Splunk Search

Community Activity

	Concat query in Azure advanced hunting app Hi there,I am trying to get some data from MS Defender into a Splunk query. My original KQL query in azure contains \|... by heskez Engager in Splunk Search 06-12-2024 0 1	0	1
	How can I add list of field values into an array I have a search that outputs the hostlist by test.index=abc \| stats count by host test \| stats count as total_count v... by power12 Communicator in Splunk Search 06-11-2024 0 3	0	3
	How to extract the string which is between the two different special characters using regex Hi Team,I need to extract the string which is between the two different special characters using regex. Could you ple... by SureshkumarD Explorer in Splunk Search 06-11-2024 0 2	0	2
	how do I create a variable(or new field name) with its value another field name This is my sample search/data: \| makeresults \| eval data = " 1 2017-12-01 00:00:00 A 0 131... by HattrickNZ Motivator in Splunk Search 06-11-2024 0 6	0	6
	TRUCANTE Logs Hello,I am using Splunk Cloud, for some our sourcetypes we have defined specific TRUNCATE values. I have a couple of ... by andgarciaa Explorer in Splunk Search 06-11-2024 0 1	0	1
	rename and add 2 count results Hello community,I'm having a problem with a probably stupid addition but I can't find a solution. I make a simple que... by Rajaion Path Finder in Splunk Search 06-11-2024 0 2	0	2
	saved searches can I find all the saved searches which are using index=* rather than giving specific name. And all the saved searche... by Siddharthnegi Contributor in Splunk Search 06-11-2024 0 2	0	2
	How to use token value in stats group by field in Splunk dashboard Hi Team,I have stats group by fields as token it will change dynamically based on time selection. for example if sele... by kasimanikandan Engager in Splunk Search 06-11-2024 0 3	0	3
	Need to pull the Top 100 Hosts License Usage In Splunk Cloud Need to pull the License Usage in GB for the top 100 Host along with their respective Index Source and Souretype info... by anandhalagaras1 Contributor in Splunk Search 06-11-2024 0 6	0	6
	trace if a server in a network path behind a firewall How do I trace if a server in a network path behind a firewall?The data is presented in the table below.For example: ... by LearningGuy Motivator in Splunk Search 06-10-2024 0 1	0	1
	Conditional Search String based on Time Hi community, I need to write a query which can adjust its search string based on event time. For example, if the eve... by syk19567 Explorer in Splunk Search 06-10-2024 0 2	0	2
	Getting different results in Splunk dashboard for different users I've made a dashboard to show some statistics on it. The information that appears on my dashboard differs from that o... by paragg Loves-to-Learn Lots in Splunk Search 06-10-2024 0 1	0	1
	Splunk basic left join not working I am on Splunk 7.0.2 and trying to join two search strings with a common field but for reason this is not working. i... by karthikmalla Explorer in Splunk Search 06-10-2024 0 6	0	6
	Embed Saved Search with API (preferably Python SDK) I'm programmatically generating saved searches with the Python SDK, which is great. I then want to embed those saved... by zcianflone Engager in Splunk Search 06-10-2024 0 1	0	1
	Accelerating report that uses bucket _time Hi All,I have a report running every 6 hour with below search query. This is fetching hourly availability of haproxy ... by jpillai Path Finder in Splunk Search 06-10-2024 0 9	0	9
	Splunk Daily License Usage For Every Month In GB For Index, Host , Source and Sourcetype Seperately Hi Team, We have deployed Splunk Cloud in our environment and currently have a requirement to generate monthly report... by anandhalagaras1 Contributor in Splunk Search 06-09-2024 0 0	0	0
	Daily License Usage Based on Source Information Along with Host, Index & Sourcetype Information Hi Team,There is a requirement to get the license usage split in GB on daily basis for the top 20 log sources along ... by anandhalagaras1 Contributor in Splunk Search 06-09-2024 0 4	0	4
	how join with condition this is part of one tablehostname \| monitor \| ip \| other fields...aaa \|v \| ....aaa \|x \| ...bbb \| v \| ...how can cha... by Tzur New Member in Splunk Search 06-09-2024 0 1	0	1
	How to coalesce three events Hi Experts,I would like to create the following table from the three events. ipv4-entry_prefix network-ins... by shimada-k Explorer in Splunk Search 06-09-2024 0 8	0	8
	Error in 'EvalCommand': Type checking failed. '-' only takes numbers. Hi all,I want to find the difference between two values (values.in65To127OctetFrames).My data is like below.{"name":"... by shimada-k Explorer in Splunk Search 06-08-2024 0 2	0	2
	Need to exclude hosts which matched with event 4608 windows is starting up within 5 minutes Below is the query which included all the events for windows shutdown and starting up want to exclude host when event... by HPACHPANDE Explorer in Splunk Search 06-07-2024 0 4	0	4
	Why does my sourcetype works only on standalone environment ? Hello,I've recently tested a sourcetype for a new input via the props.conf file on my standalone dev environment, and... by Théophane_GUE Loves-to-Learn Lots in Splunk Search 06-07-2024 0 2	0	2
	Is there a way to display current time with marker in event timeline viz in splunk? Is there a way to display current time with time marker in this dashboard in splunk? by bryanttfelician Engager in Splunk Search 06-07-2024 0 3	0	3
	Timezone issue in Splunk Hi Team,Need your assistance for the configuration changes in Splunk. The requirement is to change the Timezone based... by shashankk Communicator in Splunk Search 06-07-2024 0 2	0	2
	Alert for specific missing events Hello,I need to monitor some critical devices (stored in a lookup file) connected to the Crowdstrike console, in part... by marco_massari11 Communicator in Splunk Search 06-07-2024 0 1	0	1