Splunk Search

Community Activity

How to get 1st 3 count Query: \|mstats sum(error.count) as Count where index=metrics_data by provider errorid errorname \|search errorname=ap... by mahesh27 Communicator in Splunk Search 05-06-2024 0 5	0	5
chart with where Please help me on the below items:#1)\| chart count(WriteType) over Collection by WriteType \| sort Collectionfor abov... by Jasmine Path Finder in Splunk Search 05-06-2024 0 1	0	1
How to get the nested objects from my JSON data field? I want to get the values from the path field but I can't extract this alone as data.initial_state.path would output e... by sintjm Path Finder in Splunk Search 05-06-2024 0 4	0	4
2 values for "User" field being shown. Hi all!I'm currently trying to create a RDP session analysis dashboard. I'm using sysmon eventlogs, specifically Eve... by maiks1 Engager in Splunk Search 05-06-2024 0 1	0	1
Need event extraction I want to extract all the key value pairs from this event dynamicallyCan someone help with the query INFO 2024-04-29... by kranthimutyala2 Engager in Splunk Search 05-06-2024 0 14	0	14
How to use tokens in a report? Hello,I am in need of some help from the community. Is it possible to create a token in a schedule report and create... by Wise_Women Engager in Splunk Search 05-06-2024 1 2	1	2
how to replace value with another field values Hi, we could see message ="executed" for started state field. so, would like to replace with same massage where state... by james_n Path Finder in Splunk Search 05-06-2024 0 8	0	8
Querying AD accounts and email addresses I am able to pull my AD users account information successfully except for their email addresses. What am I doing wro... by Sotu Engager in Splunk Search 05-04-2024 0 2	0	2
How to map values in case statement? Hi All,I am using case statement to map values instead of other values. But i am not getting the values.I am getting ... by karthi2809 Builder in Splunk Search 05-03-2024 0 4	0	4
How to get latest transactionId ? Hi All,I am trying to get count of enabled and disabled from field. Then i want to show the field values based on lat... by karthi2809 Builder in Splunk Search 05-03-2024 0 11	0	11
How to transpose based on regex data to get the counts Hi, I am new to Splunk. I am trying to figure out how to extract count of errors per api calls made for each client. ... by kuul13 Explorer in Splunk Search 05-02-2024 0 1	0	1
skip first 10 lines of search results _raw=line 1line 2line 3line 4line 5line 6how to define another new field "copyofraw" to contain just line 5 and line... by guru333 Engager in Splunk Search 05-02-2024 0 7	0	7
Unable to view thawed data Hi, I'm testing thawing of some frozen data and it's not working. I have thawed some previously frozen data and am ex... by BARNEYRUDD Explorer in Splunk Search 05-02-2024 0 12	0	12
Subsearch in SPLUNK with the name of index Hello, I have a use case to get the index name from the field of one of the index/sourcetype and use that index name... by SplunkDash Motivator in Splunk Search 05-01-2024 0 6	0	6
Weighting events based on the source they originate from I have a summary index that pulls in normalized data from 2 different sources (entirely different applications that c... by mjones414 Contributor in Splunk Search 05-01-2024 0 2	0	2
Handling spaces in field values DescriptionHow can I produce a URL in an alert email that uses field values, either by in-line results or in the body... by Badger New Member in Splunk Search 05-01-2024 0 1	0	1
Correct Syntax for rex for a user I have a simple search index=xxxxx "User ID" and I need the correct syntax to get the actual username in the results.... by LizAndy123 Path Finder in Splunk Search 05-01-2024 0 1	0	1
Looking to query a domain account and find out the device it is logged into or running on I wrote a simple query to parse my Windows Event Security logs to look for a user account, however I am looking to ad... by Sotu Engager in Splunk Search 05-01-2024 0 2	0	2
Search for non ascii characters Is there any way to search for events which has any special characters? thanks in advance for any help. by bhupalbobbadi Path Finder in Splunk Search 05-01-2024 0 4	0	4
Does SOURCE_KEY have the same limitations as EXTRACT I'm working with a field named Match_Details.match.properties.user. It contains domain\user information that I'm try... by jwhughes58 Contributor in Splunk Search 04-30-2024 0 2	0	2
Permissions issue Executable for Splunk App Hi,I am facing a executable permission issue for the few scripts for a splunk app and seeing these errors on various ... by Roy_9 Motivator in Splunk Search 04-30-2024 0 5	0	5
Splunk queries Hi all,A query, can calculate http calls, success responses and error response. I need an addition to the query to g... by saidAb Explorer in Splunk Search 04-30-2024 0 10	0	10
role problem Hello, I'm having problems using roles.I use this search, which gives me results via the admin role. [search index="... by anissabnk Path Finder in Splunk Search 04-30-2024 0 1	0	1
Splunk alret Hello everyone,I am looking for a Splunk search query to get the duration time of three sequential response code 200.... by saidAb Explorer in Splunk Search 04-30-2024 0 9	0	9
Using regex to extract summary in raw data I have portion that I would like to use in report. "changes":{"description":{"before":"<some text or empt... by bigll Path Finder in Splunk Search 04-30-2024 0 4	0	4