Splunk Search

Community Activity

In a search combine two-three field values(columns) into one field Hi,I have an output like this -LocationEventNameErrorCodeSummaryserver1Mssql.LogBackupFailedBackupAgentErrorFailed ba... by man03359 Communicator in Splunk Search 01-31-2024 0 2	0	2
Splunk health check monitoring using command line ? Hi, is it possible to extract informations about Splunk System health check using command line ? For example I wo... by dlugasny New Member in Splunk Search 01-31-2024 0 3	0	3
Is using index=proxy really bad? HelloI have a question. We have lots of indexes, and rather than specify each one, I use index=proxy to search acro... by davidwaugh Path Finder in Splunk Search 01-31-2024 0 2	0	2
Filtering Hi Splunkers, I dont need the value in first line and need that value later in search to filter, so I tried tis way... by smanojkumar Contributor in Splunk Search 01-31-2024 0 7	0	7
splunk lets say i have a query which is giving no result at present date but may give in future . In this query I have calcu... by Siddharthnegi Contributor in Splunk Search 01-31-2024 0 3	0	3
How to display top 5 and replace the rest with others? How to display top 10 and replace the rest with others?I tried using top limit 5 with userother, but the number did... by LearningGuy Motivator in Splunk Search 01-31-2024 0 7	0	7
How can I search events based on another lookup file subsearch using like. Hi,Would you mind to help on this?, I have been working for days to figure out how can I pass a lookup file subsearch... by JMPP Explorer in Splunk Search 01-30-2024 0 3	0	3
Time conversion for AWS Cloudtrail logs using strptime() and strftime() not working My original time format in the search is eventID: d7d2d438-cc61-4e74-9e9a-3fd8ae96388d eventName: StartInstances ... by ezamit Explorer in Splunk Search 01-30-2024 0 2	0	2
How to find all Dashboards, Reports and Alerts related to a specific index ? Our Splunk instance is being overhauled and I need to update all of the content that has been built. We have some in... by john_glasscock Path Finder in Splunk Search 01-30-2024 1 13	1	13
Tracking Field Changes in Events Hello,I'm looking of your insights to pinpoint changes in fields over time. Events structured with timestamp, ID, and... by PavelP Motivator in Splunk Search 01-30-2024 0 11	0	11
How do I do a search on an inputlookup from data loaded from datamodel My current serach is - \| from datamodel:Remote_Access_Authentication.local \| append [\| inputlookup Domain \| rename n... by jeradb Explorer in Splunk Search 01-30-2024 0 1	0	1
Phishing emails Hi,I want to create a search query that looks for users who have received phishing emails, clicked the link, or downl... by of New Member in Splunk Search 01-30-2024 0 4	0	4
create a field alias for _indextime Hi everyone,I would want to ask if I can create a field alias for _indextime and _time then set this alias as a defau... by Shihua Engager in Splunk Search 01-30-2024 0 2	0	2
Escaping special characters in text input I have a very basic dashboard that requires my users to put in text inputs. These inputs are then outputted to a CSV... by willadams Contributor in Splunk Search 01-29-2024 0 3	0	3
Help with Field Extraction Here is my sample data; start=Dec 30 2023 06:07:47 duser=NT AUTHORITY\SYSTEM dvc=10.163.142.37I need to extract the f... by secphilomath1 Explorer in Splunk Search 01-29-2024 0 9	0	9
Remove duplicate columns - column which have single unique value Hi, I want to get rid of columns which have single unique value. There could be multiple columns showing this behavio... by bhavesh0124 Explorer in Splunk Search 01-29-2024 0 3	0	3
Filter subset of search results I am trying to filter my search results where only a particular subset of the results should be shown. Example suppos... by ghostrider Path Finder in Splunk Search 01-29-2024 0 1	0	1
Join two indexes in one search I am noob with Splunk.I am trying to join two indexes in one search -index="idx-enterprise-tools" sourcetype="spectru... by man03359 Communicator in Splunk Search 01-29-2024 0 3	0	3
Using timechart to show the number of users in the busiest minute against a one hour span Hi,I'm after some assistance.I am trying to capture the peak number of concurrent users in a single minute block usin... by SleepyGuy Engager in Splunk Search 01-29-2024 0 3	0	3
using different date range but showing the same value When I was searching for the different data ranges in my Splunk dashboard it showed the same,for example, i am selec... by ramkyreddy Explorer in Splunk Search 01-29-2024 0 5	0	5
dnslookup on oneidentity-safeguard app Why oneidentity override dnslookup transform changing the parameters name ? from clientip to ip , from clienhost to... by paolos Loves-to-Learn Everything in Splunk Search 01-29-2024 0 2	0	2
timechart with multiple series Hi, Im trying to create a dashboard that easily presents api endpoint performance metrics I am generating a summary i... by clamarkv Explorer in Splunk Search 01-28-2024 0 1	0	1
Splunk query help - query for URL that have values other than X,Y,Z Lets say i would like to query for message that has a URL field with values other than X,Y,Z added as query parameter... by Splunkanator New Member in Splunk Search 01-27-2024 0 2	0	2
Left join not returning values as expected. I am joining two splunk query to capture the values which is not present in subquery. Trying to find the account whi... by yuvrajsharma_13 Explorer in Splunk Search 01-27-2024 0 2	0	2
How to pass data from a report to another report? Hello,How to pass data/token from a report to another report? Thank you for your helpI am trying to run a weekly re... by LearningGuy Motivator in Splunk Search 01-27-2024 0 3	0	3