Splunk Search

Community Activity

Joining search in Splunk using Ticket Number Field Greetings, I am new to Splunk and I have an assignment where I needed to extract data based on ticket number and time... by leymandudu Explorer in Splunk Search 06-23-2020 0 8	0	8
Regex assistance - Blacklist host. Team,I would like assistance with creating regex,specifically to blacklist 1 host name - happens to be the spunk serv... by jmasat Observer in Splunk Search 06-23-2020 0 5	0	5
Lookup with hundreds values for one field Still new to Splunk, seeking for some help. I have a index=account_Information, with account_number, cell_number, etc... by gaok123 Observer in Splunk Search 06-23-2020 0 9	0	9
Script for idle logger Please i need a script that can give result when there is an idle logger, or when the fowarder isnt feed any informat... by saotaigiri Path Finder in Splunk Search 06-23-2020 0 1	0	1
change how outputlookup assigns permissions and ownership to new files Years back the outputlookup command would create a csv lookup file in the user's app folder making it Private and own... by splunkettes Path Finder in Splunk Search 06-23-2020 0 4	0	4
Need help to encircle the table row based on the selected date in drilldown instead of cell highlight Hi,I am looking for solution to encircle the entire row with a red line instead of highlighting the table row. I have... by spkriyaz Path Finder in Splunk Search 06-23-2020 0 1	0	1
Comparing values between two columns Hi, I have a table like below where multiple entries of same ticket numbers are displaying as these are taken from th... by mariamathewtel Explorer in Splunk Search 06-23-2020 0 6	0	6
Search - count by 2 fields Hello,I have a live database feed through DB Connect. This feed is having incidents data for different teams and _tim... by madhav_dholakia Contributor in Splunk Search 06-23-2020 0 7	0	7
Extract Json Fields We want to extract Json key&Value pairs, but source is prefixing the text before Json data.Please let us know the sea... by srikanthr123 Explorer in Splunk Search 06-23-2020 0 4	0	4
Date-Time Field Hi, I am currently attempting to split the Date and Time from one field into 2 or more fields. I have read some of t... by lucasle Engager in Splunk Search 06-23-2020 0 4	0	4
What is the correct strategy to index data from a ticketing system? Hello, I need to use Splunk to provide insight about data coming from our internal ticketing tool. Each event will ... by sylbaea Communicator in Splunk Search 06-23-2020 0 10	0	10
extract field using rex without using _raw I have data like202-06-19T13:02:293 message="event(level=Error name=xyz) context: {<!-- -->Id: 12345,locale: 'us'blah blah My... by ksharma7 Path Finder in Splunk Search 06-22-2020 0 2	0	2
multiple searches combine into one report I have 3 reports that I want to put into one report, here is my searchsourcetype=MSExchange:*:MessageTracking source_... by ajromero Path Finder in Splunk Search 06-22-2020 0 2	0	2
Else if like not working with json type data Hello AllI'm trying to use eval if like command with json type data (kv_mode = json) but it seems as though it's not ... by Jarohnimo Builder in Splunk Search 06-22-2020 0 1	0	1
Problem with a macro `get_seclabel(host,"domain_controller","-90d")`Macro expanded:\| inputlookup sec_label where (label="domain_controller... by fdevera Path Finder in Splunk Search 06-22-2020 0 2	0	2
Help with excluding field combination _timeSubjectUserNameTargetOutboundUserNamehostIpAddressSun Jun 21 08:37:39 2020bcharliebcharliexby-100::1Sun Jun 21 0... by fdevera Path Finder in Splunk Search 06-22-2020 0 5	0	5
Password Spray Search / Alert Hello! I am building an alert to detect potential password spraying (it is looking for 10 or more failed logons withi... by johann2017 Explorer in Splunk Search 06-22-2020 0 2	0	2
Help creating/tweaking alert for spike in errors We had an issue come up this morning where we all of a sudden had a HUGE spike in one type of error in our error logs... by kmaron Motivator in Splunk Search 06-22-2020 0 3	0	3
Parsing data from a search result to alert on I am using this search in Splunk,index=voice sourcetype=voice_cvp source="ActivityLog" host="omatelstgcvp4" ",ForbE... by Groedel99 New Member in Splunk Search 06-22-2020 0 3	0	3
How to change default permissions for lookups? I'm wondering if there's a way to change the behavior of how Splunk applies permissions to lookups generated via \| ou... by coltwanger Contributor in Splunk Search 06-22-2020 0 2	0	2
How to get average response time (95%,99% and 100%) I have the below data (response time) and I need to filter it from fastest to slowest response time and then get the ... by Isaias_Garcia Path Finder in Splunk Search 06-22-2020 2 5	2	5
Counting number of Splunk Searches I’m trying to write a query that breaks out by index all searches that look back in certain day increments. Basically... by davidaj Explorer in Splunk Search 06-22-2020 0 4	0	4
Count unique words in a given field across all events I''m trying to figure out a way to sort events by how similar the wording in a free-form text field is.Generate sampl... by modalexii Engager in Splunk Search 06-22-2020 0 2	0	2
Drill down time from drill down editor to another applet What I want to do is pass a start/end time to a table from my linechart.On my line chart- if I click a time in the c... by clintla Contributor in Splunk Search 06-22-2020 0 2	0	2
Using loadjob in a packaged app We're creating an app which uses loadjob, however loadjob requires savedsearch="<owner>:<app>:<saved search name>"In ... by splunked38 Communicator in Splunk Search 06-22-2020 0 0	0	0