Splunk Search

Community Activity

Create table with sums for columns Hi, we have a log that contains the amount of times any specific message has been sent by the user in every session. ... by RubenAcon Loves-to-Learn in Splunk Search 03-07-2024 0 3	0	3
How to assign search_now value with info_max_time in _raw? Hello,How to assign search_now value with info_max_time in _raw?I am trying to push "past" data using collect command... by LearningGuy Motivator in Splunk Search 03-07-2024 0 1	0	1
Can you regex or wildcard props Sourcetype stanzas? Still haven't seen an official answer to this. Source and host can use regex patterns, but sourcetypes cannot. Even a... by thisissplunk Builder in Splunk Search 03-07-2024 4 14	4	14
Panel based on dropdown value Hi Experts,I am encountering an issue with using filter tokens in specific row on my dashboard. I have two filters n... by Muthu_Vinith Path Finder in Splunk Search 03-07-2024 0 3	0	3
Simple eventstats field is always blank I have a relatively simple query that counts HTTP 404 events in IIS logs. I wanted to sort them according to which ho... by mv10 Path Finder in Splunk Search 03-07-2024 0 2	0	2
dashboard SLA time calculation I have two different queries, one calculates total critical alerts and the second one calculates total time critical ... by dm2 Explorer in Splunk Search 03-07-2024 0 3	0	3
correlation data from same index different soucetype I have the index=fortigate and there are two sourcetypes ("fgt_event" and "fgt_traffic").index=fortigate sourcetype=f... by Symon Explorer in Splunk Search 03-07-2024 0 1	0	1
ARP Spoof attack evidence Hello everyone. I experienced a cyberattack on my computer, and the Avast Firewall detected and alerted me to pop-up ... by dklk New Member in Splunk Search 03-07-2024 0 0	0	0
What is the best way to rename timechart columns? I have a simple timechart query index = netflow flow_dir= 0 \|timechart sum(bytes) by src_ip I'm wondering how I wo... by jankowsr Path Finder in Splunk Search 03-06-2024 1 7	1	7
DECRYPT2 - Splunk Email Alert Using the DECRYPT2 app, I have a search that uses the decrypt command to decode a encoded string. It returns results ... by shadowlu Loves-to-Learn Lots in Splunk Search 03-06-2024 0 3	0	3
timechart stats creates extra row I am running the following query for a single 24 hour period. I was expecting a single summary row result. Not sure w... by marksheinbaum Explorer in Splunk Search 03-06-2024 0 3	0	3
Splunk Regex Field Extractions When writing regex, where in the regex string am I supposed to add the (?<new_field>) string ?I have included a sampl... by franciscoz1 Engager in Splunk Search 03-06-2024 0 2	0	2
Corn job Hi all, I set a corn job on alertmy alert should not trigger between 9pm to 7am I used below corn job but I am receiv... by Santosh2 Path Finder in Splunk Search 03-06-2024 0 11	0	11
Error in 'SearchParser': Missing a search command before '''. Error at position '264' of search query I configured a Macro name securemsg(1), I use this Marco in the following search:....\| eval log_info=_raw \| 'securems... by qhmassc Explorer in Splunk Search 03-06-2024 0 4	0	4
How to get the value of a field inside a matching object of a multivalue field I have a json that looks like this:{<!-- -->"Field1" : [{<!-- -->"id": 1234"name": "John"},{<!-- -->"id": 5678"name": "Mary""occupation": {<!-- -->"t... by junaedsa Engager in Splunk Search 03-06-2024 0 2	0	2
How to display timechart multivalues without colon? Hello,I have a set of Grade (Math, English, Science) data for Student1 and Student2 from 2/8/2024 to 3/1/2024How to ... by LearningGuy Motivator in Splunk Search 03-06-2024 0 2	0	2
Get multiple Fields in chart function So, I have a chart function that works perfectly!\| chart sum(transactionMade) over USERNUMBER by POSTDATEBut, I want ... by sumarri Path Finder in Splunk Search 03-06-2024 0 3	0	3
Unable to extract the Time stamp value from the message in splunk events. Please help me on this Hi Team,I am unable to extract the Timestamp value from the below message in splunk events using rex command and add ... by Renunaren Loves-to-Learn Everything in Splunk Search 03-06-2024 0 4	0	4
checking if all values from lookup exists Hey, im trying to do something relative easy and for some reason can't make it..i have a lookup named tableq_lookyp w... by dorHerbesman Path Finder in Splunk Search 03-05-2024 0 7	0	7
Use eval command to extract from message LogName=Application EventCode=1004 EventType=4 ComputerName=Test.local User=NOT_TRANSLATED Sid=S-1-5-21-2704069758-30... by jeradb Explorer in Splunk Search 03-05-2024 0 2	0	2
Splunk Search to list local User accounts Hi Splunk Community, I'm trying to list all splunk local users (authentication system = splunk) . The below search li... by iamsplunker Communicator in Splunk Search 03-05-2024 0 1	0	1
Macros not fetching data I have a lookup which has fields like account_name, account_owner, environment etc. this lookup has more than 1000+ d... by sinhashubham014 Engager in Splunk Search 03-05-2024 0 1	0	1
Retrieve data from website HOw to retrieve NPA and NXX from CNAC.ca using splunk query. by splunk6 Path Finder in Splunk Search 03-05-2024 0 1	0	1
Curl with dynamic url not working I am trying to make a curl request to a direct json link and fetch the result. When i hardcode the URL it works fine ... by palak_247 Observer in Splunk Search 03-05-2024 0 3	0	3
Split up multiline values I am trying to run the following search:index=tripwire LogCategory="Audit Event" AND "/etc/pki/rpm-gpg/RPM-GPG-KEY-sh... by secphilomath1 Explorer in Splunk Search 03-05-2024 0 3	0	3