Splunk Search

Community Activity

"Could not load lookup" error on Indexers We upgraded our indexers from 6.6.4 to 7.3.3 and now any search gives us: [sptsp005] Could not load lookup=LOOKUP-si... by infosecnav Engager in Splunk Search 12-21-2019 1 1	1	1
How can I create a time chart grouping the data per 5 minutes, but showing every minute? Example: _time---value---group 00:01------2---------2 00:02------3---------5 00:03------4---------9 00:04------2----... by ocnarb New Member in Splunk Search 12-20-2019 0 4	0	4
Trim braces from a token variable-Dynamic dashboards Im creating link to different dashboards based on the application clicked on from the main form So i have a variab... by rczone Path Finder in Splunk Search 12-20-2019 1 1	1	1
Splunk CLI and UI give different search results I index manually through UI the log file i wish to index (Data Inputs > Add new > Index Once) and select all the conf... by psychogyiokosta New Member in Splunk Search 12-20-2019 0 7	0	7
Search for Suspicious Logon Behavior Hello there. I want to build a query that alerts off when a single source IP or source computer is attempting to logo... by johann2017 Explorer in Splunk Search 12-20-2019 0 6	0	6
how can I use dedup command using many fields?? Greetings!! I would like to ask a question about dedup eg: \|dedup host ,IP \|dedup host \|dedup IP I've tried ... by pacifikn Communicator in Splunk Search 12-20-2019 0 5	0	5
Eval Epoch Duration Time into Human Readable Format I am using the following query to show the duration of a accounts logon and logoff. The results come back in epoch ti... by migullmills Explorer in Splunk Search 12-20-2019 1 2	1	2
How to store a value in one search and give it to other search i need to store a numerical value in Energ1 and store a string value in energy1 and use them in the last search ... by raghav4a1 New Member in Splunk Search 12-20-2019 0 1	0	1
Want to understand below condition in Query Can anyone help me to understand below condition where _time>=if("$field1.earliest$"=="0",1,relative_time(now(),"$f... by nilbak1 Communicator in Splunk Search 12-20-2019 0 1	0	1
makecontinuous and fillnull for selfmade date-hour column Hi, I'm trying to fill empty hours (without events) using makecontinuous. The time column created in the query/ \| t... by egur New Member in Splunk Search 12-19-2019 0 2	0	2
How can I extend the width of my drop down box in my dashboard? I'd like to extend the width of my drop down box in my dashboard because the source names are quite long and i'd like... by MichaelPriest Communicator in Splunk Search 12-19-2019 2 9	2	9
Extract multiple values when field is in the same log twice Hi all, I am working with a log that can sometimes have the same field in one log entry more than one time, but with... by bcarr12 Path Finder in Splunk Search 12-19-2019 0 5	0	5
How to concatenate a variable number of fields? I had the next events examples: 2019-09-16T13:27:10.169107+02:00 koopa.browser.local node= koopa.browser.local type... by rafadvega Path Finder in Splunk Search 12-19-2019 1 3	1	3
eval showing in btool props but does not appear in search Okay I'm pulling my hair out here. I'm playing around with Windows Defender Events, trying to capture them and get th... by bmorgenthaler Path Finder in Splunk Search 12-19-2019 0 4	0	4
Construct map command query in eval statement I am having trouble constructing a search command in an Eval statement. I stripped it down to its most basic form to ... by drewg33 Engager in Splunk Search 12-19-2019 0 1	0	1
Search is waiting for input ERROR Hello, I'm having issues with some of my splunk dashboards having issues with loading. It was loading fine before, ... by harshparikhxlrd Path Finder in Splunk Search 12-19-2019 1 7	1	7
inputlookup in subsearch to filter by one column and to output back the corresponding values of another column to main search Okay so this question has never been asked or answered before so here goes...Hoping someone can assist. index="ironp... by yepyepyayyooo New Member in Splunk Search 12-19-2019 0 4	0	4
Extract fields out of plain text log file and assign it to a field name I want to extract the below values during index time 1. extract WDDZF4KB3JA469368 ,ABCDE4KB3JA469368 and so on and as... by Sujithkumarkb Observer in Splunk Search 12-19-2019 0 5	0	5
I have 6 panels on a dashboard, but can only run 3 concurrent searches. How can I overcome this limit? I have 6 panels on a dashboard, but only allow 3 concurrent searches for the user role. Using Splunk Enterprise 6.2, ... by moesaidi Path Finder in Splunk Search 12-19-2019 2 11	2	11
Left Outer join Hi, I am trying to do search based on field cardid between 2 queries and 2 different time durations, following query ... by msrama5 Explorer in Splunk Search 12-19-2019 0 1	0	1
Unknown search command 'dbquery' for non-admin users Hi, I'm getting "Unknown search command 'dbquery'" error when trying to use \| dbquery as non-admin user. I granted re... by michtek Explorer in Splunk Search 12-18-2019 0 4	0	4
String Value What search string would I use to find out what computers do NOT have a specific software. I have the Splunk TA Wind... by amorberg New Member in Splunk Search 12-18-2019 0 2	0	2
How to join events on an id and subtract values from same named field I've got two different events that have identical data points, including an id. I'd like to join the events on an id... by econstantin Engager in Splunk Search 12-18-2019 1 3	1	3
Convert HR:MIN:SEC format to 1hr:2min:3sec format Hello, I'm trying to convert my time format for the Duration seen below to a format such as 1hr 2min 30 sec display. by harshparikhxlrd Path Finder in Splunk Search 12-18-2019 0 4	0	4
Optimize rex command Hi all, I want to extract fields form log events. I have two errors patterns : EDICPP 4-1-1-0 exception: Mandator... by clementros Path Finder in Splunk Search 12-18-2019 0 5	0	5