Splunk Search

Community Activity

How to Match the First three characters of a MAC address within a lookup table field Hello, I have a lookup table where a list of MAC addresses are listed with the associated Vendors; basically an iden... by leykmekoo Explorer in Splunk Search 06-17-2024 0 6	0	6
Searching on consecutive lines My logs output two consecutive lines in the case of a connection timeout: ... CONNECTION-x.x.x.x:y: connect() timeou... by Sphere991 New Member in Splunk Search 06-17-2024 0 1	0	1
Check on in between of a ranger query Hello,How can I get all the pod names with a query where the value will be in between 1.5 - 2.5. I can share a sample... by Ron1999 New Member in Splunk Search 06-17-2024 0 1	0	1
How to change the green color of the timeline in the indexer? In the indexer, the search for data returns a timeline and details.The timeline is always green: This is fine for que... by Marmar Observer in Splunk Search 06-16-2024 0 5	0	5
how to improve eventstats efficiency Hello,I need help improve efficiency of my search using eventstats.The search worked just fine, but when I applied to... by LearningGuy Motivator in Splunk Search 06-16-2024 0 5	0	5
eventstats with conditions Hello,Is it possible to use eventstats with conditions?For example:I only want to apply eventstats only if field name... by LearningGuy Motivator in Splunk Search 06-16-2024 0 5	0	5
Search based on response from another search query First Splunk query gives me a value in a table. The value is a jobId. I want to use this jobId in another search quer... by stagare Explorer in Splunk Search 06-16-2024 0 4	0	4
How to stats count by app name , and avg count per minute by app name together in one query index=abc cf_space_name=prod-ad0000123 cf_app_name IN (RED,Blue,Green) "Initiating " OR "Protobuf message received" O... by sivaranjani Explorer in Splunk Search 06-16-2024 0 4	0	4
Splunk regex bug/issue Hello, I have a case where I need to do regex and I built my regex using regex101, everything works great and catchs... by Josh1890 Explorer in Splunk Search 06-15-2024 0 5	0	5
How to prepend entry in lookup Hi All,I want to add entry on first row of my lookup. I know how to append the entry using outputlookup but is there ... by saurabhatsplunk New Member in Splunk Search 06-15-2024 0 1	0	1
comparing datetime with current datettime following query yields no results: index=shared_data source="lambda:maintenance_window_handler" sourcetype="httpevent... by AnanthaS Path Finder in Splunk Search 06-15-2024 0 10	0	10
Using CIDR in a lookup table Fellow Splunkers I am building a query where I want to report on location based on source IP address. For example wi... by sajbutler Path Finder in Splunk Search 06-14-2024 9 16	9	16
Help in extract data using rex in Splunk I have 2 records for PaymentType as send and receive. I would like to extract PaymentType as receive only so that I c... by anil1219 Engager in Splunk Search 06-14-2024 0 2	0	2
Match One Without Another, with Delay Hello, I have programs which write status events to Splunk. At the beginning they write EVENT=START and at the end, t... by rdhdr Explorer in Splunk Search 06-14-2024 0 7	0	7
Case with a multivalue field in calculated field not working For CIM compliance I am trying to fill the action field from some logs using a case. This works in search but not in ... by wealot Explorer in Splunk Search 06-14-2024 0 1	0	1
Splunk query using azure KQL data with concatenation Hi there,I am trying to get some data from MS Defender into a Splunk query. My original KQL query in azure contains \|... by heskez Engager in Splunk Search 06-14-2024 0 1	0	1
drawing trace and span Splunk enterprise hello,has anyone worked with traces (generated with opentelemetry) of an application on a splunk enterprise?i am inge... by Be_JAR Path Finder in Splunk Search 06-14-2024 0 0	0	0
Missing SSE-data_availability_latency_status.csv in Splunk Security Essentials 3.8.0 When navigating to "ESS" -> "Data" -> "Data Availability", will get the following error:>>>Error in 'lookup' command:... by Iris_Pi Path Finder in Splunk Search 06-14-2024 0 2	0	2
How do I update a lookup file with updated information I have a lookup file that contains two columns, ip and mac. I want to update this file daily by running a query that... by scottrunyon Contributor in Splunk Search 06-14-2024 0 4	0	4
Consider time range when searching in two index Hi community, My forwarder is putting logs in index A before 2024/06/01, and in index B after this date. To avoid mis... by syk19567 Explorer in Splunk Search 06-13-2024 0 5	0	5
Column chart with two fields sharing one "bucket" I have data with two fields that share a static range of 10 values. I'd like to show a column chart with the buckets... by jrs42 Path Finder in Splunk Search 06-13-2024 0 1	0	1
distinct count not working on summary index (sistats) Splunk Enterprise 9.0.6 and building a summary index of sourcenumbers (count) and distinct destinations called (dc(de... by loganramirez Path Finder in Splunk Search 06-13-2024 1 1	1	1
Extracting Data from complex JSON I would like to extract the results of each test within the logs array by distinct count of serial number.That is, fo... by nkavouris Path Finder in Splunk Search 06-13-2024 0 3	0	3
Outputlookup a baseline lookup and query for anomalies based on baseline lookup? Say I create a query that outputs (as a csv) the last 14 days of hosts and the dest_ports the host has communicated o... by antoniolamonica SplunkTrust in Splunk Search 06-13-2024 0 3	0	3
Daily Average Count from the past 7 day period Current query, this shows the how many successful login attempts there have been.index=abc granttype=mobile\| fields ... by jthomasc Loves-to-Learn in Splunk Search 06-13-2024 0 2	0	2