Splunk Search

Community Activity

How to create a base search that retains multiple regex fields? I have a dashboard that is built from 3 different searches. They all come from the same data so I would like to turn... by kmaron Motivator in Splunk Search 03-22-2024 1 13	1	13
multiple Case conditions? Hi,I am using multiple case conditions but the condition is not matching. In the third line of the code used AND cond... by karthi2809 Builder in Splunk Search 03-22-2024 0 6	0	6
How to use stats in multiple Condition and fields ? Hi Guys,I am trying fetch details using stats.In this query I am trying get status from the below conditions and when... by karthi2809 Builder in Splunk Search 03-22-2024 0 2	0	2
Dividing combined value into separate values Currently, I have a table that looks like this:Table1Hostname Vendor Product Version----------... by psomeshwar Path Finder in Splunk Search 03-22-2024 0 6	0	6
Lateral movement search needed Hi, I need an help with my windows security logs how we can create the lateral movement use case by AL3Z Builder in Splunk Search 03-21-2024 0 1	0	1
Log searching Splunk I am searching some logs in an application for the last 24 hours (or any time range the user has selected). Is it pos... by av_ Path Finder in Splunk Search 03-21-2024 0 4	0	4
Issue using rex to replace string Hello world,I'm trying to use rex to rename the part of the strings below where it says "g0" to "GRN". So the output ... by Scharf Explorer in Splunk Search 03-21-2024 0 5	0	5
Setting a date range as a field for the chargeback app I have a question regarding how to properly extract the time ranges between the Events to use as a field value for a ... by Abass42 Communicator in Splunk Search 03-21-2024 0 1	0	1
Collect command with federated searches I have a use case where I'm trying to collect events from a federated search. I can run and search results using the ... by MJAITEH Engager in Splunk Search 03-21-2024 1 0	1	0
How to exclude field values in the query? Hi Guys,I am try to exclude field value . need to exclude message=""API:START: /v1/Journals_outbound" index="mulesof... by karthi2809 Builder in Splunk Search 03-21-2024 0 1	0	1
mutiple search Hello everyone, i need solution for this.my data :userID=text123 , login_time="2024-03-21 08:04:42.201000", ip_addr=1... by riposans Explorer in Splunk Search 03-20-2024 0 1	0	1
Facing issue with my Serach Hello All, Below is my alert script, and I dont want to have any alerts during night 11:50 to 00:25 midnight, however... by Amit79 Loves-to-Learn Everything in Splunk Search 03-20-2024 0 2	0	2
Where field count is less than, but not stats count by I run a Splunk query to see events from my web application firewall. I filter out certain violations by name, using a... by LatchJohnson Explorer in Splunk Search 03-20-2024 0 5	0	5
Filtering a weekly timewrap timechart by a specific time window each day. I have the following query that gives me week-over-week comparisons for the past month: index="myIndex" earliest=-1mo... by jbrenner Path Finder in Splunk Search 03-20-2024 0 1	0	1
Streamed Search Execute Failed Because: Error in 'lookup' command Good morning, I am having issues with admon and running into this error: Streamed Search Execute Failed Because: Erro... by JoshuaJJ Path Finder in Splunk Search 03-20-2024 0 1	0	1
Date difference in months on my search index=raw_fe5_autsust Aplicacao=HUB Endpoint="*/" \| eval RefUser=if(Mes!="", Mes, substr("0" + tostring... by vinihei_987 New Member in Splunk Search 03-20-2024 0 1	0	1
Prevent users from table sorting (when clicking on its headers) The question is really simple, not that sure about the answer though. I'm using Splunk 5.0.6 + Advanced XML panels to... by kikexclusive Path Finder in Splunk Search 03-20-2024 1 7	1	7
Display only weekdays in Time chart Hi,Is it possible to display only weekdays in Time chart ? PS: I am not looking to discard the data for weekend. Just... by AKG11 Path Finder in Splunk Search 03-20-2024 0 1	0	1
Syntax/use of subsearches I have a query …index=blah "BAD_REQUEST" \| rex "(?i) requestId (?P<requestId>[^:]+)" \| table requestId \| dedup reques... by Mick_OBrien Path Finder in Splunk Search 03-20-2024 0 9	0	9
How to search based on variable? \| search no = variable Hello,How to search based on variable? If select contains "many", then search no IN (1 to 30), else search NO 7\| e... by LearningGuy Motivator in Splunk Search 03-20-2024 0 5	0	5
Dedup within span Hi!I have an issue with a query and the dedup command. \| eval service=case( (method="GET" AND match(uri, "/v1/[a-zA-... by erkin Engager in Splunk Search 03-20-2024 0 1	0	1
Dedup is not working with mstats We are streaming Dynatrace metric data into Splunk, for some reason we are seeing duplicate 'MessageDeduplicationId'.... by sabari80 Explorer in Splunk Search 03-20-2024 0 3	0	3
How to extract fields from a json in _raw? I have an application which logs data in the following form:2023-06-30T12:21:08Z DEBUG scalehandler Getting metrics f... by Adisharma Engager in Splunk Search 03-20-2024 0 3	0	3
How to filter out a specific phrase in a Splunk search I'm trying to search for a specific phrase with the search below but I only want result1, not result2. The issue here... by frodelauka Observer in Splunk Search 03-20-2024 0 4	0	4
changing addtime=false on scheduled summary index - advanced edit has no effect Hello,Why does changing addtime=false on scheduled summary index - advanced edit has no effect?Thank you for your hel... by LearningGuy Motivator in Splunk Search 03-20-2024 0 1	0	1