Splunk Search

Community Activity

Firewall Log: How to send API calls to abuseIPDB and deal with results in splunk to get threat score? Hi there, I have been dealing with Splunk for two weeks now. My intention was to make firewall drops from an Unifi Se... by hauwech Engager in Splunk Search 06-26-2019 1 2	1	2
How to compare two fields from two different searches and display results with matches and mis-matches? I am running 2 different searches and have to compare the each value in one field with the values in the other field.... by hasham19833 Loves-to-Learn Lots in Splunk Search 06-25-2019 0 6	0	6
Why are special characters replaced with UTF-8 after exporting table to CSV? Hi all, When uploading a .csv file to Splunk, utf-8 is selected as the encoding type. Special characters look fine wh... by dojiepreji Path Finder in Splunk Search 06-25-2019 0 1	0	1
How to count the distinct list values My results look like these: V1 V2 A X Y Z Z X Y Y B X X X Y Z Z X Y Y V2 IS A LIST. I want to add V3 c... by reverse Contributor in Splunk Search 06-25-2019 0 7	0	7
Help writing a condition for taking out average Hi all, I need help in taking out “avg(“Participant”)” that is using calldevice1. I need to write a condition here... by splunkuseradmin Path Finder in Splunk Search 06-25-2019 0 1	0	1
How do I write the regex to extract a DNS domain field from my sample data? Hi : I need help extracting the domain IP address for the DNS logs. The automatic field extractor does not work in m... by OMohi Path Finder in Splunk Search 06-25-2019 0 9	0	9
What's ops.json in etc/system/replication? Hi, we removed some roles and checked on file level where these roles still have a reference. We found the file splu... by tfechner Path Finder in Splunk Search 06-25-2019 0 7	0	7
Cannot perform action "POST" without a target name Python Hello all, I am running python 3.4.9 on CentOS 7. The issue I am having is with the following python script: from y... by haraksin Communicator in Splunk Search 06-25-2019 0 4	0	4
Monitoring Critical Device Logging We are looking to take an enterprise level approach on the monitoring of critical device logging. We have a list of ... by antb Path Finder in Splunk Search 06-25-2019 0 3	0	3
How to remove this signal "-" and "OTHER" in results of a timechart? Hi Splunkers, I have this search bellow: index=br_activedirectory_microsoft EventCode=4624 Account_Domain=AGBANESPA ... by lucasdc New Member in Splunk Search 06-25-2019 0 4	0	4
tstats command help required for CIDR Hello Everyone, I am writing a query using tstats command need to use the CIDR values . Below is the example. \| tst... by sumitkathpal Explorer in Splunk Search 06-25-2019 0 3	0	3
Geom command receiving error: Error in 'SearchOperator:Geom': could not resolve I can't seem to get Splunk to run the search necessary to create a choropleth map. Here is my search: index="main" h... by jrfreeze Explorer in Splunk Search 06-25-2019 0 1	0	1
Search not producing event types Hello. I am trying to get interactive logon logs for all workstations in an organization. The event code for this log... by insomniacnerd94 Explorer in Splunk Search 06-25-2019 0 2	0	2
How to include "-" in between a field value? I have a field lastrundate which has values 20190623 , 20190624 , 20190626. I want to include an "-" in between the... by vrmandadi Builder in Splunk Search 06-25-2019 0 2	0	2
eventstats into multi-value list limit of max values Is there a limit of max values in a multi-value field listSummary for \| eventstats list(variable) as listSummary b... by wfskmoney Path Finder in Splunk Search 06-25-2019 0 6	0	6
How to recreate a bar chart using values over a time period showing duration, start times, and stop times using the chart command? I am attempting to recreate a bar chart based on a start and stop time by workloads. Can anyone help me with the \| ... by thefakemike New Member in Splunk Search 06-25-2019 0 0	0	0
Test props and transforms from Splunk UI In Splunk when we add data via uploading file it gives UI to add and verify props.conf properties there, like timesta... by VatsalJagani SplunkTrust in Splunk Search 06-25-2019 0 5	0	5
How to use multiple saved searches for a single table Hi, We are using a table in our dashboard and its output is based on multiple saved search. How can I run multiple s... by AKG1_old1 Builder in Splunk Search 06-25-2019 0 2	0	2
Sample command limitations I noticed sample command in Splunk is limited in how many parameters can be used at the same time: https://docs.splun... by cosminstefanmar Explorer in Splunk Search 06-25-2019 2 9	2	9
How to group two field values into separate fields? I am working with data that is shared/backed up by two separate hosts. Each userID is linked to two hosts. When there... by bofasplunkguy Explorer in Splunk Search 06-25-2019 0 0	0	0
Two searches using three indexes with different fields I have this search below: index=BI_1 sourcetype=jobs_info fieldJ IN (Flamengo) \| search index=BI_2 sourcetype=tel_d... by nsantiago17 Explorer in Splunk Search 06-25-2019 0 4	0	4
Testing mmdb file in Splunk is there a command recommendation for risk scoring? I am currently attempting to test the GeoIP2-Anonymous-IP.mmdb file out in Splunk. I know we can either place it in ... by jjoh277 Engager in Splunk Search 06-25-2019 0 0	0	0
Using field option in join command If I get a search like below: index="main" ~~~~~ \| table _time value code \| join type=outer [search index="main" ~~~... by tkdguq0110 Path Finder in Splunk Search 06-25-2019 0 3	0	3
Is there a way to group apps in Splunk deployment? We have started to use the Splunk Deployment within in our infrastructure and I was wondering if there's a way (inclu... by d3ag0s Engager in Splunk Search 06-25-2019 0 2	0	2
Why is "�" character found in field values after uploading CSV file and indexing? Hi, After uploading csv file and indexing, I found out that most, if not all of my special characters becomes "�" wh... by dojiepreji Path Finder in Splunk Search 06-25-2019 0 3	0	3