Splunk Search

Community Activity

Count unique words in a given field across all events I''m trying to figure out a way to sort events by how similar the wording in a free-form text field is.Generate sampl... by modalexii Engager in Splunk Search 06-22-2020 0 2	0	2
Drill down time from drill down editor to another applet What I want to do is pass a start/end time to a table from my linechart.On my line chart- if I click a time in the c... by clintla Contributor in Splunk Search 06-22-2020 0 2	0	2
Using loadjob in a packaged app We're creating an app which uses loadjob, however loadjob requires savedsearch="<owner>:<app>:<saved search name>"In ... by splunked38 Communicator in Splunk Search 06-22-2020 0 0	0	0
create lookup for blacklisted ip address I am trying to write a correlation search where I want that if any of host from my internal network (10.0.0.0/8) as a... by asharma21193 New Member in Splunk Search 06-22-2020 0 1	0	1
How to extract multiple values from a single event in search? Data in an event: The data contains total processes that can run, number of processes running, userID with which they... by bud4 Engager in Splunk Search 06-22-2020 0 11	0	11
Transposing data where two columns are fixed HI All,I am struggling with a query where i have made the data like the followingType_timeStoreCountsType122/06/2020 ... by bismsit29 New Member in Splunk Search 06-22-2020 0 2	0	2
How to correlate events from two devices in splunk and make alert from it Scenario: I have simulated an attack from PC1 to PC2 which has generated logs on both machines as below. Now want to ... by dsdeepak Explorer in Splunk Search 06-22-2020 0 4	0	4
Date compare Hi, I am new to splunk so pardon me if made any mistake or asking simple questions, i need to extract data from XML ... by karunagaraprabh Explorer in Splunk Search 06-22-2020 0 1	0	1
How can I search for two different events that happen over 10 minutes on the same username? Hi need your support SplunkersI Want to search user created and deleted in 10 minutes.so i am starting the search lik... by shlomihertzberg Engager in Splunk Search 06-22-2020 0 5	0	5
Count working hours after midnight Hi Splunkers, hope you guys are all well.I'm trying to do an adaptation of the search in this post (thanks to @elliot... by Wheresmydata Explorer in Splunk Search 06-22-2020 0 9	0	9
How to filter by time Hi, I am using Splunk to monitor our REST API callssearch isindex=prod-* "WEBSERVICES CALL ENDED"it gives me results... by ycherbi Explorer in Splunk Search 06-22-2020 0 7	0	7
Use Dynamic Float Value with DBSCAN Dear all! I am trying to use a dynamic value for my epsilon in the MLTK in Splunk: map search="search index = cisco_p... by Deniz_Oe Explorer in Splunk Search 06-22-2020 0 0	0	0
Alphabetically sorting a MVfield Hi All,I'm trying to combine a number of fields using:\| stats values(task_name) as task_name by idnumberThis works gr... by rvsroe Explorer in Splunk Search 06-22-2020 0 2	0	2
Get a distinct count of new values in a field per day with respect to all previous days in the time range I want a distinct count for a given field by day, but this count also needs to look at all previous days in the given... by boo Engager in Splunk Search 06-22-2020 0 4	0	4
How to work with the Seckit_sa_geolocation Hello communityA question was asked about how IP geodata information is provided.I came across an app https://splunkb... by nalia_v Loves-to-Learn Everything in Splunk Search 06-21-2020 0 0	0	0
what happens when ITSI Correlation associations is not define. Hi,can anyone explain , what happens when we kept association of correlation search none/blank. Thanks,Praveen by psoni1 Observer in Splunk Search 06-21-2020 0 0	0	0
All Time shos results in last 24 hour, but Yesterday does not Hi, I'm running Splunk Free and have a data source which has events in the last 24 hours. When I run a search for All... by jeremyhagand61 Communicator in Splunk Search 06-20-2020 0 2	0	2
Passive DNS I am trying to create a passive dns collection based on splunk stream data. My current SPL is this:index=botsv2 sourc... by kjstogn Explorer in Splunk Search 06-20-2020 0 1	0	1
How to Write Case/If Statement for Certain vs All (*) Values Hello,This is a difficult one to explain. Best to show the code and the intended outcomes. Note, there are 7+ possibl... by genesiusj Builder in Splunk Search 06-20-2020 0 7	0	7
How to reset token value on input change with a list of values from search results I have a dashboard.There are several inputs. One of them is a DateTime picker.I wish on the open as well as on choosi... by notricky Observer in Splunk Search 06-20-2020 0 0	0	0
Anyway to make tags.conf case insensitive? We use tags frequently in our environment. I recently added some new servers with differing case for their host names... by jodros Builder in Splunk Search 06-20-2020 0 6	0	6
Method to copy over the value Hello, is there any way for the ip address to be copied over to the top... The condition is whenever the root's comm... by xnx_1012 Explorer in Splunk Search 06-20-2020 0 3	0	3
Splunk 7 upgrade - "ERROR DispatchThread - Failed to read runtime settings: File :/opt/splunk/var/run/splunk/dispatch/subsearch_***/runtime.csv does not exist" Hi All, We just upgraded to Splunk 7 and a subsearch started auto-finalizing after 9000s timeout. Running this searc... by splunkyouverymu Explorer in Splunk Search 06-20-2020 1 4	1	4
Multiple inputs in dashboard I have multiple inputs(3 INPUTS) in a dashboard, I run a sql in the panels. I want to execute a query if the other tw... by Raging_Rags Engager in Splunk Search 06-20-2020 0 3	0	3
Append results in a single line. \| dbxquery connection="" query="select STOREENT_ID,count() O_C from table1 "\| appendcols[\| dbxquery connection="*"... by Raging_Rags Engager in Splunk Search 06-20-2020 0 3	0	3