Splunk Search

Community Activity

how to improve eventstats efficiency Hello,I need help improve efficiency of my search using eventstats.The search worked just fine, but when I applied to... by LearningGuy Motivator in Splunk Search 06-16-2024 0 5	0	5
eventstats with conditions Hello,Is it possible to use eventstats with conditions?For example:I only want to apply eventstats only if field name... by LearningGuy Motivator in Splunk Search 06-16-2024 0 5	0	5
Search based on response from another search query First Splunk query gives me a value in a table. The value is a jobId. I want to use this jobId in another search quer... by stagare Explorer in Splunk Search 06-16-2024 0 4	0	4
How to stats count by app name , and avg count per minute by app name together in one query index=abc cf_space_name=prod-ad0000123 cf_app_name IN (RED,Blue,Green) "Initiating " OR "Protobuf message received" O... by sivaranjani Explorer in Splunk Search 06-16-2024 0 4	0	4
Splunk regex bug/issue Hello, I have a case where I need to do regex and I built my regex using regex101, everything works great and catchs... by Josh1890 Explorer in Splunk Search 06-15-2024 0 5	0	5
How to prepend entry in lookup Hi All,I want to add entry on first row of my lookup. I know how to append the entry using outputlookup but is there ... by saurabhatsplunk New Member in Splunk Search 06-15-2024 0 1	0	1
comparing datetime with current datettime following query yields no results: index=shared_data source="lambda:maintenance_window_handler" sourcetype="httpevent... by AnanthaS Path Finder in Splunk Search 06-15-2024 0 10	0	10
Using CIDR in a lookup table Fellow Splunkers I am building a query where I want to report on location based on source IP address. For example wi... by sajbutler Path Finder in Splunk Search 06-14-2024 9 16	9	16
Help in extract data using rex in Splunk I have 2 records for PaymentType as send and receive. I would like to extract PaymentType as receive only so that I c... by anil1219 Engager in Splunk Search 06-14-2024 0 2	0	2
Match One Without Another, with Delay Hello, I have programs which write status events to Splunk. At the beginning they write EVENT=START and at the end, t... by rdhdr Explorer in Splunk Search 06-14-2024 0 7	0	7
Case with a multivalue field in calculated field not working For CIM compliance I am trying to fill the action field from some logs using a case. This works in search but not in ... by wealot Explorer in Splunk Search 06-14-2024 0 1	0	1
Splunk query using azure KQL data with concatenation Hi there,I am trying to get some data from MS Defender into a Splunk query. My original KQL query in azure contains \|... by heskez Engager in Splunk Search 06-14-2024 0 1	0	1
drawing trace and span Splunk enterprise hello,has anyone worked with traces (generated with opentelemetry) of an application on a splunk enterprise?i am inge... by Be_JAR Path Finder in Splunk Search 06-14-2024 0 0	0	0
Missing SSE-data_availability_latency_status.csv in Splunk Security Essentials 3.8.0 When navigating to "ESS" -> "Data" -> "Data Availability", will get the following error:>>>Error in 'lookup' command:... by Iris_Pi Path Finder in Splunk Search 06-14-2024 0 2	0	2
How do I update a lookup file with updated information I have a lookup file that contains two columns, ip and mac. I want to update this file daily by running a query that... by scottrunyon Contributor in Splunk Search 06-14-2024 0 4	0	4
Consider time range when searching in two index Hi community, My forwarder is putting logs in index A before 2024/06/01, and in index B after this date. To avoid mis... by syk19567 Explorer in Splunk Search 06-13-2024 0 5	0	5
Column chart with two fields sharing one "bucket" I have data with two fields that share a static range of 10 values. I'd like to show a column chart with the buckets... by jrs42 Path Finder in Splunk Search 06-13-2024 0 1	0	1
distinct count not working on summary index (sistats) Splunk Enterprise 9.0.6 and building a summary index of sourcenumbers (count) and distinct destinations called (dc(de... by loganramirez Path Finder in Splunk Search 06-13-2024 1 1	1	1
Extracting Data from complex JSON I would like to extract the results of each test within the logs array by distinct count of serial number.That is, fo... by nkavouris Path Finder in Splunk Search 06-13-2024 0 3	0	3
Outputlookup a baseline lookup and query for anomalies based on baseline lookup? Say I create a query that outputs (as a csv) the last 14 days of hosts and the dest_ports the host has communicated o... by antoniolamonica SplunkTrust in Splunk Search 06-13-2024 0 3	0	3
Daily Average Count from the past 7 day period Current query, this shows the how many successful login attempts there have been.index=abc granttype=mobile\| fields ... by jthomasc Loves-to-Learn in Splunk Search 06-13-2024 0 2	0	2
Measuring time difference between 2 entries HiI am getting a log feed for a transactional system. Each log entry has a status either End, Begin or something in b... by Silah Path Finder in Splunk Search 06-13-2024 0 7	0	7
Splunk Query for Windows Process Names and CPU Utilizations Hi all, Can you please help me with the Splunk query to list the Windows Process Names and CPU utilizations for the... by Raja_Selvaraj Explorer in Splunk Search 06-13-2024 0 4	0	4
Log file validation based on serverhost and source Hi Team,For a business requirement, I need to validate log file generated for last an hour with combination of host a... by ganeshkumarmoha Explorer in Splunk Search 06-13-2024 0 2	0	2
Search for deleted Splunk users? I had some Splunk users who were deleted from UI Manager page. Is there some way to search for deleted Splunk users ... by the_wolverine Champion in Splunk Search 06-13-2024 1 6	1	6