Splunk Search

Community Activity

Set time using data in token I made a graph that send time data at click point.I use "fieldformat" to change time data shown.This is my code about... by Questioner Path Finder in Splunk Search 02-02-2024 0 3	0	3
Use the '\| from datamodel' command when the datamodel is configured as grandparent/parent/child. I want to query the user dataset using the from datamodel command.I know how to use nodename in the tstat command.Whe... by rrythi Loves-to-Learn in Splunk Search 02-01-2024 0 0	0	0
Nested inputlookup with join or eval My current search that is working is - \| from datamodel:Remote_Access_Authentication \| rex field=dest_nt_domain "^(?<... by jeradb Explorer in Splunk Search 02-01-2024 0 2	0	2
tstats stopped returning data with summariesonly=true after adding _time field Hi,We have a datamodel built against application data. All the tstats searches against the DM were running fine, incl... by att35 Builder in Splunk Search 02-01-2024 0 0	0	0
Streamlining with tstats Hi all, im looking to create a dashboard to capture various info on or proxy data. I have a few simple queries index=... by supersnedz Path Finder in Splunk Search 02-01-2024 0 4	0	4
How to subtract filed values in a column I have AWS Cloudtrail data and want to find out how long an EC2 instance was stopped. Is it possible to subtract the ... by ezamit Explorer in Splunk Search 01-31-2024 0 6	0	6
how to break down a record in multiple rows I have a records that comes with multiple items in a single row. Is there a way i can break it down in a single row. ... by ezamit Explorer in Splunk Search 01-31-2024 0 2	0	2
Inputs Conf on Deployment Apps and HFs Hi Splunkers, Have the following situation, and interested in another opinion:We have a distributed environment with ... by JohnEGones Communicator in Splunk Search 01-31-2024 0 1	0	1
How to calculate time difference? I'm looking to get a difference between both times and create a 3rd field for the results (Properties.actionedDate - ... by EvansB Path Finder in Splunk Search 01-31-2024 0 7	0	7
In a search combine two-three field values(columns) into one field Hi,I have an output like this -LocationEventNameErrorCodeSummaryserver1Mssql.LogBackupFailedBackupAgentErrorFailed ba... by man03359 Communicator in Splunk Search 01-31-2024 0 2	0	2
Splunk health check monitoring using command line ? Hi, is it possible to extract informations about Splunk System health check using command line ? For example I wo... by dlugasny New Member in Splunk Search 01-31-2024 0 3	0	3
Is using index=proxy really bad? HelloI have a question. We have lots of indexes, and rather than specify each one, I use index=proxy to search acro... by davidwaugh Path Finder in Splunk Search 01-31-2024 0 2	0	2
Filtering Hi Splunkers, I dont need the value in first line and need that value later in search to filter, so I tried tis way... by smanojkumar Contributor in Splunk Search 01-31-2024 0 7	0	7
splunk lets say i have a query which is giving no result at present date but may give in future . In this query I have calcu... by Siddharthnegi Contributor in Splunk Search 01-31-2024 0 3	0	3
How to display top 5 and replace the rest with others? How to display top 10 and replace the rest with others?I tried using top limit 5 with userother, but the number did... by LearningGuy Motivator in Splunk Search 01-31-2024 0 7	0	7
How can I search events based on another lookup file subsearch using like. Hi,Would you mind to help on this?, I have been working for days to figure out how can I pass a lookup file subsearch... by JMPP Explorer in Splunk Search 01-30-2024 0 3	0	3
Time conversion for AWS Cloudtrail logs using strptime() and strftime() not working My original time format in the search is eventID: d7d2d438-cc61-4e74-9e9a-3fd8ae96388d eventName: StartInstances ... by ezamit Explorer in Splunk Search 01-30-2024 0 2	0	2
How to find all Dashboards, Reports and Alerts related to a specific index ? Our Splunk instance is being overhauled and I need to update all of the content that has been built. We have some in... by john_glasscock Path Finder in Splunk Search 01-30-2024 1 13	1	13
Tracking Field Changes in Events Hello,I'm looking of your insights to pinpoint changes in fields over time. Events structured with timestamp, ID, and... by PavelP Motivator in Splunk Search 01-30-2024 0 11	0	11
How do I do a search on an inputlookup from data loaded from datamodel My current serach is - \| from datamodel:Remote_Access_Authentication.local \| append [\| inputlookup Domain \| rename n... by jeradb Explorer in Splunk Search 01-30-2024 0 1	0	1
Phishing emails Hi,I want to create a search query that looks for users who have received phishing emails, clicked the link, or downl... by of New Member in Splunk Search 01-30-2024 0 4	0	4
create a field alias for _indextime Hi everyone,I would want to ask if I can create a field alias for _indextime and _time then set this alias as a defau... by Shihua Engager in Splunk Search 01-30-2024 0 2	0	2
Escaping special characters in text input I have a very basic dashboard that requires my users to put in text inputs. These inputs are then outputted to a CSV... by willadams Contributor in Splunk Search 01-29-2024 0 3	0	3
Help with Field Extraction Here is my sample data; start=Dec 30 2023 06:07:47 duser=NT AUTHORITY\SYSTEM dvc=10.163.142.37I need to extract the f... by secphilomath1 Explorer in Splunk Search 01-29-2024 0 9	0	9
Remove duplicate columns - column which have single unique value Hi, I want to get rid of columns which have single unique value. There could be multiple columns showing this behavio... by bhavesh0124 Explorer in Splunk Search 01-29-2024 0 3	0	3