Splunk Search

Community Activity

Lookup Tables - Dedup Hello, I Googled and checked several answer posts, but perhaps I am not wording it correctly in the search engines. ... by genesiusj Builder in Splunk Search 10-08-2019 0 2	0	2
Stats 2 results together and filling in the blank fields with dynamically-generated values I need to create volume-base alerts so we know when volume drops. The services we need to monitor are usually suffix... by weidertc Contributor in Splunk Search 10-08-2019 0 4	0	4
How to detected a Deviation of 20% vs weekly average? Hi team! I need to do that: Eventcode = 4624 and 4634 with Logon Type = 10. An event will be generated if an access... by christianubeda Path Finder in Splunk Search 10-08-2019 0 2	0	2
Lookup values not shown on result table Hello all, I am searching in Splunk for the last login date of a User and export it into a table: ... \| eval date=s... by dunick Engager in Splunk Search 10-08-2019 0 3	0	3
How to get a table to show more than 100 rows Is there any way i can increase the number of rows in a Table to 1000 instead of 100? by ptadakam New Member in Splunk Search 10-08-2019 0 3	0	3
Compare two sources with multiple value Hi folks, Hi have a case needing to compare 2 sources with CSV type Source 1 has fields as below: start_time_s1, e... by nguyenhuyhoang0 New Member in Splunk Search 10-08-2019 0 3	0	3
How to get common values in two different fields in two different searches Hi all, I'd be grateful if you could help me with this. I have read other similar questions but none of them seem to ... by xiantros Engager in Splunk Search 10-08-2019 0 7	0	7
Please help for ssl for splunkd - Splunk runs but cannot log in and is slow Hello I want to secure splunkd DS->clients with self-signed ssl cert but for some reason it doesn't work. From splun... by net1993 Path Finder in Splunk Search 10-07-2019 0 2	0	2
How to sort the result set or remove paging on trellis chart? Hi All, I am trying to create a trellis chart to provide the details of 32 components. Trellis chart is showing just... by mjsplunk_007 New Member in Splunk Search 10-07-2019 0 1	0	1
Is there a way to automate diag to support? All, Silly question - Is there a way to automate the sending of diags to Splunk support? I'd like to know they have... by daniel333 Builder in Splunk Search 10-07-2019 1 2	1	2
What is a Workbook in Splunk Investigate? What is a Workbook in Splunk Investigate? by bjanczer_splunk Splunk Employee in Splunk Search 10-07-2019 0 3	0	3
How to search two Indexes based on matching fields and add fields from both indexes to a table I'm new to splunk And i'm trying to add some logic to reduce false positives. I have two indexes Index=A index=B B... by jrindfleisch Observer in Splunk Search 10-07-2019 0 4	0	4
What's the delay between last event written to disk and now()? All our cyber alerts are now based on the last five minutes of indexed data. Therefore we wondered about a potential ... by danielbb Motivator in Splunk Search 10-07-2019 0 5	0	5
extract uri /hk-zh/shop/buy-phone/phone-1/5.8-%E5%90%8B%E9%A1%AF%E7%A4%BA%E5%99%A8-256gb-%E9%8A%80%E8%89%B2 1059 /hk/shop/buy-pho... by sandeepmakkena Contributor in Splunk Search 10-07-2019 0 2	0	2
How do I access the Splunk Investigate Slack Channel? How do I access the Splunk Investigate Slack Channel? Can you please share the link? by bjanczer_splunk Splunk Employee in Splunk Search 10-07-2019 0 1	0	1
Help extracting alphanumeric string after matching pattern {"line":"2019-10-05 03:58:11.627 ERROR [xxx-csscsc0sssscs-xxxx] 1 --- [nio-8080-exec-2] c.u.f.b.s.registryImpl : \u0... by harishnpandey Explorer in Splunk Search 10-07-2019 0 2	0	2
Best way to format out time field for average time I am using the linux time command to see how long it takes to run a process. My logs show as runtime=0m0.000s So ex... by agentguerry Path Finder in Splunk Search 10-07-2019 0 1	0	1
Problem calculating fields at index time when input csv fields are all quoted I was wondering if anyone knows about the next, and if there’s any solution: I have tried to calculate two fields at... by cajose3pepe New Member in Splunk Search 10-07-2019 0 2	0	2
CSV empty quoted field extraction problem Hi there, I have the next CSV file: "CLM_TIMESTAMP","CLM_DATE","CLM_NUMBER" "1569301200","24/09/2019 00:00:00","389... by cajose3pepe New Member in Splunk Search 10-07-2019 0 3	0	3
System and Nobody had no roles I am trying to get the System access attempts with invalid credentials. Folks with unknown user names. I am using th... by dcrooks_cbp New Member in Splunk Search 10-07-2019 0 4	0	4
Timecharts and Multiple Operating Systems I'm currently attempting to make a 6 month trend of multiple OS' compliance percentages into one timechart, but am ru... by giventofly08 Explorer in Splunk Search 10-07-2019 0 5	0	5
How to search csv for values in a lookup table? I have a large csv with lots of columns and a lookup table below payload .exe .zip *.7z How do I search all fiel... by akke Explorer in Splunk Search 10-07-2019 0 1	0	1
How to use two different search time ranges in one splunk rule? I have the following scenario: I have to find events with certain specifications in the last 15 minutes, and the sear... by veromihaiu Path Finder in Splunk Search 10-07-2019 0 5	0	5
Is it possible to split lines and re-use certain fields? I have thise event: ID=FAKE_ID_NAME,TS=1570441680,F1=1380,F2=60,F3=60,F4=1500 For my analysis it would be very usef... by wvanloon New Member in Splunk Search 10-07-2019 0 4	0	4
How to combine multiple field values to create single field name in eval statement. Hi, I'm trying to combine the values of multiple fields to together form a single field name in an eval if statement... by jurjenterpstra New Member in Splunk Search 10-07-2019 0 3	0	3