Splunk Search

Community Activity

Search speed up Hi everyone, silly question but I'm not much practical with Splunk queries. How to speed up a search that is currentl... by paxo Loves-to-Learn Lots in Splunk Search 07-15-2020 0 16	0	16
Define & use variable in same search Hello, fellow splunkers!I am trying to find a search string where I could define a variable & then use it in the same... by Filomenka Explorer in Splunk Search 07-15-2020 0 7	0	7
Can you exclude specific files from the Splunk file validation? After upgrading to Splunk 6.5.1 we began receiving an error message in the GUI stating "File Integrity checks found 1... by RJ_Grayson Path Finder in Splunk Search 07-15-2020 0 9	0	9
Filtering by OS I have the outcome of my search results but I want to filter by only OS. I was able to get all the results but need ... by johnfrias New Member in Splunk Search 07-15-2020 0 4	0	4
I see a list of generic names under "savedsearch_name" on search heads, but where are these searches actually saved? Hello On my search heads, I am able to find searches that are named "search1", "search2" etc: savedsearch_name sear... by tkwaller Builder in Splunk Search 07-15-2020 3 4	3	4
Comparing two fields from events with fields from a list Lookup Hello.Again, these lookups ). The hardest thing about queries.The request itself is the identification of users who l... by nalia_v Loves-to-Learn Everything in Splunk Search 07-15-2020 0 0	0	0
Why is Restrict Search Terms not working I want to restrict a given role's access to the data in Splunk by using 'Restrict search terms' under access controls... by dflodstrom Builder in Splunk Search 07-15-2020 2 4	2	4
Splunk Query to find changes in ip address and url Hi Guys,I am trying find changes in office 365 ip address and URL using SPL by comparing results from today to yester... by asahni Loves-to-Learn in Splunk Search 07-14-2020 0 0	0	0
How do you get a timechart to display local time in Visualization? I have the following query: host=PRODPLEX NOT "C:\\WINDOWS\\system32" \| timechart span=1m sum(deltatasks) The Ev... by tonyclifford Engager in Splunk Search 07-14-2020 0 3	0	3
After extracting a field with rex, what is the most efficient way to call stats on a specific value within this field? Hi, any help with this would be appreciated! rex field=msg.message "loc=(?<place>\d+)" \| search place="16" \| stats co... by pred15 Engager in Splunk Search 07-14-2020 0 3	0	3
How to filter events using lookup table? I've tried to follow others posts as well as the documentation here and I've come up empty. I have a bunch of device ... by bvan Explorer in Splunk Search 07-14-2020 0 5	0	5
Need help to comparing two pieces of information from two different hosts how can I compare information from two different hosts?For exemple, On a host I have the name, number and phone calls... by murilocepeda Engager in Splunk Search 07-14-2020 0 1	0	1
Filter Email Address Country of Origin Using Lookup Assume I have a simple search that lists in a table the email addresses of those who recently sent an email:index=ema... by griffins Explorer in Splunk Search 07-14-2020 0 2	0	2
IP address separating from 1 source I have a list of ip address that come from 1 source, I want a query to list the ip address separately and make them t... by Ephrem32 Explorer in Splunk Search 07-14-2020 0 1	0	1
Unable to get return results from inputlookup I am unable to get additional columns from a CSV I have referenced in an SPL query that I have written. In the CSV t... by willadams Contributor in Splunk Search 07-14-2020 0 1	0	1
Listing all saved searches from all apps via REST without correlation searches Hi All,So, I know I can get a list of all enabled saved searches by doing:\| rest count=0 /servicesNS/-/-/saved/search... by karadikid Explorer in Splunk Search 07-14-2020 0 3	0	3
Database Records Hi @gcusello ,Following is the query that used to return database records but now it is not working.dbquery wmsewprd ... by rahul2gupta Path Finder in Splunk Search 07-14-2020 0 1	0	1
How do i correlate events using subsearch from two sources based on two different conditions? Hello Splunker,I have a below scenario where i am struggling to come up with search query, and would like to ask your... by Sunil2020 Explorer in Splunk Search 07-14-2020 0 2	0	2
events results time in milliseconds hi,i sent Splunk value, for example x=1. after 10 milliseconds i send again x=2 etc.when i search for x. i see in the... by erez10121012 Path Finder in Splunk Search 07-14-2020 0 9	0	9
Why `where match(...)` but not `search match(...)`? What is the difference between `... \| when match(a,b)` and `...\| search match(a,b)`?Why in such cases `when` works an... by pm771 Communicator in Splunk Search 07-14-2020 0 1	0	1
reset_on_change, reset before, reset after what is the major difference of these in streamstats command. I could understand why these function are used as I get... by tara12121007 New Member in Splunk Search 07-13-2020 0 0	0	0
How to get results from last 1 week and last 3 week for the exact time frame of the search I am new to Splunk, I am trying to get results in the below pattern. Any help is appreciated.Lets say I am doing sear... by achittela Loves-to-Learn in Splunk Search 07-13-2020 0 2	0	2
Stats include all fields \| stats sum(Score) AS TotalScore, values(value1) AS value1, values(value2) AS value2, values(value3) AS value3, by Us... by tmontney Builder in Splunk Search 07-13-2020 0 2	0	2
Using CSV field as time I have a CSV file with a column labeled published. Timestamp values in that field are listed like so: 2020-07-01T01:1... by bvan Explorer in Splunk Search 07-13-2020 0 2	0	2
Why is the save button greyed out when attempting to modify a report/search? Hello, I am new at this and I have been emailed some search examples to meet an objective. I copied and pasted the s... by infra2sec Path Finder in Splunk Search 07-13-2020 0 2	0	2