Splunk Search

Community Activity

Data model Hi, how can I rewrite the following search using tstats and datamodel Network_Traffic?index=pan sourcetype="pan:thr... by Hamza08 Observer in Splunk Search 05-08-2024 0 3	0	3
Simple source and Destination lookup I am looking to write a simple search that tells me if a host or hosts are reaching out to a specific IP address. So... by Sotu Engager in Splunk Search 05-08-2024 0 5	0	5
based on drop down list value the below are two different drop down list as we have different host and index.Based on the index selection i do set/... by Jasmine Path Finder in Splunk Search 05-07-2024 0 1	0	1
Counts of events with request_times in certain ranges I'm trying to figure out how to query all of the events from an Apache log and produce a report with counts of the nu... by davidsumner Explorer in Splunk Search 05-07-2024 0 1	0	1
setting up Line Break in props.conf for compiled year month and date I have a log the needs the props.conf setup but the year month and date is complied into one with no spaces or separa... by valeriedls01 Loves-to-Learn Everything in Splunk Search 05-07-2024 0 1	0	1
Splunk integration with OpsGenie to send alert- Is OpsGenie not supported? Hi, I am sure this question must have asked multiple times and infact I've come across multiple posts but I am still ... by shashank_24 Path Finder in Splunk Search 05-07-2024 0 7	0	7
how to retrieve the value from json input using splunk query Hi All, I have the below json format. REQUEST="{"body":{"customer":{"accountNumber":"DBC50012225699","lineNumber":"50... by splunk6 Path Finder in Splunk Search 05-07-2024 0 15	0	15
how to retrive channel code from this json request REQUEST="{"body":{"customer":{"accountNumber":"DBC50012225699","lineNumber":"5000654224"},"equipment":{"serialNumber"... by splunk6 Path Finder in Splunk Search 05-07-2024 0 17	0	17
Help with SPL and REX for 2 separate ID's in 1 event I have an Event where I can extract the 2 different ID's but how do I show that id 1 gave access to id 2?Sample event... by LizAndy123 Path Finder in Splunk Search 05-06-2024 0 3	0	3
How to get 1st 3 count Query: \|mstats sum(error.count) as Count where index=metrics_data by provider errorid errorname \|search errorname=ap... by mahesh27 Communicator in Splunk Search 05-06-2024 0 5	0	5
chart with where Please help me on the below items:#1)\| chart count(WriteType) over Collection by WriteType \| sort Collectionfor abov... by Jasmine Path Finder in Splunk Search 05-06-2024 0 1	0	1
How to get the nested objects from my JSON data field? I want to get the values from the path field but I can't extract this alone as data.initial_state.path would output e... by sintjm Path Finder in Splunk Search 05-06-2024 0 4	0	4
2 values for "User" field being shown. Hi all!I'm currently trying to create a RDP session analysis dashboard. I'm using sysmon eventlogs, specifically Eve... by maiks1 Engager in Splunk Search 05-06-2024 0 1	0	1
Need event extraction I want to extract all the key value pairs from this event dynamicallyCan someone help with the query INFO 2024-04-29... by kranthimutyala2 Engager in Splunk Search 05-06-2024 0 14	0	14
How to use tokens in a report? Hello,I am in need of some help from the community. Is it possible to create a token in a schedule report and create... by Wise_Women Engager in Splunk Search 05-06-2024 1 2	1	2
how to replace value with another field values Hi, we could see message ="executed" for started state field. so, would like to replace with same massage where state... by james_n Path Finder in Splunk Search 05-06-2024 0 8	0	8
Querying AD accounts and email addresses I am able to pull my AD users account information successfully except for their email addresses. What am I doing wro... by Sotu Engager in Splunk Search 05-04-2024 0 2	0	2
How to map values in case statement? Hi All,I am using case statement to map values instead of other values. But i am not getting the values.I am getting ... by karthi2809 Builder in Splunk Search 05-03-2024 0 4	0	4
How to get latest transactionId ? Hi All,I am trying to get count of enabled and disabled from field. Then i want to show the field values based on lat... by karthi2809 Builder in Splunk Search 05-03-2024 0 11	0	11
How to transpose based on regex data to get the counts Hi, I am new to Splunk. I am trying to figure out how to extract count of errors per api calls made for each client. ... by kuul13 Explorer in Splunk Search 05-02-2024 0 1	0	1
skip first 10 lines of search results _raw=line 1line 2line 3line 4line 5line 6how to define another new field "copyofraw" to contain just line 5 and line... by guru333 Engager in Splunk Search 05-02-2024 0 7	0	7
Unable to view thawed data Hi, I'm testing thawing of some frozen data and it's not working. I have thawed some previously frozen data and am ex... by BARNEYRUDD Explorer in Splunk Search 05-02-2024 0 12	0	12
Subsearch in SPLUNK with the name of index Hello, I have a use case to get the index name from the field of one of the index/sourcetype and use that index name... by SplunkDash Motivator in Splunk Search 05-01-2024 0 6	0	6
Weighting events based on the source they originate from I have a summary index that pulls in normalized data from 2 different sources (entirely different applications that c... by mjones414 Contributor in Splunk Search 05-01-2024 0 2	0	2
Handling spaces in field values DescriptionHow can I produce a URL in an alert email that uses field values, either by in-line results or in the body... by Badger New Member in Splunk Search 05-01-2024 0 1	0	1