Splunk Search

Community Activity

I would like to see only the last item of a search HelloI would like a search to show the last entry of host="1.1.1.1", and show the full entry. Thank you by mwcentracomm Explorer in Splunk Search 02-12-2024 0 1	0	1
Show the current duration of equipment where the Status is not "null" Hello, I have the following data: I want to use this data to setup a dashboard. In this dashboard I want to show the ... by Roy1 Explorer in Splunk Search 02-12-2024 0 7	0	7
Using the map command to run searches from a lookup. I have this lookup that has a list of searches I want to run.I want to run a search that can run output the "magic" v... by paras Explorer in Splunk Search 02-11-2024 0 2	0	2
Extract field with multiple potential formats I have log entries that have the following format :[<connectorName>\|<scope>]<sp>The following are examples of the con... by yk010123 Path Finder in Splunk Search 02-11-2024 0 1	0	1
Receiving error: Could not load lookup=LOOKUP-splunk_security_essentials Hi, I wanted to update splunk_security_essentials app (3.2.2 to 3.3.2) : after I did the restart, I have this error ... by mah Builder in Splunk Search 02-10-2024 3 14	3	14
Regex works on regex101 but not splunk Hi community,I'm using rex to get some strings.The log is like\"submission_id\":337901The regex I'm using is:\"submis... by syk19567 Explorer in Splunk Search 02-09-2024 0 5	0	5
Which indexer should I send data to? Hello! I am trying to send syslogs to splunk from network devices using udp. I have one heavy forwarder and two index... by jmrubio Path Finder in Splunk Search 02-09-2024 0 3	0	3
Elegant way of searching for all events where a field is not in a literal list of values What is the most elegant way of searching for events where a field is not in a list of values? For example: index=f... by bobmorning Engager in Splunk Search 02-09-2024 0 1	0	1
Difference between count of events grouped by host and path for 2 last 10m time ranges I have the following SPL search. index="cloudflare" \| top ClientRequestPath by ClientRequestHost \| eval percent = rou... by Haleb Path Finder in Splunk Search 02-09-2024 0 1	0	1
Data not being populated from SplunkDB Connect Hi, I have a connection on Splunk DB Connect on my HF (connected to my SH and I know connection is stable and other s... by dm2 Explorer in Splunk Search 02-09-2024 0 1	0	1
List out the status enabled CS triggering in past X days.. Hi All,How we can modify the below search to get to see only the status enabled list of correlation searches which di... by AL3Z Builder in Splunk Search 02-09-2024 0 4	0	4
How to use NOT-EXISTS in SPLUNK ? Hi I want to create a search to find all the events for which last row exists but there is atleast 1 row missing. Exa... by Real_captain Path Finder in Splunk Search 02-09-2024 0 1	0	1
Join 2 splunk searches and get the output in table Search Query 1 Search Query 2Would like to join search query 1 and 2 and get the results, but no results found.index=... by bmanikya Loves-to-Learn Everything in Splunk Search 02-09-2024 0 6	0	6
Syntax to break a line in search so that it breaks into two lines in servicenow Hi All,I have a field called summary in my search -Failed backup of the transaction log for SQL Server database 'mode... by man03359 Communicator in Splunk Search 02-08-2024 0 4	0	4
How to prevent users from querying all indexes with wildcard Last week, we had someone run a query in which he had "index=*" over 1 week. This triggered a surge of memory usage t... by sansay Contributor in Splunk Search 02-08-2024 4 7	4	7
How to get Country and City from latitude and longitude logs Hi frends I have logs like_time=time latitude=1 longitude=-1 other fields ..._time=time latitude=1 longitude=-2 other... by herguzav Explorer in Splunk Search 02-08-2024 0 1	0	1
Coorelate two events I have a challenge: When somebody are doing changes to our AD, it is done using a cyberark account. In order to finde... by Loepp Observer in Splunk Search 02-08-2024 0 4	0	4
Splunk universal forwarder crashes frequently- What is causing these errors? After upgrading our universal forwarder to 9.0.1, it started crashing almost everyday. I looked at the splunkd.log an... by lawrence_magpoc Path Finder in Splunk Search 02-08-2024 0 3	0	3
Is there a upper limit to dashboard dropdown value fetch from lookup file I have a lookup file . It has 2 columns : Service and Entity and 500+ rows. Service has 34 unique values and Entity h... by manas Explorer in Splunk Search 02-07-2024 0 3	0	3
How to write splunk query for Horizontal and Vertical port scan Horizontal Scan: External scan against a group of IPs for a single port. Vertical Scan: External Single IP being sca... by nilesh1 New Member in Splunk Search 02-07-2024 0 3	0	3
to get fields in bar chart I have a search query statistical result values in the below formatLogin modeTotal loginxxx48Yyyy23aaa52bbbb73 Now I ... by sahana Engager in Splunk Search 02-07-2024 0 3	0	3
How to calculate daily volume of logs ingested by index Hi Team I tried the below search but not getting any result, index=aws component=Metrics group=per_index_thruput earl... by jaibalaraman Path Finder in Splunk Search 02-07-2024 0 8	0	8
Splunk alert based on condition match Hi,I have two splunk search -1, search-2i have to create splunk alert for search-2 based on search-1. If search-1 cou... by Vch Explorer in Splunk Search 02-07-2024 0 6	0	6
Specify Fields for Outputlookup or Outputcsv How can I get outputlookup or outputcsv to only include certain fields in the resulting lookup file? An example exp... by mattcg Explorer in Splunk Search 02-07-2024 1 5	1	5
Bar chart I have another requirement like, I want to show an bar chart which should show the total login count in basis of the ... by sahana Engager in Splunk Search 02-07-2024 0 1	0	1