Splunk Search

Community Activity

Match One Without Another, with Delay Hello, I have programs which write status events to Splunk. At the beginning they write EVENT=START and at the end, t... by rdhdr Explorer in Splunk Search 06-14-2024 0 7	0	7
Case with a multivalue field in calculated field not working For CIM compliance I am trying to fill the action field from some logs using a case. This works in search but not in ... by wealot Explorer in Splunk Search 06-14-2024 0 1	0	1
Splunk query using azure KQL data with concatenation Hi there,I am trying to get some data from MS Defender into a Splunk query. My original KQL query in azure contains \|... by heskez Engager in Splunk Search 06-14-2024 0 1	0	1
drawing trace and span Splunk enterprise hello,has anyone worked with traces (generated with opentelemetry) of an application on a splunk enterprise?i am inge... by Be_JAR Path Finder in Splunk Search 06-14-2024 0 0	0	0
Missing SSE-data_availability_latency_status.csv in Splunk Security Essentials 3.8.0 When navigating to "ESS" -> "Data" -> "Data Availability", will get the following error:>>>Error in 'lookup' command:... by Iris_Pi Path Finder in Splunk Search 06-14-2024 0 2	0	2
How do I update a lookup file with updated information I have a lookup file that contains two columns, ip and mac. I want to update this file daily by running a query that... by scottrunyon Contributor in Splunk Search 06-14-2024 0 4	0	4
Consider time range when searching in two index Hi community, My forwarder is putting logs in index A before 2024/06/01, and in index B after this date. To avoid mis... by syk19567 Explorer in Splunk Search 06-13-2024 0 5	0	5
Column chart with two fields sharing one "bucket" I have data with two fields that share a static range of 10 values. I'd like to show a column chart with the buckets... by jrs42 Path Finder in Splunk Search 06-13-2024 0 1	0	1
distinct count not working on summary index (sistats) Splunk Enterprise 9.0.6 and building a summary index of sourcenumbers (count) and distinct destinations called (dc(de... by loganramirez Path Finder in Splunk Search 06-13-2024 1 1	1	1
Extracting Data from complex JSON I would like to extract the results of each test within the logs array by distinct count of serial number.That is, fo... by nkavouris Path Finder in Splunk Search 06-13-2024 0 3	0	3
Outputlookup a baseline lookup and query for anomalies based on baseline lookup? Say I create a query that outputs (as a csv) the last 14 days of hosts and the dest_ports the host has communicated o... by antoniolamonica SplunkTrust in Splunk Search 06-13-2024 0 3	0	3
Daily Average Count from the past 7 day period Current query, this shows the how many successful login attempts there have been.index=abc granttype=mobile\| fields ... by jthomasc Loves-to-Learn in Splunk Search 06-13-2024 0 2	0	2
Measuring time difference between 2 entries HiI am getting a log feed for a transactional system. Each log entry has a status either End, Begin or something in b... by Silah Path Finder in Splunk Search 06-13-2024 0 7	0	7
Splunk Query for Windows Process Names and CPU Utilizations Hi all, Can you please help me with the Splunk query to list the Windows Process Names and CPU utilizations for the... by Raja_Selvaraj Explorer in Splunk Search 06-13-2024 0 4	0	4
Log file validation based on serverhost and source Hi Team,For a business requirement, I need to validate log file generated for last an hour with combination of host a... by ganeshkumarmoha Explorer in Splunk Search 06-13-2024 0 2	0	2
Search for deleted Splunk users? I had some Splunk users who were deleted from UI Manager page. Is there some way to search for deleted Splunk users ... by the_wolverine Champion in Splunk Search 06-13-2024 1 6	1	6
Use timechart after stats command to show percentage of Successful transaction for each day Hi Team, I am trying to put conversion of transaction for all days of the week in a line chart for successful trans... by Jitendra33 Engager in Splunk Search 06-13-2024 0 1	0	1
Multiple operations from a single if condition Is it possible to action multiple operations in a single if condition, like what can be done in other languages?For e... by cjohnk Explorer in Splunk Search 06-12-2024 0 3	0	3
combine results from index search with fields machine inputlookup Newbie here. Trying get the results from the index to match result int he inputlookup to only return result from the ... by MH1 Engager in Splunk Search 06-12-2024 0 4	0	4
How to use variable on mvfilter regex match? If I used variable in the mvfilter match, i got the following errorError in 'EvalCommand': The arguments to the 'mvfi... by LearningGuy Motivator in Splunk Search 06-12-2024 0 3	0	3
Remove leading zeros from IP address using regex Hello All,I'm trying to remove leading zeros in IP addresses using rex and mode=sed . the regular expression I'm tryi... by Splunk_sid Explorer in Splunk Search 06-12-2024 0 4	0	4
How to handle JSON object extraction with tstats? Hi,I have the following JSON object that is indexed via the default JSON extraction (INDEXED_EXTRACTIONS){ "asset... by ClubMed Path Finder in Splunk Search 06-12-2024 0 5	0	5
https error percentage Hi,I am trying to get the error percentage of the https response request but its not working as expected. index="john... by harpr86 Explorer in Splunk Search 06-12-2024 0 2	0	2
spath - extracting data from groups within JSON Hi All, Hopefully someone can help with this. We have logs that contain JSON where one of the fields can have multi... by Mick_OBrien Path Finder in Splunk Search 06-12-2024 0 2	0	2
Concat query in Azure advanced hunting app Hi there,I am trying to get some data from MS Defender into a Splunk query. My original KQL query in azure contains \|... by heskez Engager in Splunk Search 06-12-2024 0 1	0	1