Splunk Search

Community Activity

Splunk Query to show average count and minimum for date_month and date_day Hi, I created a column chart in Splunk that shows month but will like to also indicate the day of the week for each o... by Strangertinz Path Finder in Splunk Search 02-13-2024 0 6	0	6
How to use rex to extract field before two symbols I have raw data like: Error=REQUEST ERROR \| request is not valid.\|","time":"1707622073040" and I want to extract "R... by adamsobczykhsbc Explorer in Splunk Search 02-13-2024 0 5	0	5
Compare the same search over two different time periods I have a number of devices that send logs to Splunk.I want to know when devices stop logging.For this example search:... by iainp New Member in Splunk Search 02-13-2024 0 2	0	2
I would like to take the hosts field from the below search and show the most recent event from each host I created an alert from the search below, and it emails a pdf - is there a way to add the most recent event from each... by mwcentracomm Explorer in Splunk Search 02-12-2024 0 5	0	5
Limiting Matching Events Hi Everyone, I am looking for a little advice, I am currently searching splunk against multiple sets of variables to... by EPitch Observer in Splunk Search 02-12-2024 0 4	0	4
How can limit the number of events shown on a table after using stats list I have a report that lists malware received by email that is part of a dashboard. Some months the list for each perso... by 0p3r4t0r8089 Explorer in Splunk Search 02-12-2024 0 7	0	7
Eval results from two time ranges Splunk sirs, I am trying to add a boolean column to my data called 'new_IP_detected' which will tell me whether an an... by marshalll3302 Explorer in Splunk Search 02-12-2024 0 4	0	4
I would like to see only the last item of a search HelloI would like a search to show the last entry of host="1.1.1.1", and show the full entry. Thank you by mwcentracomm Explorer in Splunk Search 02-12-2024 0 1	0	1
Show the current duration of equipment where the Status is not "null" Hello, I have the following data: I want to use this data to setup a dashboard. In this dashboard I want to show the ... by Roy1 Explorer in Splunk Search 02-12-2024 0 7	0	7
Using the map command to run searches from a lookup. I have this lookup that has a list of searches I want to run.I want to run a search that can run output the "magic" v... by paras Explorer in Splunk Search 02-11-2024 0 2	0	2
Extract field with multiple potential formats I have log entries that have the following format :[<connectorName>\|<scope>]<sp>The following are examples of the con... by yk010123 Path Finder in Splunk Search 02-11-2024 0 1	0	1
Receiving error: Could not load lookup=LOOKUP-splunk_security_essentials Hi, I wanted to update splunk_security_essentials app (3.2.2 to 3.3.2) : after I did the restart, I have this error ... by mah Builder in Splunk Search 02-10-2024 3 14	3	14
Regex works on regex101 but not splunk Hi community,I'm using rex to get some strings.The log is like\"submission_id\":337901The regex I'm using is:\"submis... by syk19567 Explorer in Splunk Search 02-09-2024 0 5	0	5
Which indexer should I send data to? Hello! I am trying to send syslogs to splunk from network devices using udp. I have one heavy forwarder and two index... by jmrubio Path Finder in Splunk Search 02-09-2024 0 3	0	3
Elegant way of searching for all events where a field is not in a literal list of values What is the most elegant way of searching for events where a field is not in a list of values? For example: index=f... by bobmorning Engager in Splunk Search 02-09-2024 0 1	0	1
Difference between count of events grouped by host and path for 2 last 10m time ranges I have the following SPL search. index="cloudflare" \| top ClientRequestPath by ClientRequestHost \| eval percent = rou... by Haleb Path Finder in Splunk Search 02-09-2024 0 1	0	1
Data not being populated from SplunkDB Connect Hi, I have a connection on Splunk DB Connect on my HF (connected to my SH and I know connection is stable and other s... by dm2 Explorer in Splunk Search 02-09-2024 0 1	0	1
List out the status enabled CS triggering in past X days.. Hi All,How we can modify the below search to get to see only the status enabled list of correlation searches which di... by Raj Builder in Splunk Search 02-09-2024 0 4	0	4
How to use NOT-EXISTS in SPLUNK ? Hi I want to create a search to find all the events for which last row exists but there is atleast 1 row missing. Exa... by Real_captain Path Finder in Splunk Search 02-09-2024 0 1	0	1
Join 2 splunk searches and get the output in table Search Query 1 Search Query 2Would like to join search query 1 and 2 and get the results, but no results found.index=... by bmanikya Loves-to-Learn Everything in Splunk Search 02-09-2024 0 6	0	6
Syntax to break a line in search so that it breaks into two lines in servicenow Hi All,I have a field called summary in my search -Failed backup of the transaction log for SQL Server database 'mode... by man03359 Communicator in Splunk Search 02-08-2024 0 4	0	4
How to prevent users from querying all indexes with wildcard Last week, we had someone run a query in which he had "index=*" over 1 week. This triggered a surge of memory usage t... by sansay Contributor in Splunk Search 02-08-2024 4 7	4	7
How to get Country and City from latitude and longitude logs Hi frends I have logs like_time=time latitude=1 longitude=-1 other fields ..._time=time latitude=1 longitude=-2 other... by herguzav Explorer in Splunk Search 02-08-2024 0 1	0	1
Coorelate two events I have a challenge: When somebody are doing changes to our AD, it is done using a cyberark account. In order to finde... by Loepp Observer in Splunk Search 02-08-2024 0 4	0	4
Splunk universal forwarder crashes frequently- What is causing these errors? After upgrading our universal forwarder to 9.0.1, it started crashing almost everyday. I looked at the splunkd.log an... by lawrence_magpoc Path Finder in Splunk Search 02-08-2024 0 3	0	3