Splunk Search

Community Activity

Knowledge Hello,Do anyone have a quick howto on using this application.With examples? by vegarberget Engager in Splunk Search 02-06-2024 0 1	0	1
Searching through join results I've been working to recreate a query in Splunk from Microsoft Defender Endpoint that shows what files users have cop... by pcookhayboo Explorer in Splunk Search 02-05-2024 0 1	0	1
Find field value present today, that was not logged yesterday. We have a splunk query that pulls down a list of values daily. We are looking to see if we can use splunk to find th... by afs_splunk Observer in Splunk Search 02-05-2024 0 1	0	1
bring column data to rows index=xxxx source=xxxxxx\| eval respStatus=case(responseStatus>=500, "ERRORS", responseStatus>=400, "EXCEPTIONS", re... by Haleem Engager in Splunk Search 02-05-2024 0 2	0	2
Join Two Searches on Shared Field Value I have an index that contains all the hits for our WAF and an index that contains the subsequent API call details for... by lhillscu Engager in Splunk Search 02-05-2024 0 8	0	8
Is there an effective way of merging 2 splunk searches? How do I merge the below 2 complex queries? Let me know if it's possible in Splunk?Search 1: - index=ABC (event... by varma364 Path Finder in Splunk Search 02-05-2024 0 5	0	5
How to use spath to read dynamic path Hi Team I have the below Json string coming as an event in Splunk logs .after data, the next field could be a, b, c, ... by mayurkale471757 Explorer in Splunk Search 02-05-2024 0 7	0	7
Where is the option to disable "Preview" at? Can't find it anywhere... I've got some other questions on here out in regards to search performance, and several replies have mentioned "disab... by tmeader Contributor in Splunk Search 02-05-2024 2 5	2	5
Need Help in extracting the field Hi all,help me extracting the field from the below two eventsSystem.Exception: Assertion violated: stream.ReadByteInt... by AL3Z Builder in Splunk Search 02-05-2024 0 3	0	3
SLA reporting in SPL Hi, I have this query that calulates how much time the alerts are open, so far so good, but unfortunatelly if the rul... by dm2 Explorer in Splunk Search 02-05-2024 0 15	0	15
How to change hostname for the splunk windows universal forwarder? I have installed splunk and added windows systems to splunk through universal forwarder, but I have a problem with de... by chakavak Loves-to-Learn Lots in Splunk Search 02-04-2024 0 14	0	14
How to use action="blocked" on search bar ? I have file.csv and I want to do an action, action="blocked" but it appears to me there is no result after searching ... by Nasser Explorer in Splunk Search 02-04-2024 0 5	0	5
Event Count by Average Overtime Hello, I'm starting out on my splunk journey and have been tasked with figuring out a dashboard for my executives. I ... by TwitchyB New Member in Splunk Search 02-02-2024 0 3	0	3
Replace non-alphanumeric characters in a multivalue field I have a multivalue field and am hoping I can get help to replace all the non-alphanumeric characters within a specif... by DEADBEEF Path Finder in Splunk Search 02-02-2024 0 10	0	10
How to search mstats and then filter the results? The goal is to fire off an alert if there is a lag in metrics for a given index. I can calculate this for each "app" ... by JoshMc Loves-to-Learn in Splunk Search 02-02-2024 0 1	0	1
How to fetch the search id from the triggered alert and use it in the sendemail command Hello Everyone,I have created and alert which uses sendresults command to format the email notification.But the probl... by sbollam Explorer in Splunk Search 02-02-2024 0 1	0	1
Plot multiple charts in one report Hello, I'm trying to sum by groups (I have 2 groups) and then plot them individually and also the sum. I'm using foll... by Shahnoor Explorer in Splunk Search 02-02-2024 0 1	0	1
How to repeat a regex to match more than one instances Hi,We are using following regex to capture "caused by" exceptions within java stack trace.Caused by: (?P<Exception>[^... by att35 Builder in Splunk Search 02-02-2024 0 1	0	1
Rex query for two different type event Need help on getting rex query. I am getting below two events. I am able to rex for event 1 with NULL field. But I a... by ravir_jbp Explorer in Splunk Search 02-02-2024 0 2	0	2
Writing Regex with Lookaheads to Capture Group Hello,I am attempting to write some regex with a lookahead.My event ispluginText: <plugin_output>Here is the list of ... by nateloepker Explorer in Splunk Search 02-02-2024 0 1	0	1
Unable to do simple calculation of aggregate durations between 2 states by host Given that per host there are 2 events logged, one indicating transition to active and one indicating transition to i... by smahoney Path Finder in Splunk Search 02-02-2024 0 1	0	1
Adding a column Hi Splunk experts,I’m a Splunk beginner. I need help with a requirement. I have fields named 'location,' 'login,' and... by Muthu_Vinith Path Finder in Splunk Search 02-02-2024 0 2	0	2
Set time using data in token I made a graph that send time data at click point.I use "fieldformat" to change time data shown.This is my code about... by Questioner Path Finder in Splunk Search 02-02-2024 0 3	0	3
Use the '\| from datamodel' command when the datamodel is configured as grandparent/parent/child. I want to query the user dataset using the from datamodel command.I know how to use nodename in the tstat command.Whe... by rrythi Loves-to-Learn in Splunk Search 02-01-2024 0 0	0	0
Nested inputlookup with join or eval My current search that is working is - \| from datamodel:Remote_Access_Authentication \| rex field=dest_nt_domain "^(?<... by jeradb Explorer in Splunk Search 02-01-2024 0 2	0	2