Splunk Search

Community Activity

Search exact string from inputlookup sub-search Hi, I am trying to list all the events where a user has fired a DNS request to a specific domain mentioned in a look... by qbolbk59 Path Finder in Splunk Search 02-04-2020 0 6	0	6
How Do I Obtain the Valid Part of DNS Logs? Dear All, I'm trying to retrieve and parse windows dns log, the sample looks like this: 1/23/2020 11:59:42 PM 0B50... by dickens8866 New Member in Splunk Search 02-04-2020 0 1	0	1
compare todays time duration with 30 days time duration.If if exceeds threshold(1.230days avg)send email alert,compare current Job duration with last 30 days average.If its exceeds threshold(1.230 days avg) send an email alert PROBLEM DESCRIPTION:compare todays time duration with 30 days time duration.If if exceeds threshold(1.2*30days avg)se... by thomaap New Member in Splunk Search 02-03-2020 0 1	0	1
How to "group by" in JSON Hi all I have a json file like this, { "NUM" : "#1", "TIME" : "1/27/2020 12:49:13", "STATUS" : "PASS", "DURATIO... by anooshac Communicator in Splunk Search 02-03-2020 0 12	0	12
How to get data into a KV store in Splunk Cloud from an external source Splunk Cloud We have lookup data that needs to be accessed from Splunk Cloud. This data can either come from an ext... by bowesmana SplunkTrust in Splunk Search 02-03-2020 0 0	0	0
alert lookup file with alert trigger condition tokens Hi Experts, I want to store alert search result and the following token in Lookup file app = $app$ description = $... by arun_kant_sharm Path Finder in Splunk Search 02-03-2020 0 1	0	1
Changing a SSO IDP failed to authenticate page to custom message I am using SSO and I want to be able to edit the error message you get when SSO authenticates, but the user account y... by bolaojewale Explorer in Splunk Search 02-03-2020 0 0	0	0
What is an easy way to determine what searches are filling up the dispatch directory? I'm seeing lots of dispatch directory threshold errors. Is there an easy way to see what searches or reports are dri... by sail4lot Path Finder in Splunk Search 02-03-2020 1 3	1	3
Stats count & chart over combo? I'ma beginner with Splunk hoping someone can help me with my syntax around the following query. I have queries with ... by hollybross1219 Path Finder in Splunk Search 02-03-2020 0 2	0	2
How to find out the top 30 applications by bandwidth Hi. I'm new to splunk and trying to code a search for top 30 applications by bandwidth. So far I have the following c... by annageorgiou New Member in Splunk Search 02-03-2020 0 5	0	5
How to join metric data I have several types of metric data going into a metric index. One has 'username' and 'DimA' as dimensions, and 'Valu... by drezanka Explorer in Splunk Search 02-03-2020 0 1	0	1
Efficiency of REGEX = . vs REGEX = .* vs REGEX = (.*) Which of the following (in terms of the REGEX) is the most efficient? I've seen examples of all of them. And is th... by chris_barrett SplunkTrust in Splunk Search 02-03-2020 0 4	0	4
Proofpoint Campaign Data Ingestion I need to ingest Proofpoint Campaign data and it seems that there is no canned TA/App for this. What have other done ... by brent_weaver Builder in Splunk Search 02-03-2020 0 0	0	0
How to format SPL Search Query as code ?? HI All i am creating a dashboard in SPLUNK .. i am trying capture the API counts and response time . here is a sampl... by venkat0896 Path Finder in Splunk Search 02-03-2020 0 10	0	10
Transactions and mvexpand on _raw While there was a good question related to my problem, the answers aren't solving my problem. I need to constrain da... by dspracklen Path Finder in Splunk Search 02-03-2020 1 5	1	5
How to change colors in a table? Hi , I have a statistics table in which each column contains different value for eg: Application Name Application... by shruthiangadi Explorer in Splunk Search 02-03-2020 0 4	0	4
help with table column transformation needed Hello, I need to transform the table I have from: _time avg1 avg2 avg3 t1 v11 v21 v31 t2 v12 v2... by damucka Builder in Splunk Search 02-03-2020 0 1	0	1
timechart per minute by multiple fields Hi, I have two fields with different values and I want count on both basis. These are events and hosts occured in lo... by sahil237888 Path Finder in Splunk Search 02-03-2020 0 2	0	2
How to filter my search that finds VPN User Session Count by Country to only show users with sessions in multiple countries? I have this search which shows the user sessions count by Country for the date range specified. I am trying to filte... by pdumblet Explorer in Splunk Search 02-03-2020 1 2	1	2
Join is breaking multivalues...? It looks like a join will break multivalues. And I thought mvexpand couldn't get any more dangerous or misleading tha... by nick405060 Motivator in Splunk Search 02-02-2020 0 1	0	1
Carbon footprint for a splunk search Hi, We are about to start up a new project where the project manager need to know the carbon footprint of the work d... by JonasLind New Member in Splunk Search 02-01-2020 0 9	0	9
Cascade Table View Hello everyone, I am trying to put a table view together with no luck. The view is rather simple in theory but I can... by ylucena Explorer in Splunk Search 01-31-2020 0 1	0	1
How to combine two searches to form an alert Query 1: (sourcetype="PAYA:Enterprise:CDE:Web:App:Gateway.Bankcard" OR sourcetype="PAYA:Enterprise:CDE:Web:App:Gate... by alexrieffel Observer in Splunk Search 01-31-2020 0 3	0	3
How to remove everything after a specific character in a line Currently i am not familiar with REx and replace commands in splunk. Can someone help me here i want to replace to b... by rijinc Explorer in Splunk Search 01-31-2020 0 9	0	9
How to parse a field to use later in a table Can someone please help me parse the field of FunctionArn for the account id value ( "65123456723" in the example) f... by petersonjared Explorer in Splunk Search 01-31-2020 0 6	0	6