Splunk Search

Community Activity

How to search the chain of users that sent an email Hello, My data are like this, sender , receiver, _time userA, userB, _time1 userB, userC, _time2 userB, userD, _tim... by karampatsis Engager in Splunk Search 04-02-2020 0 0	0	0
Return tag pair if tag contains any value I would like to return all messages that contains tag 6410. Currently the below will return all messages even if they... by rizwan0683 Path Finder in Splunk Search 04-02-2020 0 1	0	1
How can I use the results of a search in a second search? I'm running a query which returns destination ip address of external traffic of a user in one column something like t... by splunkThreatHun Engager in Splunk Search 04-02-2020 1 5	1	5
Help joining multi row search Hi everyone, I am new to Splunk and still learning. Can someone please help me on the below query? My log file: 20... by kimberlytrayson Path Finder in Splunk Search 04-02-2020 0 3	0	3
How to update particular row of existing lookup csv ? I have existing lookup csv. I want to update a row with new value. ID Name Location 549 Test_1 Bangalore 549 Tes... by patra966 Path Finder in Splunk Search 04-02-2020 1 2	1	2
Timezone Query I have a Deploy server application that I use to control my "SYSLOG" server that receives logs from various other sou... by willadams Contributor in Splunk Search 04-01-2020 0 6	0	6
StartsWith breaks the transaction Hello everyone, I am trying to extract some data from the logs. I have created a little search that works well: cus... by gmasy New Member in Splunk Search 04-01-2020 0 10	0	10
Getting count of data by days Hi guys! I am looking to get the number of tickets that are completed in under 14 days, 30 days, 45 days and 45+ days... by tmanuel1 New Member in Splunk Search 04-01-2020 0 3	0	3
VPN count Hi - We want to get users connected in 1 hour. When a user connects we get event_id="globalprotectgateway-auth-succ" ... by dmenon Explorer in Splunk Search 04-01-2020 0 2	0	2
How to group by date range from JSON Values? I'm newer of splunk. On my log I've a JSON with two fields of interested: "initialCreationDate":"2020-03-02T00:00:00"... by augustocadini New Member in Splunk Search 04-01-2020 0 1	0	1
How can i correlate 2 fields with different sourcetype in one table? I have 2 searches for systems & folders. Both searches return a table. The fields systemID & folderID have the same v... by i17065 Engager in Splunk Search 04-01-2020 0 8	0	8
What is role of transforms.conf vs. props.conf for field extraction? What is the role of props.conf vs. transforms.conf in field extraction? How do they relate to each other in order to ... by Justin_Grant Contributor in Splunk Search 04-01-2020 4 4	4	4
Regex for digits before .zip Hi, How do I write a regex to capture whenever I see any combination of 10 digits followed by .zip within a _raw eve... by jacqu3sy Path Finder in Splunk Search 04-01-2020 0 9	0	9
How to create a bucket of number of events instead of time? Hello!  I'm tryng to get statistics of groups of 200 events. For instance, I have the following stats: \|stats su... by msyparker Explorer in Splunk Search 04-01-2020 0 1	0	1
How to achieve request PerSecond using metrics I have a query like this: \| mstats rate(request_total) as request_rate prestats=true WHERE index="index-metrics" AN... by prasadmissesu New Member in Splunk Search 04-01-2020 0 1	0	1
Time Conversion Issue with now(), 0, last 24 hours, since, etc. Hello, I'm having a time conversion issue with any earliest or latest time that is not in epoch. Here is my XML code ... by genesiusj Builder in Splunk Search 04-01-2020 0 9	0	9
Regex help I am at a loss as to why the following is not working. log: 2020-03-31 20:31:19,621 fail2ban.actions [709]... by vlape_SCWX New Member in Splunk Search 04-01-2020 0 6	0	6
Need help joining multisearch results Need help with bringing together results in a multisearch. Need to match department data from AD to an email address ... by joeybroesky Path Finder in Splunk Search 04-01-2020 0 22	0	22
Need help to write a query using Streamstats. Hi Team, i have onboarded the Linux CPU logs using Splunk add on for linux. the requirement is , we need send an al... by sridharlakshman New Member in Splunk Search 04-01-2020 0 3	0	3
problem with rounding bytes to gb HelloI have use this command to convert from bytes to GB:\| eval b = b /1024/1024/1024and this is an example value as ... by net1993 Path Finder in Splunk Search 04-01-2020 0 4	0	4
RegEx How to find two strings from splunk log I have below log: Service ABCD(blabla_blabla): 365.45.1.87.3.60354 -> remote.234.5 Failure Service DERF(blabla_blabl... by dabroma5 Explorer in Splunk Search 04-01-2020 0 4	0	4
If column is missing then eval if a field is missing in output, what is the query to eval another field to create this missing field. below query ca... by jiaqya Builder in Splunk Search 04-01-2020 0 5	0	5
Sourcetype count per host Hello, I would like to Check for each host, its sourcetype and count by Sourcetype.I tried host=* \| stats count by ho... by warmup031 Explorer in Splunk Search 04-01-2020 0 6	0	6
Distinct count returns less results than expected Hello Im running this query: index="prod" \| rex field=source "(?<crate>.*?)/" \| stats dc(crate)H But the number o... by sarit_s Communicator in Splunk Search 04-01-2020 0 1	0	1
CEF Field Parsing I am not seeing extracted field against below query. index=fireeye \| eval {flexString2Label} = flexString2 below are ... by riqbal47010 Path Finder in Splunk Search 04-01-2020 0 1	0	1