Splunk Search

Community Activity

Events field is blank for first time query Hi, I got one weird problem that when I run query in splunk, there're events found, but the Event log field is always... by foxwu New Member in Splunk Search 03-08-2024 0 1	0	1
DISPATCHCOMM:PEER_PIPE_EXCEPTION__%s message=Search results might be incomplete: the search process on the peer Hello Splunk team...I am facing this issue while we run any searches on my splunk setup., can you help me on how we c... by HarishSamudrala Loves-to-Learn in Splunk Search 03-08-2024 0 2	0	2
ASUS Router Query Super Thread Since I cannot find much on querying ASUS router syslogs, and I am completely new to Splunk, I thought I'd start a th... by ChocolateRocket Explorer in Splunk Search 03-08-2024 0 8	0	8
Join two sources via common field to grab another field w/ multiple matches Hi,Been trying to connect/join two log sources which have fields that share the same values.To break it down:source_1... by yumeina Loves-to-Learn Everything in Splunk Search 03-08-2024 0 8	0	8
error Could not find an entitlement based on your selections, please contact support Hi I'm facing an issue with creating a support ticket. I'm on enterprise version for a company that has support accou... by molko13 New Member in Splunk Search 03-08-2024 0 3	0	3
how to use specific start date in weekly timechart? Hello,How to use specific start date in weekly timechart?For example: I have a set of Grade (Math, English, Science) ... by LearningGuy Motivator in Splunk Search 03-07-2024 0 11	0	11
Create table with sums for columns Hi, we have a log that contains the amount of times any specific message has been sent by the user in every session. ... by RubenAcon Loves-to-Learn in Splunk Search 03-07-2024 0 3	0	3
How to assign search_now value with info_max_time in _raw? Hello,How to assign search_now value with info_max_time in _raw?I am trying to push "past" data using collect command... by LearningGuy Motivator in Splunk Search 03-07-2024 0 1	0	1
Can you regex or wildcard props Sourcetype stanzas? Still haven't seen an official answer to this. Source and host can use regex patterns, but sourcetypes cannot. Even a... by thisissplunk Builder in Splunk Search 03-07-2024 4 14	4	14
Panel based on dropdown value Hi Experts,I am encountering an issue with using filter tokens in specific row on my dashboard. I have two filters n... by Muthu_Vinith Path Finder in Splunk Search 03-07-2024 0 3	0	3
Simple eventstats field is always blank I have a relatively simple query that counts HTTP 404 events in IIS logs. I wanted to sort them according to which ho... by mv10 Path Finder in Splunk Search 03-07-2024 0 2	0	2
dashboard SLA time calculation I have two different queries, one calculates total critical alerts and the second one calculates total time critical ... by dm2 Explorer in Splunk Search 03-07-2024 0 3	0	3
correlation data from same index different soucetype I have the index=fortigate and there are two sourcetypes ("fgt_event" and "fgt_traffic").index=fortigate sourcetype=f... by Symon Explorer in Splunk Search 03-07-2024 0 1	0	1
ARP Spoof attack evidence Hello everyone. I experienced a cyberattack on my computer, and the Avast Firewall detected and alerted me to pop-up ... by dklk New Member in Splunk Search 03-07-2024 0 0	0	0
What is the best way to rename timechart columns? I have a simple timechart query index = netflow flow_dir= 0 \|timechart sum(bytes) by src_ip I'm wondering how I wo... by jankowsr Path Finder in Splunk Search 03-06-2024 1 7	1	7
DECRYPT2 - Splunk Email Alert Using the DECRYPT2 app, I have a search that uses the decrypt command to decode a encoded string. It returns results ... by shadowlu Loves-to-Learn Lots in Splunk Search 03-06-2024 0 3	0	3
timechart stats creates extra row I am running the following query for a single 24 hour period. I was expecting a single summary row result. Not sure w... by marksheinbaum Explorer in Splunk Search 03-06-2024 0 3	0	3
Splunk Regex Field Extractions When writing regex, where in the regex string am I supposed to add the (?<new_field>) string ?I have included a sampl... by franciscoz1 Engager in Splunk Search 03-06-2024 0 2	0	2
Corn job Hi all, I set a corn job on alertmy alert should not trigger between 9pm to 7am I used below corn job but I am receiv... by Santosh2 Path Finder in Splunk Search 03-06-2024 0 11	0	11
Error in 'SearchParser': Missing a search command before '''. Error at position '264' of search query I configured a Macro name securemsg(1), I use this Marco in the following search:....\| eval log_info=_raw \| 'securems... by qhmassc Explorer in Splunk Search 03-06-2024 0 4	0	4
How to get the value of a field inside a matching object of a multivalue field I have a json that looks like this:{<!-- -->"Field1" : [{<!-- -->"id": 1234"name": "John"},{<!-- -->"id": 5678"name": "Mary""occupation": {<!-- -->"t... by junaedsa Engager in Splunk Search 03-06-2024 0 2	0	2
How to display timechart multivalues without colon? Hello,I have a set of Grade (Math, English, Science) data for Student1 and Student2 from 2/8/2024 to 3/1/2024How to ... by LearningGuy Motivator in Splunk Search 03-06-2024 0 2	0	2
Get multiple Fields in chart function So, I have a chart function that works perfectly!\| chart sum(transactionMade) over USERNUMBER by POSTDATEBut, I want ... by sumarri Path Finder in Splunk Search 03-06-2024 0 3	0	3
Unable to extract the Time stamp value from the message in splunk events. Please help me on this Hi Team,I am unable to extract the Timestamp value from the below message in splunk events using rex command and add ... by Renunaren Loves-to-Learn Everything in Splunk Search 03-06-2024 0 4	0	4
checking if all values from lookup exists Hey, im trying to do something relative easy and for some reason can't make it..i have a lookup named tableq_lookyp w... by dorHerbesman Path Finder in Splunk Search 03-05-2024 0 7	0	7