Search 07-15-2020 0 2	0	2
Search speed up Hi everyone, silly question but I'm not much practical with Splunk queries. How to speed up a search that is currentl... by paxo Loves-to-Learn Lots in Splunk Search 07-15-2020 0 16	0	16
Define & use variable in same search Hello, fellow splunkers!I am trying to find a search string where I could define a variable & then use it in the same... by Filomenka Explorer in Splunk Search 07-15-2020 0 7	0	7
Can you exclude specific files from the Splunk file validation? After upgrading to Splunk 6.5.1 we began receiving an error message in the GUI stating "File Integrity checks found 1... by RJ_Grayson Path Finder in Splunk Search 07-15-2020 0 9	0	9
Filtering by OS I have the outcome of my search results but I want to filter by only OS. I was able to get all the results but need ... by johnfrias New Member in Splunk Search 07-15-2020 0 4	0	4
I see a list of generic names under "savedsearch_name" on search heads, but where are these searches actually saved? Hello On my search heads, I am able to find searches that are named "search1", "search2" etc: savedsearch_name sear... by tkwaller Builder in Splunk Search 07-15-2020 3 4	3	4
Comparing two fields from events with fields from a list Lookup Hello.Again, these lookups ). The hardest thing about queries.The request itself is the identification of users who l... by nalia_v Loves-to-Learn Everything in Splunk Search 07-15-2020 0 0	0	0
Why is Restrict Search Terms not working I want to restrict a given role's access to the data in Splunk by using 'Restrict search terms' under access controls... by dflodstrom Builder in Splunk Search 07-15-2020 2 4	2	4
Splunk Query to find changes in ip address and url Hi Guys,I am trying find changes in office 365 ip address and URL using SPL by comparing results from today to yester... by asahni Loves-to-Learn in Splunk Search 07-14-2020 0 0	0	0
How do you get a timechart to display local time in Visualization? I have the following query: host=PRODPLEX NOT "C:\\WINDOWS\\system32" \| timechart span=1m sum(deltatasks) The Ev... by tonyclifford Engager in Splunk Search 07-14-2020 0 3	0	3
After extracting a field with rex, what is the most efficient way to call stats on a specific value within this field? Hi, any help with this would be appreciated! rex field=msg.message "loc=(?<place>\d+)" \| search place="16" \| stats co... by pred15 Engager in Splunk Search 07-14-2020 0 3	0	3
How to filter events using lookup table? I've tried to follow others posts as well as the documentation here and I've come up empty. I have a bunch of device ... by bvan Explorer in Splunk Search 07-14-2020 0 5	0	5
Need help to comparing two pieces of information from two different hosts how can I compare information from two different hosts?For exemple, On a host I have the name, number and phone calls... by murilocepeda Engager in Splunk Search 07-14-2020 0 1	0	1
Filter Email Address Country of Origin Using Lookup Assume I have a simple search that lists in a table the email addresses of those who recently sent an email:index=ema... by griffins Explorer in Splunk Search 07-14-2020 0 2	0	2
IP address separating from 1 source I have a list of ip address that come from 1 source, I want a query to list the ip address separately and make them t... by Ephrem32 Explorer in Splunk Search 07-14-2020 0 1	0	1
Unable to get return results from inputlookup I am unable to get additional columns from a CSV I have referenced in an SPL query that I have written. In the CSV t... by willadams Contributor in Splunk Search 07-14-2020 0 1	0	1
Listing all saved searches from all apps via REST without correlation searches Hi All,So, I know I can get a list of all enabled saved searches by doing:\| rest count=0 /servicesNS/-/-/saved/search... by karadikid Explorer in Splunk Search 07-14-2020 0 3	0	3