Splunk Search

Community Activity

update old values in lookup table and add new rows to the table Hi All,I have created a lookup table Status.csv which is having all the status of tickets and whether they are SLA re... by avi123 Explorer in Splunk Search 05-08-2024 0 2	0	2
Using the below query to calculate the time diff of search and appended search but getting result in negative . index=hum_stg_app "msg.OM_MsgType"=REQUEST msg.OM_Body.header.transactionId=* "msg.service_name"="fai-np-notification... by Hemant93 Loves-to-Learn Lots in Splunk Search 05-08-2024 0 2	0	2
Writing Splunk Logs for Faster Queries, with Category Boolean true We are writing Log Statements in Java, and then reviewing the info and exception alerts.Our team is then conducting ... by MarkSmith47 New Member in Splunk Search 05-08-2024 0 1	0	1
how to fetch field for label for drop down list while passing token How to fetch the fieldForLabel value using token(option). i have to pass fieldForLabel to query<input type="dropdown"... by Jasmine Path Finder in Splunk Search 05-08-2024 0 1	0	1
set a flag in based on field value in multiple row Hello,How do I set a flag in based on field value in multiple row?For example:In the following table, network-1 is s... by LearningGuy Motivator in Splunk Search 05-08-2024 0 2	0	2
capability required to edit objects via rest api While sending a rest api request to change the owner of a knowledge object i am getting the following error "You do n... by arvind_Sugajeev Explorer in Splunk Search 05-08-2024 0 1	0	1
How to get count of field values? Hi All, How to count field values.The field extracted and showing 55 .When i use below query: \| stats count by cont... by karthi2809 Builder in Splunk Search 05-08-2024 0 4	0	4
search results using data from two indexes I have a wineventlog index to alert on locked accounts (EventCode=4740), but want to limit this based on certain user... by dyolmc Explorer in Splunk Search 05-08-2024 0 2	0	2
incorrect use of eval? Hi, I'm new to Splunk, so I apologize if this question seems naive.While experimenting with calculated fields, I foun... by FromTheGraves Engager in Splunk Search 05-08-2024 0 4	0	4
Data model Hi, how can I rewrite the following search using tstats and datamodel Network_Traffic?index=pan sourcetype="pan:thr... by Hamza08 Observer in Splunk Search 05-08-2024 0 3	0	3
Simple source and Destination lookup I am looking to write a simple search that tells me if a host or hosts are reaching out to a specific IP address. So... by Sotu Engager in Splunk Search 05-08-2024 0 5	0	5
based on drop down list value the below are two different drop down list as we have different host and index.Based on the index selection i do set/... by Jasmine Path Finder in Splunk Search 05-07-2024 0 1	0	1
Counts of events with request_times in certain ranges I'm trying to figure out how to query all of the events from an Apache log and produce a report with counts of the nu... by davidsumner Explorer in Splunk Search 05-07-2024 0 1	0	1
setting up Line Break in props.conf for compiled year month and date I have a log the needs the props.conf setup but the year month and date is complied into one with no spaces or separa... by valeriedls01 Loves-to-Learn Everything in Splunk Search 05-07-2024 0 1	0	1
Splunk integration with OpsGenie to send alert- Is OpsGenie not supported? Hi, I am sure this question must have asked multiple times and infact I've come across multiple posts but I am still ... by shashank_24 Path Finder in Splunk Search 05-07-2024 0 7	0	7
how to retrieve the value from json input using splunk query Hi All, I have the below json format. REQUEST="{"body":{"customer":{"accountNumber":"DBC50012225699","lineNumber":"50... by splunk6 Path Finder in Splunk Search 05-07-2024 0 15	0	15
how to retrive channel code from this json request REQUEST="{"body":{"customer":{"accountNumber":"DBC50012225699","lineNumber":"5000654224"},"equipment":{"serialNumber"... by splunk6 Path Finder in Splunk Search 05-07-2024 0 17	0	17
Help with SPL and REX for 2 separate ID's in 1 event I have an Event where I can extract the 2 different ID's but how do I show that id 1 gave access to id 2?Sample event... by LizAndy123 Path Finder in Splunk Search 05-06-2024 0 3	0	3
How to get 1st 3 count Query: \|mstats sum(error.count) as Count where index=metrics_data by provider errorid errorname \|search errorname=ap... by mahesh27 Communicator in Splunk Search 05-06-2024 0 5	0	5
chart with where Please help me on the below items:#1)\| chart count(WriteType) over Collection by WriteType \| sort Collectionfor abov... by Jasmine Path Finder in Splunk Search 05-06-2024 0 1	0	1
How to get the nested objects from my JSON data field? I want to get the values from the path field but I can't extract this alone as data.initial_state.path would output e... by sintjm Path Finder in Splunk Search 05-06-2024 0 4	0	4
2 values for "User" field being shown. Hi all!I'm currently trying to create a RDP session analysis dashboard. I'm using sysmon eventlogs, specifically Eve... by maiks1 Engager in Splunk Search 05-06-2024 0 1	0	1
Need event extraction I want to extract all the key value pairs from this event dynamicallyCan someone help with the query INFO 2024-04-29... by kranthimutyala2 Engager in Splunk Search 05-06-2024 0 14	0	14
How to use tokens in a report? Hello,I am in need of some help from the community. Is it possible to create a token in a schedule report and create... by Wise_Women Engager in Splunk Search 05-06-2024 1 2	1	2
how to replace value with another field values Hi, we could see message ="executed" for started state field. so, would like to replace with same massage where state... by james_n Path Finder in Splunk Search 05-06-2024 0 8	0	8