Splunk Search

Community Activity

timechart stats creates extra row I am running the following query for a single 24 hour period. I was expecting a single summary row result. Not sure w... by marksheinbaum Explorer in Splunk Search 03-06-2024 0 3	0	3
Splunk Regex Field Extractions When writing regex, where in the regex string am I supposed to add the (?<new_field>) string ?I have included a sampl... by franciscoz1 Engager in Splunk Search 03-06-2024 0 2	0	2
Corn job Hi all, I set a corn job on alertmy alert should not trigger between 9pm to 7am I used below corn job but I am receiv... by Santosh2 Path Finder in Splunk Search 03-06-2024 0 11	0	11
Error in 'SearchParser': Missing a search command before '''. Error at position '264' of search query I configured a Macro name securemsg(1), I use this Marco in the following search:....\| eval log_info=_raw \| 'securems... by qhmassc Explorer in Splunk Search 03-06-2024 0 4	0	4
How to get the value of a field inside a matching object of a multivalue field I have a json that looks like this:{<!-- -->"Field1" : [{<!-- -->"id": 1234"name": "John"},{<!-- -->"id": 5678"name": "Mary""occupation": {<!-- -->"t... by junaedsa Engager in Splunk Search 03-06-2024 0 2	0	2
How to display timechart multivalues without colon? Hello,I have a set of Grade (Math, English, Science) data for Student1 and Student2 from 2/8/2024 to 3/1/2024How to ... by LearningGuy Motivator in Splunk Search 03-06-2024 0 2	0	2
Get multiple Fields in chart function So, I have a chart function that works perfectly!\| chart sum(transactionMade) over USERNUMBER by POSTDATEBut, I want ... by sumarri Path Finder in Splunk Search 03-06-2024 0 3	0	3
Unable to extract the Time stamp value from the message in splunk events. Please help me on this Hi Team,I am unable to extract the Timestamp value from the below message in splunk events using rex command and add ... by Renunaren Loves-to-Learn Everything in Splunk Search 03-06-2024 0 4	0	4
checking if all values from lookup exists Hey, im trying to do something relative easy and for some reason can't make it..i have a lookup named tableq_lookyp w... by dorHerbesman Path Finder in Splunk Search 03-05-2024 0 7	0	7
Use eval command to extract from message LogName=Application EventCode=1004 EventType=4 ComputerName=Test.local User=NOT_TRANSLATED Sid=S-1-5-21-2704069758-30... by jeradb Explorer in Splunk Search 03-05-2024 0 2	0	2
Splunk Search to list local User accounts Hi Splunk Community, I'm trying to list all splunk local users (authentication system = splunk) . The below search li... by iamsplunker Communicator in Splunk Search 03-05-2024 0 1	0	1
Macros not fetching data I have a lookup which has fields like account_name, account_owner, environment etc. this lookup has more than 1000+ d... by sinhashubham014 Engager in Splunk Search 03-05-2024 0 1	0	1
Retrieve data from website HOw to retrieve NPA and NXX from CNAC.ca using splunk query. by splunk6 Path Finder in Splunk Search 03-05-2024 0 1	0	1
Curl with dynamic url not working I am trying to make a curl request to a direct json link and fetch the result. When i hardcode the URL it works fine ... by palak_247 Observer in Splunk Search 03-05-2024 0 3	0	3
Split up multiline values I am trying to run the following search:index=tripwire LogCategory="Audit Event" AND "/etc/pki/rpm-gpg/RPM-GPG-KEY-sh... by secphilomath1 Explorer in Splunk Search 03-05-2024 0 3	0	3
Best way to simulating or obtain an commonly data source into Splunk Enterprise for POCs. Hi All,I don't have many resource to build an ideal network environment to forward logs to Splunk. So, I'm seeking a ... by thanh_on Path Finder in Splunk Search 03-05-2024 0 5	0	5
difference between pipe summaryindex and collect Hello,1) What is the difference between using "\| summaryindex" and "\| collect"?Thank you for your help.Summaryindex i... by LearningGuy Motivator in Splunk Search 03-05-2024 0 9	0	9
Help me with the SPL Hi,Could some one pls help me the lateral movement which look for a user with remote NTLM (type 3) logins on an abno... by Akhanda Engager in Splunk Search 03-05-2024 0 4	0	4
Join fields with different field names and stats value? So, I have one source (transactions) with userNumber and another source (users) with number. I want to join both of t... by sumarri Path Finder in Splunk Search 03-05-2024 0 3	0	3
Time range panel issue Hi, I have created the dashboard with multiple panels. I have created the time range panel to be reflected as last 4 ... by Nagalakshmi Path Finder in Splunk Search 03-05-2024 0 2	0	2
Retrieving duration between two events with multiple end events Hello all,I'm trying to get a duration between the first "started" event, and the first "connected" event following s... by handosplunk2 Observer in Splunk Search 03-05-2024 0 4	0	4
Regex to extract a word after word and comma i have 2 requirements 1) From different events in need to extract the word after Interface and Comma. After Interfac... by dtccsundar Path Finder in Splunk Search 03-05-2024 0 1	0	1
REST Command for a list of Indexer apps I'm looking to run a \|rest command to return a list of apps, and app versions sent from the management node (i.e. ma... by Taylor323 New Member in Splunk Search 03-05-2024 0 0	0	0
TERM and PREFIX cannot find string with two dashes any ideas on TERM and PREFIX limitations with double dashes? cat /tmp/test.txt abc//xyz abc::xyz abc==xyz abc@@xyz a... by PavelP Motivator in Splunk Search 03-04-2024 1 17	1	17
Hidden Characters in a .csv datasource I am having a random issue where it seems characters are present in a field which cannot be seen.If you look in the r... by raysonjoberts Path Finder in Splunk Search 03-04-2024 0 2	0	2