Splunk Search

Community Activity

	Splunk search with wildcard in field name I need to see all events with fields that have "PROD*" in name, e.g. "PROD deploy", "PROD update", etc.`index=myIndex... by kagarlickij Explorer in Splunk Search 05-19-2024 0 19	0	19
	sysmon and Defender search Hi,I am quite new to Splunk, so sorry in advance if I ask silly questions.I have below task to do: "The logs show tha... by Pere New Member in Splunk Search 05-18-2024 0 1	0	1
	Show source failing for 100/1000 events Event Actions > Show sources failing at 100/1000 events with the below 2 errors - [e430ac81-66f7-40b8-8c76-baa24d2813... by kombi Loves-to-Learn Lots in Splunk Search 05-17-2024 0 0	0	0
	Renaming or ordering values used in a stats by query Here's a part of my query, ignoring where the data is coming from: \| eval bucket=case(dur < 30, "Less than 30sec", du... by jrs42 Path Finder in Splunk Search 05-17-2024 0 4	0	4
	Timechart based off of a search and an appended inputlookup I have the following query that gives me a list of pods that are missing based off the comparison of what should be d... by fishn Explorer in Splunk Search 05-17-2024 0 10	0	10
	How to combine two searches with streaming commands? I want to combine two search results, whereby I'm only interested in the last x/y events from each subquery. Somethin... by mgutschelhofer Explorer in Splunk Search 05-17-2024 0 5	0	5
	Remove every occurrence of pattern from _raw event Hi, I would like to remove every occurrence of a specific pattern from my _raw events.Specifically in this case I am ... by tommasoscarpa1 Path Finder in Splunk Search 05-17-2024 0 2	0	2
	Why is loadjob not getting all results? Hi everyone.I am trying to create historical capacity data over some servers. I have 1 search that will return all th... by michaelnorup Communicator in Splunk Search 05-17-2024 0 5	0	5
	How to search for only select users based on a regex extract So I have the following setup and everything is good but I want to kind of do a subsearch In the Event - Sample User-... by LizAndy123 Path Finder in Splunk Search 05-17-2024 0 2	0	2
	how to add calculation result of timechart Hello,I'm trying to new chart as calculate through packet count.I search with query for interface for several device.... by Richard_400 Engager in Splunk Search 05-16-2024 0 2	0	2
	Searches Can i get a query that will find searches that users are running in splunk by whitecat001 Explorer in Splunk Search 05-16-2024 0 6	0	6
	Data used by searches? I want a query that shows the total volume of indexes used for splunk searches. Query on information that has to do ... by whitecat001 Explorer in Splunk Search 05-16-2024 0 2	0	2
	Splunk Searches Pls what is the rest endpoint for searches that users are running by whitecat001 Explorer in Splunk Search 05-16-2024 0 3	0	3
	How to get the last Sunday of each month? Hello,Can I know how to get the last Sunday of each month? For example, 31st is last Sunday of Jan 2021, 28th is last... by ettaly Engager in Splunk Search 05-16-2024 0 4	0	4
	Get the recent event date from a .csv using inputlookup at the same time append a wildcard into the host. Currently, this is my SPL query and it just displays different resultsthis is my hostname_list.csvhosthostname_a*host... by ephraimjoseph New Member in Splunk Search 05-16-2024 0 1	0	1
	Field not being extracted from mainframe event. I have 2 eventa from a mainframe running z/OS (not sure that affects things):1.{"MFSOURCETYPE":"SYSLOG","DATETIME":"2... by SteveIves1 Engager in Splunk Search 05-15-2024 0 10	0	10
	Chart, order, and bins: How to separate a chart according to an imposed order I have some non-time-based data that I'd like to summarize using chart with a small number of bins. For example, <so... by BrentHetherwick Explorer in Splunk Search 05-15-2024 0 4	0	4
	lookup csv but need to the lookup file contains several fields that need to be concatenated to match event field Hi.I have a lookup file with phone numbers broken down into their parts, so:cc,npa,nxx,list1,210,5551234,good1,512,77... by loganramirez Path Finder in Splunk Search 05-15-2024 0 2	0	2
	Problem in parsing Powershell commands Hello Community!I am trying to set up a search to monitor Powershell commands from Windows hosts; specifically, I am ... by valleyman Loves-to-Learn Lots in Splunk Search 05-15-2024 0 6	0	6
	SAML users unable to load reports or alerts SAML authenticated users are unable to access either REPORTS or ALERTS from the search app @ ./app/search/reports or ... by tlmayes Contributor in Splunk Search 05-15-2024 0 0	0	0
	Use each row of a csv as an individual search and return the results in a table Hi all,I've a csv file with 3 columns ip, earliest, latest and over 400 rows. I'm trying to return all evens associa... by tnegun Engager in Splunk Search 05-15-2024 0 3	0	3
	Count the number of field Hello,So I have to count the number of resulted fields, it doesn't go far than this. for my search I have index=examp... by aatik5u Path Finder in Splunk Search 05-15-2024 0 2	0	2
	How to add multiple fields to chart count over This was my original query to get the list of apis that failed for a client. I have more details of the client in the... by kuul13 Explorer in Splunk Search 05-14-2024 0 14	0	14
	Method to force the implied search in first line to give only the latest events without using stats latest()? This is just a fun optimization question. The benefit may be very little in fact!My Splunk searches are already optim... by ClubMed Path Finder in Splunk Search 05-14-2024 0 5	0	5
	Displaying matching command strings from lookup table All - I am new to Splunk and trying to figure out a way to return a matched command from a CSV table with inputlookup... by cybersunny Loves-to-Learn Lots in Splunk Search 05-14-2024 0 10	0	10