Splunk Search

Community Activity

Best way to simulating or obtain an commonly data source into Splunk Enterprise for POCs. Hi All,I don't have many resource to build an ideal network environment to forward logs to Splunk. So, I'm seeking a ... by thanh_on Path Finder in Splunk Search 03-05-2024 0 5	0	5
difference between pipe summaryindex and collect Hello,1) What is the difference between using "\| summaryindex" and "\| collect"?Thank you for your help.Summaryindex i... by LearningGuy Motivator in Splunk Search 03-05-2024 0 9	0	9
Help me with the SPL Hi,Could some one pls help me the lateral movement which look for a user with remote NTLM (type 3) logins on an abno... by Akhanda Engager in Splunk Search 03-05-2024 0 4	0	4
Join fields with different field names and stats value? So, I have one source (transactions) with userNumber and another source (users) with number. I want to join both of t... by sumarri Path Finder in Splunk Search 03-05-2024 0 3	0	3
Time range panel issue Hi, I have created the dashboard with multiple panels. I have created the time range panel to be reflected as last 4 ... by Nagalakshmi Path Finder in Splunk Search 03-05-2024 0 2	0	2
Retrieving duration between two events with multiple end events Hello all,I'm trying to get a duration between the first "started" event, and the first "connected" event following s... by handosplunk2 Observer in Splunk Search 03-05-2024 0 4	0	4
Regex to extract a word after word and comma i have 2 requirements 1) From different events in need to extract the word after Interface and Comma. After Interfac... by dtccsundar Path Finder in Splunk Search 03-05-2024 0 1	0	1
REST Command for a list of Indexer apps I'm looking to run a \|rest command to return a list of apps, and app versions sent from the management node (i.e. ma... by Taylor323 New Member in Splunk Search 03-05-2024 0 0	0	0
TERM and PREFIX cannot find string with two dashes any ideas on TERM and PREFIX limitations with double dashes? cat /tmp/test.txt abc//xyz abc::xyz abc==xyz abc@@xyz a... by PavelP Motivator in Splunk Search 03-04-2024 1 17	1	17
Hidden Characters in a .csv datasource I am having a random issue where it seems characters are present in a field which cannot be seen.If you look in the r... by raysonjoberts Path Finder in Splunk Search 03-04-2024 0 2	0	2
How to extract Json object as field? Hi ,How to extract the fields from below json logs.Here we have fields like content.jobname and content.region .But i... by karthi2809 Builder in Splunk Search 03-04-2024 0 4	0	4
To extract string value using regex Hi Team,I want to extract the below field value, here the challenge is the error code 403 sometimes it will change."p... by parthiban Path Finder in Splunk Search 03-04-2024 0 3	0	3
Simple subtraction between two searches I have two very simple searches and I need to be able to get the difference. This is insanely hard for something that... by Fo Engager in Splunk Search 03-04-2024 0 3	0	3
SPL for adding /32 to all addresses returned in a search Hello,I am running a search that is returning IP addresses that are being sent to a waf (web access firewall). The w... by ptrsnk Explorer in Splunk Search 03-03-2024 0 4	0	4
Find variance between current hour value and avg value of same hour over last 2 weeks Hi,I have an search that is used on a dashboard that I would like tweaked.Currently this search/panel displays the va... by bryhoffman Explorer in Splunk Search 03-03-2024 1 6	1	6
join two indexes based on the date and the hour and try to match inside of minute We have logs in two different indexes. There is no common field other than the _time . The timestamp of the events i... by Jay2024 New Member in Splunk Search 03-03-2024 0 2	0	2
Comparing two different sources Hi Experts, I need to compare server lists from two different csv lookups and create a flag based on the comparison r... by Muthu_Vinith Path Finder in Splunk Search 03-03-2024 0 1	0	1
CIM Authentication data model Hello,I would like to know the aim of this default constraint :(`cim_Authentication_indexes`) tag=authentication NOT ... by splunkreal Motivator in Splunk Search 03-02-2024 0 2	0	2
Capabilities We want to provide few capabilities to the teamPresently team has a capability to create email alert.What capabilitie... by Ash1 Communicator in Splunk Search 03-01-2024 0 2	0	2
cidr match is not properly working Hi,Why my CIDR matching in not following the lookup content?Query i used is as below:\| makeresults\| eval ip="10.10.10... by syazwani Path Finder in Splunk Search 03-01-2024 0 2	0	2
Do time-based lookups work only after event-generating commands? Hi,I have a KV time-based lookup generated from DHCP logs with content like this:time,ip,hostname,mac 1709093697,10.2... by YuriSpirin Explorer in Splunk Search 03-01-2024 0 4	0	4
extract count of name value pairs from a json Hi, I have multiple events with the following JSON object. { "timeStamp": "2024-02-29T10:00:00.673Z", "collectionI... by mhdzabi New Member in Splunk Search 03-01-2024 0 3	0	3
removing more than one field value conditionally I am working on a query that lists hosts and their corresponding instances. My results look like the example below. I... by TaraAshley Engager in Splunk Search 03-01-2024 0 1	0	1
How to extract values from field and use it as column header Hello all, how do I retrieve the values from my search and insert in the same row, extracting the values from the fie... by egonstep Path Finder in Splunk Search 03-01-2024 0 9	0	9
Optimize Regex I am getting an error when using the following regex(?<=on\s)(.*)(?=\sby Firewall Settings)The error is "Error in 're... by secphilomath1 Explorer in Splunk Search 03-01-2024 0 2	0	2