Splunk Search

Community Activity

	join two indexes based on the date and the hour and try to match inside of minute We have logs in two different indexes. There is no common field other than the _time . The timestamp of the events i... by Jay2024 New Member in Splunk Search 03-03-2024 0 2	0	2
	Comparing two different sources Hi Experts, I need to compare server lists from two different csv lookups and create a flag based on the comparison r... by Muthu_Vinith Path Finder in Splunk Search 03-03-2024 0 1	0	1
	CIM Authentication data model Hello,I would like to know the aim of this default constraint :(`cim_Authentication_indexes`) tag=authentication NOT ... by splunkreal Motivator in Splunk Search 03-02-2024 0 2	0	2
	Capabilities We want to provide few capabilities to the teamPresently team has a capability to create email alert.What capabilitie... by Ash1 Communicator in Splunk Search 03-01-2024 0 2	0	2
	cidr match is not properly working Hi,Why my CIDR matching in not following the lookup content?Query i used is as below:\| makeresults\| eval ip="10.10.10... by syazwani Path Finder in Splunk Search 03-01-2024 0 2	0	2
	Do time-based lookups work only after event-generating commands? Hi,I have a KV time-based lookup generated from DHCP logs with content like this:time,ip,hostname,mac 1709093697,10.2... by YuriSpirin Explorer in Splunk Search 03-01-2024 0 4	0	4
	extract count of name value pairs from a json Hi, I have multiple events with the following JSON object. { "timeStamp": "2024-02-29T10:00:00.673Z", "collectionI... by mhdzabi New Member in Splunk Search 03-01-2024 0 3	0	3
	removing more than one field value conditionally I am working on a query that lists hosts and their corresponding instances. My results look like the example below. I... by TaraAshley Engager in Splunk Search 03-01-2024 0 1	0	1
	How to extract values from field and use it as column header Hello all, how do I retrieve the values from my search and insert in the same row, extracting the values from the fie... by egonstep Path Finder in Splunk Search 03-01-2024 0 9	0	9
	Optimize Regex I am getting an error when using the following regex(?<=on\s)(.*)(?=\sby Firewall Settings)The error is "Error in 're... by secphilomath1 Explorer in Splunk Search 03-01-2024 0 2	0	2
	Calculate the number of events that occur between two other time values in each event. Really struggling with this one, so looking for a hero to come along with a solution!I have an index of flight data. ... by ALXWBR Path Finder in Splunk Search 03-01-2024 0 7	0	7
	Search help Hi,In a table, I am looking to get a field value from previous available value in case its null.In below screenshot, ... by AKG11 Path Finder in Splunk Search 03-01-2024 0 1	0	1
	Add associated domain to values of dest_ip I have a query that gets a list of destination ips per source ip. I also want to add a column for the associated doma... by yoshileigh66 Explorer in Splunk Search 03-01-2024 0 2	0	2
	How to get events that have only a starting 'string' with no ending 'string' ? What I am trying to write is some SPL code that will identify log events that only have a "Starting" event with no "C... by sjringo Contributor in Splunk Search 03-01-2024 0 3	0	3
	Extract date and time Hello Team,I need help in extracting the following date and time from the log,sample log: -0900, 04.25.01 THU 22FEB24... by Devi13 Path Finder in Splunk Search 03-01-2024 0 7	0	7
	Graph the difference between the totals of 2 search calculations Dear SPLUNKos I need to create a time chart as per the belowRun one “grand total” searchRun second search which is a ... by GClef New Member in Splunk Search 02-29-2024 0 6	0	6
	Not getting results to lookup command Hi,Need your assistance belowWe have created new csv lookup and we are using the below query but we are getting all ... by Nagalakshmi Path Finder in Splunk Search 02-29-2024 0 3	0	3
	New install- why doesn't search work? I have installed my first splunk enterprise on a linux server and installed forwarders on windows workstations using ... by skrampachspl Loves-to-Learn Lots in Splunk Search 02-29-2024 0 8	0	8
	Need to create a pie chart out of a table Hi All, I have got logs like below:Log1: </tr> <tr> <td >Apple</td> <td >59</td> <td >7</td> Log2: </tr> <tr> <td >S... by Mrig342 Contributor in Splunk Search 02-29-2024 0 1	0	1
	how to pass the time range to input text fields for search data, when i select the time range through input=time if select 24 hours in time filter, is there any automatic way to pass the 24hrs time rage to start date and end date?... by Dattasri Loves-to-Learn in Splunk Search 02-28-2024 0 1	0	1
	How to get sum of all columns into a new column? Hi I need to do a sum of all columns into new column EVNT COL1 COL2 COL3 SUM 1 22 22 22 66 2 ... by paullt12345 Explorer in Splunk Search 02-28-2024 0 5	0	5
	Passing lookup value to search I have users.csv as a lookup file with almost 20K users. I'm writing a query for authentication events for a specifi... by atul9771 Engager in Splunk Search 02-28-2024 0 4	0	4
	Extract and/or add numbers from a string I have string field:provTimes: a=10; b=15; c=10;it basically has semicolon separated sub-fields in the value. Each su... by apoorvaaccount New Member in Splunk Search 02-28-2024 0 2	0	2
	Converting Splunk Curl API to Windows Powershell I have a working script that allows me to retrieve the job ID of a search in Splunk. This is working in Windows usin... by qcjacobo2577 Path Finder in Splunk Search 02-28-2024 0 3	0	3
	Log alerts - Alert that tell when a log source stops sending logs to Splunk I'm trying to build an alert that looks at the number of logs from the past three days and then compares it to the nu... by BTB Explorer in Splunk Search 02-28-2024 0 9	0	9