Splunk Search

Community Activity

How to extract variable field name from log file path and add them to each log line while sending to splunk Hi Everyone,I am using splunk forwarder and I have below requirements We have log files under path /opt/airflow/logs/... by Deep Engager in Splunk Search 01-18-2024 0 5	0	5
reduce events by matching with a csv, but more than 10k matches Ok, been learning alot about reducing event size from a recent conversation (here) and got linked a great article on ... by loganramirez Path Finder in Splunk Search 01-17-2024 0 7	0	7
An Alternative to Subsearch Hello,I am trying to use a subsearch in order to create a dashboard, but being the subsearches have limitations it is... by dcfrench3 Engager in Splunk Search 01-17-2024 0 5	0	5
Is it possible to perform bitwise operations on values in the eval function? In the following query I'm trying to get the logical AND of two numbers: * \| head 1 \| eval x=2 \| eval y=2 \| eval z ... by whisperstream Explorer in Splunk Search 01-17-2024 0 5	0	5
[box plot] How could I delete "trace 0" data not declared? I try to do box plot using viz.But I can see the "trace 0" data graph in box plot. ( I don't have any data called "tr... by Questioner Path Finder in Splunk Search 01-17-2024 0 3	0	3
Pass variable value to savedsearch Hi,I am having issues passing value into savedsearchBelow is the simplified version of my query:\| inputlookup alert_t... by kk2204 Explorer in Splunk Search 01-17-2024 0 3	0	3
Why does search keep getting killed by 'Signal 9'? For a certain search I keep getting the following error: Search process did not exit cleanly, exit_code=0, descriptio... by dkoops Path Finder in Splunk Search 01-17-2024 2 4	2	4
How to extract a field value which have combination of number and special characters? I have a field which have values only with numbers and also with combination of number and special characters as valu... by akarivaratharaj Communicator in Splunk Search 01-17-2024 0 2	0	2
How to find which indexes are used? I have a simple question how can I check that in which of the apps a particular index has been used. by Siddharthnegi Contributor in Splunk Search 01-17-2024 0 4	0	4
How to create a query that follow trend (line chart) of another query. I have a panel in a dashboard that plot a trend line for last 24 Hrs. Now I wanna create a new alert query that shoul... by Rao_KGY Loves-to-Learn in Splunk Search 01-17-2024 0 1	0	1
Unable to find the right query to capture trend Hello - I'd like to start with thanking the community for reviewing and helping! Problem Statement: I have appt data ... by Khanu89 Path Finder in Splunk Search 01-17-2024 0 1	0	1
SPL query to match fields value and create new field value based on matching condition. i have fields value in events something like below.TOOL_Status description Event_ID Host_NameCLOSED 21alerts has been... by RSS_STT Explorer in Splunk Search 01-17-2024 0 2	0	2
How to combine two datamodels in the tstats command? I want to merge them to capture DCOM lateral movement events. I want to combine these two events. Can anyone help me? I have tried using the join and append commands, but haven't ... by quangnm21 Explorer in Splunk Search 01-16-2024 0 1	0	1
How to combine field values? Hi experts, I want to just combine these location sites - "HU1","IA2","IB0 and create new AM site.I tried this query,... by Muthu_Vinith Path Finder in Splunk Search 01-16-2024 0 3	0	3
Help please. How can I write this using a lookup for the IPs? thank you I have tried using search but can't seem to get it right. Any guidance is appreciated This alert detects any traffic ... by GIA Path Finder in Splunk Search 01-16-2024 0 12	0	12
Controlling Text - Output Table formatted data to text We are in the process of generating Events in ServiceNow using the Splunk add-on for ServiceNow. We are passing Even... by regarza Engager in Splunk Search 01-16-2024 0 0	0	0
Why "*" start does not include the void value Hello everyone, I'm working on Splunk Entreprise and on the Search & Reporting app. I made many drop-down menu to fil... by michaelteck Explorer in Splunk Search 01-16-2024 0 2	0	2
Searching a lookup I have this lookupI want the total count when the timeval is latest. (in this case 2023) any solution by Siddharthnegi Contributor in Splunk Search 01-16-2024 0 7	0	7
How to find the difference of time between the 2 fields ? Hi Can you please tell me how can i extract the events for which the difference of current_time and timestampOfRece... by Real_captain Path Finder in Splunk Search 01-16-2024 0 7	0	7
How to filter results of a 2nd search from the main search I have a use case where I want to setup Splunk Alerts for certain Exception events. I have already defined standard E... by D_Rai New Member in Splunk Search 01-16-2024 0 1	0	1
Updating App Macros Hi Community People.Our team has stood up a new instance of Splunk, and we have deployed out some cool new apps. One ... by JohnEGones Communicator in Splunk Search 01-15-2024 0 1	0	1
How to use Not Exists function in Splunk when 2 indexes are involved ? Hi Can someone help to explain how we can use Not-exists in Splunk. Example is attached below for which i need to use... by Real_captain Path Finder in Splunk Search 01-15-2024 0 8	0	8
Interpretation of integers I am wondering why the two following requests, when applied to exactly the same time range, return a different value:... by fabienpe Explorer in Splunk Search 01-15-2024 0 8	0	8
Reordering fields Hello Splunkers,I've a Region filter over the dashboard. This Region filter has values AMER and EMEA. I've a requirem... by mnj1809 Path Finder in Splunk Search 01-15-2024 0 3	0	3
To extract a field using the REX Command HelloI want to extract the field issrDsclsrReqId" using the Rex command. Can someone please help me with the command ... by Real_captain Path Finder in Splunk Search 01-15-2024 0 6	0	6