Splunk Search

Community Activity

Can you regex or wildcard props Sourcetype stanzas? Still haven't seen an official answer to this. Source and host can use regex patterns, but sourcetypes cannot. Even a... by thisissplunk Builder in Splunk Search 03-07-2024 4 14	4	14
Panel based on dropdown value Hi Experts,I am encountering an issue with using filter tokens in specific row on my dashboard. I have two filters n... by Muthu_Vinith Path Finder in Splunk Search 03-07-2024 0 3	0	3
Simple eventstats field is always blank I have a relatively simple query that counts HTTP 404 events in IIS logs. I wanted to sort them according to which ho... by mv10 Path Finder in Splunk Search 03-07-2024 0 2	0	2
dashboard SLA time calculation I have two different queries, one calculates total critical alerts and the second one calculates total time critical ... by dm2 Explorer in Splunk Search 03-07-2024 0 3	0	3
correlation data from same index different soucetype I have the index=fortigate and there are two sourcetypes ("fgt_event" and "fgt_traffic").index=fortigate sourcetype=f... by Symon Explorer in Splunk Search 03-07-2024 0 1	0	1
ARP Spoof attack evidence Hello everyone. I experienced a cyberattack on my computer, and the Avast Firewall detected and alerted me to pop-up ... by dklk New Member in Splunk Search 03-07-2024 0 0	0	0
What is the best way to rename timechart columns? I have a simple timechart query index = netflow flow_dir= 0 \|timechart sum(bytes) by src_ip I'm wondering how I wo... by jankowsr Path Finder in Splunk Search 03-06-2024 1 7	1	7
DECRYPT2 - Splunk Email Alert Using the DECRYPT2 app, I have a search that uses the decrypt command to decode a encoded string. It returns results ... by shadowlu Loves-to-Learn Lots in Splunk Search 03-06-2024 0 3	0	3
timechart stats creates extra row I am running the following query for a single 24 hour period. I was expecting a single summary row result. Not sure w... by marksheinbaum Explorer in Splunk Search 03-06-2024 0 3	0	3
Splunk Regex Field Extractions When writing regex, where in the regex string am I supposed to add the (?<new_field>) string ?I have included a sampl... by franciscoz1 Engager in Splunk Search 03-06-2024 0 2	0	2
Corn job Hi all, I set a corn job on alertmy alert should not trigger between 9pm to 7am I used below corn job but I am receiv... by Santosh2 Path Finder in Splunk Search 03-06-2024 0 11	0	11
Error in 'SearchParser': Missing a search command before '''. Error at position '264' of search query I configured a Macro name securemsg(1), I use this Marco in the following search:....\| eval log_info=_raw \| 'securems... by qhmassc Explorer in Splunk Search 03-06-2024 0 4	0	4
How to get the value of a field inside a matching object of a multivalue field I have a json that looks like this:{<!-- -->"Field1" : [{<!-- -->"id": 1234"name": "John"},{<!-- -->"id": 5678"name": "Mary""occupation": {<!-- -->"t... by junaedsa Engager in Splunk Search 03-06-2024 0 2	0	2
How to display timechart multivalues without colon? Hello,I have a set of Grade (Math, English, Science) data for Student1 and Student2 from 2/8/2024 to 3/1/2024How to ... by LearningGuy Motivator in Splunk Search 03-06-2024 0 2	0	2
Get multiple Fields in chart function So, I have a chart function that works perfectly!\| chart sum(transactionMade) over USERNUMBER by POSTDATEBut, I want ... by sumarri Path Finder in Splunk Search 03-06-2024 0 3	0	3
Unable to extract the Time stamp value from the message in splunk events. Please help me on this Hi Team,I am unable to extract the Timestamp value from the below message in splunk events using rex command and add ... by Renunaren Loves-to-Learn Everything in Splunk Search 03-06-2024 0 4	0	4
checking if all values from lookup exists Hey, im trying to do something relative easy and for some reason can't make it..i have a lookup named tableq_lookyp w... by dorHerbesman Path Finder in Splunk Search 03-05-2024 0 7	0	7
Use eval command to extract from message LogName=Application EventCode=1004 EventType=4 ComputerName=Test.local User=NOT_TRANSLATED Sid=S-1-5-21-2704069758-30... by jeradb Explorer in Splunk Search 03-05-2024 0 2	0	2
Splunk Search to list local User accounts Hi Splunk Community, I'm trying to list all splunk local users (authentication system = splunk) . The below search li... by iamsplunker Communicator in Splunk Search 03-05-2024 0 1	0	1
Macros not fetching data I have a lookup which has fields like account_name, account_owner, environment etc. this lookup has more than 1000+ d... by sinhashubham014 Engager in Splunk Search 03-05-2024 0 1	0	1
Retrieve data from website HOw to retrieve NPA and NXX from CNAC.ca using splunk query. by splunk6 Path Finder in Splunk Search 03-05-2024 0 1	0	1
Curl with dynamic url not working I am trying to make a curl request to a direct json link and fetch the result. When i hardcode the URL it works fine ... by palak_247 Observer in Splunk Search 03-05-2024 0 3	0	3
Split up multiline values I am trying to run the following search:index=tripwire LogCategory="Audit Event" AND "/etc/pki/rpm-gpg/RPM-GPG-KEY-sh... by secphilomath1 Explorer in Splunk Search 03-05-2024 0 3	0	3
Best way to simulating or obtain an commonly data source into Splunk Enterprise for POCs. Hi All,I don't have many resource to build an ideal network environment to forward logs to Splunk. So, I'm seeking a ... by thanh_on Path Finder in Splunk Search 03-05-2024 0 5	0	5
difference between pipe summaryindex and collect Hello,1) What is the difference between using "\| summaryindex" and "\| collect"?Thank you for your help.Summaryindex i... by LearningGuy Motivator in Splunk Search 03-05-2024 0 9	0	9