Splunk Search

Community Activity

What Query should i use to look for a certain directory in Linux Servers where the data is mounted? What Query should i use to look for a certain directory in Linux Servers where the data is mounted? So basically sup... by mike000 New Member in Splunk Search 04-02-2020 0 5	0	5
How Can I Extract Specific Email Subject Keywords? Good evening, How to extract couple of subject email keywords from specific field "message_subject" Let's consider th... by zayedaljaberi Engager in Splunk Search 04-02-2020 0 2	0	2
Email from Malicious sender Hi Guys, I am trying to create search for: "Email received from malicious sender" Can somebody help to create such ... by dzejsonborn New Member in Splunk Search 04-02-2020 0 6	0	6
Grouping ans Sum We have an XML document import into Splunk. by TheMilkMan New Member in Splunk Search 04-02-2020 0 1	0	1
Performing an Splunk LDAP search from a field in an existing csv file Here is what I'm trying to accomplish. I have an csv file that I generated with an existing search that looks like th... by roayers Explorer in Splunk Search 04-02-2020 0 5	0	5
Search shows 0 events I indexed data from a local directory. All of them are Web Access Logs so I set the sourcetype to access_combined. As... by robin272 Engager in Splunk Search 04-02-2020 0 0	0	0
Regex certain value from a field Hello, I have a regex question. I have a field called "Container" and below are the examples of the values. I would ... by timyong80 Explorer in Splunk Search 04-02-2020 0 10	0	10
Keyboard Shortcut to Format Search At .conf this year, a new feature was showed off that allowed auto-formatting of SPL in the search bar with the press... by JoshWhaley Path Finder in Splunk Search 04-02-2020 4 8	4	8
Splunk search basic queries Hi so suppose in my results there are 2 logs that are being retrieved. There is a status message which is either true... by gurkiratsingh Explorer in Splunk Search 04-02-2020 0 2	0	2
How to search the chain of users that sent an email Hello, My data are like this, sender , receiver, _time userA, userB, _time1 userB, userC, _time2 userB, userD, _tim... by karampatsis Engager in Splunk Search 04-02-2020 0 0	0	0
Return tag pair if tag contains any value I would like to return all messages that contains tag 6410. Currently the below will return all messages even if they... by rizwan0683 Path Finder in Splunk Search 04-02-2020 0 1	0	1
How can I use the results of a search in a second search? I'm running a query which returns destination ip address of external traffic of a user in one column something like t... by splunkThreatHun Engager in Splunk Search 04-02-2020 1 5	1	5
Help joining multi row search Hi everyone, I am new to Splunk and still learning. Can someone please help me on the below query? My log file: 20... by kimberlytrayson Path Finder in Splunk Search 04-02-2020 0 3	0	3
How to update particular row of existing lookup csv ? I have existing lookup csv. I want to update a row with new value. ID Name Location 549 Test_1 Bangalore 549 Tes... by patra966 Path Finder in Splunk Search 04-02-2020 1 2	1	2
Timezone Query I have a Deploy server application that I use to control my "SYSLOG" server that receives logs from various other sou... by willadams Contributor in Splunk Search 04-01-2020 0 6	0	6
StartsWith breaks the transaction Hello everyone, I am trying to extract some data from the logs. I have created a little search that works well: cus... by gmasy New Member in Splunk Search 04-01-2020 0 10	0	10
Getting count of data by days Hi guys! I am looking to get the number of tickets that are completed in under 14 days, 30 days, 45 days and 45+ days... by tmanuel1 New Member in Splunk Search 04-01-2020 0 3	0	3
VPN count Hi - We want to get users connected in 1 hour. When a user connects we get event_id="globalprotectgateway-auth-succ" ... by dmenon Explorer in Splunk Search 04-01-2020 0 2	0	2
How to group by date range from JSON Values? I'm newer of splunk. On my log I've a JSON with two fields of interested: "initialCreationDate":"2020-03-02T00:00:00"... by augustocadini New Member in Splunk Search 04-01-2020 0 1	0	1
How can i correlate 2 fields with different sourcetype in one table? I have 2 searches for systems & folders. Both searches return a table. The fields systemID & folderID have the same v... by i17065 Engager in Splunk Search 04-01-2020 0 8	0	8
What is role of transforms.conf vs. props.conf for field extraction? What is the role of props.conf vs. transforms.conf in field extraction? How do they relate to each other in order to ... by Justin_Grant Contributor in Splunk Search 04-01-2020 4 4	4	4
Regex for digits before .zip Hi, How do I write a regex to capture whenever I see any combination of 10 digits followed by .zip within a _raw eve... by jacqu3sy Path Finder in Splunk Search 04-01-2020 0 9	0	9
How to create a bucket of number of events instead of time? Hello!  I'm tryng to get statistics of groups of 200 events. For instance, I have the following stats: \|stats su... by msyparker Explorer in Splunk Search 04-01-2020 0 1	0	1
How to achieve request PerSecond using metrics I have a query like this: \| mstats rate(request_total) as request_rate prestats=true WHERE index="index-metrics" AN... by prasadmissesu New Member in Splunk Search 04-01-2020 0 1	0	1
Time Conversion Issue with now(), 0, last 24 hours, since, etc. Hello, I'm having a time conversion issue with any earliest or latest time that is not in epoch. Here is my XML code ... by genesiusj Builder in Splunk Search 04-01-2020 0 9	0	9