Splunk Search

Community Activity

REX: how to search in the opposite direction I'm new to REX and trying to extract strings from _raw (which is actually a malformed JSON, so SPATH is not a good op... by LHumberto Explorer in Splunk Search 02-14-2024 0 4	0	4
how can I tell if a data model is being used? I have a distributed environment with 2 independent search heads. I run the same search on both, and one shows a fie... by ilhwan Path Finder in Splunk Search 02-14-2024 0 4	0	4
Counting how many days users logged into the server for the last 12 months Hello, I am trying to count how many days out of the last 12 months our users logged into two of our servers. And ... by splunktrainingu Communicator in Splunk Search 02-14-2024 0 6	0	6
Passing token to macro when multiselect Hi Splunkers, I would like to pass the label value to the macro based on some condition, when a single value is sel... by smanojkumar Contributor in Splunk Search 02-14-2024 0 1	0	1
IPlocation updated I need some help updating the mmdb file for the iplocation command. Ive read the other forum questions regarding this... by Abass42 Communicator in Splunk Search 02-13-2024 0 0	0	0
Can't seem to understand relative_time Hi,I am working my way through some of the splunk courses. I am currently on "working with time".In one of the videos... by sfghjkl New Member in Splunk Search 02-13-2024 0 1	0	1
Splunk Append Query I am using the below query to merge 2 queries using append. However, I am unable to get the value of the field named ... by NishantKrishna Loves-to-Learn in Splunk Search 02-13-2024 0 7	0	7
Regex to extract next 5 lines after keyword hi i would like some help on how to extract the next 5 lines after a keyword where it extracts the full line where th... by thaghost99 Path Finder in Splunk Search 02-13-2024 0 5	0	5
Fetching alphanumeric value and numeric values in aline How to extract alphanumeric and numeric values from aline, both are dynamic values<Alphanumeric>_ETC_RFG: play this ... by Arani_Hari Loves-to-Learn Lots in Splunk Search 02-13-2024 0 7	0	7
Apply different calculation count/sum depending on value/index I have a "cost" for two different indexes that I want to calculate in one and the same SPL. As the "price" is differe... by martinmasif Explorer in Splunk Search 02-13-2024 0 2	0	2
Splunk Query to show average count and minimum for date_month and date_day Hi, I created a column chart in Splunk that shows month but will like to also indicate the day of the week for each o... by Strangertinz Path Finder in Splunk Search 02-13-2024 0 6	0	6
How to use rex to extract field before two symbols I have raw data like: Error=REQUEST ERROR \| request is not valid.\|","time":"1707622073040" and I want to extract "R... by adamsobczykhsbc Explorer in Splunk Search 02-13-2024 0 5	0	5
Compare the same search over two different time periods I have a number of devices that send logs to Splunk.I want to know when devices stop logging.For this example search:... by iainp New Member in Splunk Search 02-13-2024 0 2	0	2
I would like to take the hosts field from the below search and show the most recent event from each host I created an alert from the search below, and it emails a pdf - is there a way to add the most recent event from each... by mwcentracomm Explorer in Splunk Search 02-12-2024 0 5	0	5
Limiting Matching Events Hi Everyone, I am looking for a little advice, I am currently searching splunk against multiple sets of variables to... by EPitch Observer in Splunk Search 02-12-2024 0 4	0	4
How can limit the number of events shown on a table after using stats list I have a report that lists malware received by email that is part of a dashboard. Some months the list for each perso... by 0p3r4t0r8089 Explorer in Splunk Search 02-12-2024 0 7	0	7
Eval results from two time ranges Splunk sirs, I am trying to add a boolean column to my data called 'new_IP_detected' which will tell me whether an an... by marshalll3302 Explorer in Splunk Search 02-12-2024 0 4	0	4
I would like to see only the last item of a search HelloI would like a search to show the last entry of host="1.1.1.1", and show the full entry. Thank you by mwcentracomm Explorer in Splunk Search 02-12-2024 0 1	0	1
Show the current duration of equipment where the Status is not "null" Hello, I have the following data: I want to use this data to setup a dashboard. In this dashboard I want to show the ... by Roy1 Explorer in Splunk Search 02-12-2024 0 7	0	7
Using the map command to run searches from a lookup. I have this lookup that has a list of searches I want to run.I want to run a search that can run output the "magic" v... by paras Explorer in Splunk Search 02-11-2024 0 2	0	2
Extract field with multiple potential formats I have log entries that have the following format :[<connectorName>\|<scope>]<sp>The following are examples of the con... by yk010123 Path Finder in Splunk Search 02-11-2024 0 1	0	1
Receiving error: Could not load lookup=LOOKUP-splunk_security_essentials Hi, I wanted to update splunk_security_essentials app (3.2.2 to 3.3.2) : after I did the restart, I have this error ... by mah Builder in Splunk Search 02-10-2024 3 14	3	14
Regex works on regex101 but not splunk Hi community,I'm using rex to get some strings.The log is like\"submission_id\":337901The regex I'm using is:\"submis... by syk19567 Explorer in Splunk Search 02-09-2024 0 5	0	5
Which indexer should I send data to? Hello! I am trying to send syslogs to splunk from network devices using udp. I have one heavy forwarder and two index... by jmrubio Path Finder in Splunk Search 02-09-2024 0 3	0	3
Elegant way of searching for all events where a field is not in a literal list of values What is the most elegant way of searching for events where a field is not in a list of values? For example: index=f... by bobmorning Engager in Splunk Search 02-09-2024 0 1	0	1