Splunk Search

Community Activity

Can i do an eval if match with a lookup table? I have a field called lookup_key that contains either a host name or an IP address. I am trying to get a lookup on t... by rome75 Engager in Splunk Search 07-10-2020 0 1	0	1
Is there BOTSv3 writeup? https://github.com/splunk/botsv3https://www.splunk.com/en_us/blog/security/botsv3-dataset-released.htmlI'm starting t... by to4kawa Ultra Champion in Splunk Search 07-10-2020 0 1	0	1
Extract Fields from JSON Hi Everyone. Thanks in advance for any help.I am trying to extract some fields (Status, RecordsPurged) from a JSON o... by felipesodre Path Finder in Splunk Search 07-10-2020 0 4	0	4
stats count for different days in separate fields Hi, I’m trying to get product count for yesterday and 7 days ago from yesterday in two separate fields, results are c... by maxmukimov Explorer in Splunk Search 07-10-2020 0 6	0	6
Cluster Command Max Cluster Size Is there a way to set the maximum cluster size for the clusters generated by the "cluster" command? by michaelsplunk1 Path Finder in Splunk Search 07-10-2020 0 1	0	1
Stats by custom string I'd like to display stats based on a custom string within a log entry. Below is sample of the log entry. I'd like t... by dv2323 Explorer in Splunk Search 07-10-2020 0 6	0	6
visited websites Hello, I would like to set up statistics on the visited websites by the users. I would like to find all users who vis... by nesslee Observer in Splunk Search 07-10-2020 0 2	0	2
excluding from search results Hello everyone,When a user visits a website, it can make hundreds of separate requests related to advertising. So i w... by nesslee Observer in Splunk Search 07-10-2020 0 1	0	1
How to create an eval on random data string ? Hi,My issue is : I want to create a field from random data string (always the same) which is not present in all logs.... by mah Builder in Splunk Search 07-09-2020 0 3	0	3
How to remove spaces from the beginning and end of a field value? I want to remove spaces from starting and ending of field I was trying to achieve this using ... \| rex mode=sed fie... by mkhan_splunk New Member in Splunk Search 07-09-2020 0 8	0	8
Use Regex to extract data from _raw and rename the extracted field Hello Splunkers,Please advise how to use regex to extract the below specific fields from _raw data and also add/rena... by promukh Path Finder in Splunk Search 07-09-2020 0 4	0	4
Table creation with desired fields I have the query below, but i i dont want the services to like this.. how can i get the names of the services to be ... by sphiwee Contributor in Splunk Search 07-09-2020 0 2	0	2
Combine a field from a previous row based on other fields and create another field Here's an example data in splunk (bookstore logs):time(ms)idstagepayload1020984aaaa-bbbb-cccccheckoutLord Of The Ring... by datatan Engager in Splunk Search 07-09-2020 0 3	0	3
Saved Search vs. Open Search Server Error in Query Good day Splunkers,Today doing an audit of my Alerts, I opened one in "Open Search" and immediately got "Server Error... by gearmstrong Path Finder in Splunk Search 07-09-2020 0 3	0	3
Clarification needed on eval split() function For the following search command, what is the expected output? \| makeresults \| eval text_string = "I:red_heart:Splunk... by malvidin Communicator in Splunk Search 07-09-2020 1 6	1	6
Using lookup table & Append I have two queries. First one has multiple fields: source, IP, comment & cIP and this is exported CSV as a output loo... by srizan Path Finder in Splunk Search 07-09-2020 0 0	0	0
Match on 2 csv and index and return stats Hello, GOAL: determine if application server has logged based on a list of application ID codesI have 2 csv lookups A... by splunkster1 Observer in Splunk Search 07-09-2020 0 0	0	0
Why am I getting error "Configuration initialization for {Path} took longer than expected when dispatching a search"? The following error is displayed can't figure any solution need help. Configuration initialization for {Path} took l... by himapate Explorer in Splunk Search 07-09-2020 1 4	1	4
Cannot add fields from lookup file to events Good Day,I am working with the following:Through an indexer I have Three fields of interest, Field A, Field B, and Fi... by ewv1973 Engager in Splunk Search 07-09-2020 0 2	0	2
How to sort dynamic column names after timechart and transpose Hi,I'm creating a report with the following search that runs each month covering the past 3 months of data.It works a... by gnoriega Explorer in Splunk Search 07-09-2020 0 2	0	2
Regex/Rex - Non Capture Groups Hi all. New here. So I have been working with some data strings that contain varied asset numbers for computers and s... by Curlyshrew Observer in Splunk Search 07-09-2020 0 5	0	5
Create a dashboard that displays a user name accounts that have received a password reset email. I'm trying to create a dashboard that displays a user name accounts that have received a password reset email. by ephrem3232 Explorer in Splunk Search 07-09-2020 0 1	0	1
What I did wrong here with makeresults command Hello experts,I am trying to create a custom macro, from that it will returns a result depends on the argument I pass... by thinhdinh Path Finder in Splunk Search 07-09-2020 0 3	0	3
Checking mvexpand Memory Usage Hi All,We are trying to get the memory usage of mvexpand command so that we can set the max_mem_usage_mb in the limit... by alvin_sulendra New Member in Splunk Search 07-09-2020 0 0	0	0
Local Documentation: Is it possible to have a local copy of what is at docsCheckerBaseURL? Is it possible to have a local copy of what is at docsCheckerBaseURL by NocSystems Engager in Splunk Search 07-08-2020 2 7	2	7