Splunk Search

Community Activity

How to show threat names in field1 and not in field2? I have 2 different fields that both contain threat names. I want to show which of the threat name are in field1 and n... by mcohen13 Loves-to-Learn in Splunk Search 03-26-2019 0 15	0	15
How to list out all users who access a particular IP? How to search all users who access a particular domain/ip I have a list of source ips and i wish to find users who a... by kuki_junior New Member in Splunk Search 03-26-2019 0 1	0	1
How do you fetch JSON embedded in plain text logs using regex or spath? I have been running into a problem where I need to fetch the value from JSON data in the log. I am aware of spath bu... by maulikdesai21 Engager in Splunk Search 03-25-2019 0 3	0	3
How to extract multiple field values for a field from single log event and cross check with the data from a file? Hi All , Good Day My log will generate 2 types of log events 1)tid and mid in single log event 2)multiple field va... by raj_mpl Path Finder in Splunk Search 03-25-2019 0 4	0	4
Splunk search for failed count percentage out of total of each event Hi, I need help in creating one query. There is one field "Operator" having multiple values like airphone,bphone,vsph... by sahil237888 Path Finder in Splunk Search 03-25-2019 0 4	0	4
search cidr without using "src_ip OR dest_ip"? Is there a way to search a cidr notation without using "src_ip OR dest_ip"? I have a bunch of ips i want to search f... by jpreis New Member in Splunk Search 03-25-2019 0 1	0	1
stats count not working Hi, I am trying to get a table type of alerting but I am not getting the output index = ops host = Srxxxx sourcet... by dbashyam Explorer in Splunk Search 03-25-2019 0 2	0	2
Schema Accelerated Event Search performance I am super stoked about the potential of Schema Accelerated Event Searches- might be one of the best improvements i'v... by awmorris Path Finder in Splunk Search 03-25-2019 1 8	1	8
Perform a join where the timeframes are different In my data, events can have children. There is data in those events that I would want to associate with the parent ev... by swangertyler Path Finder in Splunk Search 03-25-2019 0 4	0	4
How to get the latest name from the data? Hi, index=os sourcetype=Service status=* (Group="Data" OR Group="Secur") AND (Section="Local" OR Section="data heal... by ramesh12345 Explorer in Splunk Search 03-25-2019 0 1	0	1
Column chart based on field value, without everything being the "count" field Currently having a hard time figuring out how to create a column chart where the field values show up in the side, so... by jwiley_splunk Splunk Employee in Splunk Search 03-25-2019 0 4	0	4
Regex field extraction I am having trouble with field extraction. I have a regex which works in a pcre regex tester but when I attempt to us... by saulverde Path Finder in Splunk Search 03-25-2019 0 2	0	2
How do you compare two multivalue fields and get the result in one number (the difference)? I am trying to compare multivalue fields, but I cannot figure out how to do it correctly? Here is the original query... by javanue New Member in Splunk Search 03-25-2019 0 1	0	1
How to change charting.fieldColors through JS of already rendered chart? Hi, does anyone know how can I change fieldColors after chart was rendered? Thing is that we have two different visu... by seva98 Path Finder in Splunk Search 03-25-2019 0 2	0	2
Converting unique IDs into chart column names Hi All This is my second SOS this week as I get acquainted with Splunk. I've exhausted all possibilities trying to s... by jimmymccauley Explorer in Splunk Search 03-25-2019 0 4	0	4
Optimizing a search in splunk Hi, I am trying to do a search which basically generates measures based on the value of a field such as X: search ... by gimbil Explorer in Splunk Search 03-25-2019 0 4	0	4
How do you trim a value in a field with a proper format? I have a field FQ with the value as "ServerName.domain.com" I want to get only the server name in another field. Pl... by veerendra_modi Loves-to-Learn in Splunk Search 03-25-2019 0 2	0	2
help on stats count by command hello I use the search below in order to do a total count by OS and by build It mean that it counts only events whic... by jip31 Motivator in Splunk Search 03-25-2019 0 2	0	2
How can I remove one of event from transaction result Recently i create a transaction search, command and result a per below Search command: search \| transaction Session... by henrysoon80 New Member in Splunk Search 03-25-2019 0 5	0	5
Can you help me with an issue writing query and chart? Hi, I am facing an issue in writing a query. Example: Let's assume I have 2 groups such as : 1)Group 1 has user... by su_kumar New Member in Splunk Search 03-24-2019 0 1	0	1
exclude multiple subnets from search I have a list of subnets that I want to exlude from search. below isthe search \| search NOT cidrmatch("xx.xx.... by rashid47010 Communicator in Splunk Search 03-24-2019 0 1	0	1
What exactly does the ttl mechanism do? Sorry, but I don't understand how ttl is used and the reason for this design paradigm. Any ideas? by ddrillic Ultra Champion in Splunk Search 03-23-2019 0 10	0	10
I want to receive multiple search results on webhook I would like to send search result from my report schedule to my API via webhook. We were able to retrieve one search... by masakatsu Engager in Splunk Search 03-23-2019 1 1	1	1
How do you get a count on the latest status of Jira tickets? Hi, I want to get a count on tickets with the latest status of "In Progress". An example of the data set is below: ... by cpboothe New Member in Splunk Search 03-23-2019 0 2	0	2
assign transaction values to different variables Hi, i am running a search that will look for failed authentication attempts of a user within a 1 minute window and ge... by mpasha Path Finder in Splunk Search 03-22-2019 0 0	0	0