Splunk Search

Community Activity

Filter a log using regex I need to filter a part of a log using regex, I have the following loglog: {dx.trace_id=xxxxx, dx.span_id=yyyyy, dx.t... by jose_sepulveda Loves-to-Learn in Splunk Search 06-18-2024 0 6	0	6
How to query for MFA and SSO on network Thank you everyone for taking the time to ready this. I am new in Splunk and interested in learning more. I have a pr... by sgtwolf1 Explorer in Splunk Search 06-18-2024 0 1	0	1
Search weekday during time, and include all weekend days Hello, my current search is index=winsec source=WinEventLog:Security EventCode=6272 \| eval date_hour = strftime(_ti... by Cmiddleton-oppd Explorer in Splunk Search 06-18-2024 0 4	0	4
Turns stats into timechart with avg I asked in a previous thread for help to get response time based on time differential between two events connected by... by Silah Path Finder in Splunk Search 06-18-2024 0 2	0	2
How to find count of recipients by action where how many users received the email vs not for every event? Hi,I have a search as below. I want to find count of recipients by action where how many users received the email vs ... by Woodpecker Path Finder in Splunk Search 06-18-2024 0 1	0	1
Error in 'eval' command: The expression is malformed. An unexpected character is reached at `\"%Y-%m-%dT%H:%M:%SZ\"), \` Hello team ,I am trying to create macro and than use in my splunk dashboard . The purpose is to get time of entered i... by abhinav_go Explorer in Splunk Search 06-18-2024 0 3	0	3
Subsearch limits pre-post filtering? I've seen the documentation which says "by default subsearches return a maximum of 10,000 results and have a maximum ... by quadrant8 New Member in Splunk Search 06-18-2024 0 1	0	1
How to get multiple search condition on a single query? Hi Team I have this requirement .Could you please help me on it .Here is my question I wanted to get result for Pa... by Anushuba New Member in Splunk Search 06-18-2024 0 1	0	1
How to Join two queries Hello Team,I need assistance with joining 2 SPL queries to get the desired output. Refer the below log snippet:As per... by shashankk Communicator in Splunk Search 06-17-2024 0 4	0	4
Update Lookup csv by Splunk Output How i update the test_MID_IP.csv with the output IP, so that next time it runs with updated listindex=abc IP!="10.*"... by RahulMisra1 Explorer in Splunk Search 06-17-2024 0 3	0	3
Splunk query using azure KQL concat Hi there,I am trying to get some data from MS Defender into a Splunk query. My original KQL query in azure contains \|... by heskez Engager in Splunk Search 06-17-2024 0 1	0	1
How to Match the First three characters of a MAC address within a lookup table field Hello, I have a lookup table where a list of MAC addresses are listed with the associated Vendors; basically an iden... by leykmekoo Explorer in Splunk Search 06-17-2024 0 6	0	6
Searching on consecutive lines My logs output two consecutive lines in the case of a connection timeout: ... CONNECTION-x.x.x.x:y: connect() timeou... by Sphere991 New Member in Splunk Search 06-17-2024 0 1	0	1
Check on in between of a ranger query Hello,How can I get all the pod names with a query where the value will be in between 1.5 - 2.5. I can share a sample... by Ron1999 New Member in Splunk Search 06-17-2024 0 1	0	1
How to change the green color of the timeline in the indexer? In the indexer, the search for data returns a timeline and details.The timeline is always green: This is fine for que... by Marmar Observer in Splunk Search 06-16-2024 0 5	0	5
how to improve eventstats efficiency Hello,I need help improve efficiency of my search using eventstats.The search worked just fine, but when I applied to... by LearningGuy Motivator in Splunk Search 06-16-2024 0 5	0	5
eventstats with conditions Hello,Is it possible to use eventstats with conditions?For example:I only want to apply eventstats only if field name... by LearningGuy Motivator in Splunk Search 06-16-2024 0 5	0	5
Search based on response from another search query First Splunk query gives me a value in a table. The value is a jobId. I want to use this jobId in another search quer... by stagare Explorer in Splunk Search 06-16-2024 0 4	0	4
How to stats count by app name , and avg count per minute by app name together in one query index=abc cf_space_name=prod-ad0000123 cf_app_name IN (RED,Blue,Green) "Initiating " OR "Protobuf message received" O... by sivaranjani Explorer in Splunk Search 06-16-2024 0 4	0	4
Splunk regex bug/issue Hello, I have a case where I need to do regex and I built my regex using regex101, everything works great and catchs... by Josh1890 Explorer in Splunk Search 06-15-2024 0 5	0	5
How to prepend entry in lookup Hi All,I want to add entry on first row of my lookup. I know how to append the entry using outputlookup but is there ... by saurabhatsplunk New Member in Splunk Search 06-15-2024 0 1	0	1
comparing datetime with current datettime following query yields no results: index=shared_data source="lambda:maintenance_window_handler" sourcetype="httpevent... by AnanthaS Path Finder in Splunk Search 06-15-2024 0 10	0	10
Using CIDR in a lookup table Fellow Splunkers I am building a query where I want to report on location based on source IP address. For example wi... by sajbutler Path Finder in Splunk Search 06-14-2024 9 16	9	16
Help in extract data using rex in Splunk I have 2 records for PaymentType as send and receive. I would like to extract PaymentType as receive only so that I c... by anil1219 Engager in Splunk Search 06-14-2024 0 2	0	2
Match One Without Another, with Delay Hello, I have programs which write status events to Splunk. At the beginning they write EVENT=START and at the end, t... by rdhdr Explorer in Splunk Search 06-14-2024 0 7	0	7