Splunk Search

Community Activity

Partially eliminate error message in Splunk query Hi,below are the log details.index=ABC sourcetype=logging_0Below are the values of "ErrorMessages" field:invalid - 5 ... by Dharani Path Finder in Splunk Search 12-18-2023 0 6	0	6
How to add colors to a Column Chart This is my source code</search> <option name="charting.chart">column</option> <option name="charting.dr... by avi7326 Path Finder in Splunk Search 12-18-2023 0 3	0	3
Arranging column chart X-axis labels in static order Hi Everyone,I have a column chart for the below query. As shown in the below screenshot, the x-axis label is sorted i... by Pratyusha Engager in Splunk Search 12-17-2023 0 2	0	2
Search data by result count I have a search that returns a list of users and the country logins have occurred from grouped by user.index=o365 Use... by balcv Contributor in Splunk Search 12-17-2023 0 2	0	2
Removing duplicates from 2 multivalue field (leaving distinct values only) I have 2 multivalue fields (old and new) containing group lists for 1 or more users. The new values is the list of gr... by diskioinferno Engager in Splunk Search 12-17-2023 0 3	0	3
Using wildcard in mvfind Hi All,I am facing error using wildcard in multivalue field. I am using mvfind to find a string. eval test_loc=case(... by Poojitha Communicator in Splunk Search 12-16-2023 0 7	0	7
tuning the query Hi Team,I am using a query which has same index and source but fetch two results based on the search and combine to a... by nithys Communicator in Splunk Search 12-16-2023 0 3	0	3
Expand json string into searchable fields HiKinda a new to splunk . Sending data to splunk via HEC. Its a DTO which contains various fields, one of them being ... by murad Observer in Splunk Search 12-16-2023 0 3	0	3
Monthly AV compliance report expert query Dear All,Scenario--> 1AV server is having multiple endpoint reporting to it. This AV server integrated with Splunk an... by mohammadsharukh Path Finder in Splunk Search 12-16-2023 0 1	0	1
How to get fields into a bar chart? I have a search as follows:index=\|search sourcetype=\|spath logs{} output=logs\|spath serial_number output=serial_num... by nkavouris Path Finder in Splunk Search 12-15-2023 0 2	0	2
HF multiple UDP port listening \| Best practices Hello Splunkers,I have a Splunk HF that will receive multiple logs coming from different machines, all sending via UD... by GaetanVP Contributor in Splunk Search 12-15-2023 1 4	1	4
merge rows to one row if matches the result value by VM ( little complex situation) I have a Splunk result like below.VMcol1col2vm1carsedanvm2carsedanvm3planePrivvm4bikeFazervm5bikethunder I would like... by Satheesh_red Path Finder in Splunk Search 12-15-2023 0 10	0	10
Adding two indexes to one search again index=jedi domain="jedi.lightside.com" (master!="yoda" AND master!="mace" AND master="Jinn") \| table saber_color, J... by the_dude Engager in Splunk Search 12-15-2023 0 8	0	8
Query - How to check failed % > X Hi, I need help in a splunk search. My requirement is get the stats for failed and successful count along with the pe... by suvi6789 Path Finder in Splunk Search 12-14-2023 0 5	0	5
transform XML with same node name and add field names Hi, I have Windows Event for specific application that have payload in Windows Event Log, when using Splunk_TA_window... by jbanAtSplunk Communicator in Splunk Search 12-14-2023 0 3	0	3
comparing two searches and calculate the differences Hi There! I would like to find the values of host that were in macro 1 but not in macro 2search 1 `macro 1` \| field... by smanojkumar Contributor in Splunk Search 12-14-2023 0 7	0	7
How To Write a Search query for the Timestamp field which is different from _time value Hi All,Need a help to write a query based on the field "Timestamp" which is different from "_time" value.Sample Event... by anandhalagaras1 Contributor in Splunk Search 12-14-2023 0 5	0	5
How to remove empty fields? \| table Status, timeval, CompanyCode, CN\|appendpipe [stats count\| eval error="thats not cool" \| where count==0 \|table... by Siddharthnegi Contributor in Splunk Search 12-14-2023 0 7	0	7
How to parse a path request string in json format? Hi all,For this sort of json string, how can I extract KeyA, KeyB, KeyC? { "KeyA": [ { "path": "/attibuteA", "op": "r... by EricMonkeyKing Explorer in Splunk Search 12-14-2023 0 5	0	5
Expand multivalue field into individual fields WITHOUT mvexpand I have a multivalue field, which I would like to expand to individual fields, like so:\| makeresults count=1 \| eval a... by duesser Path Finder in Splunk Search 12-14-2023 0 4	0	4
Seeking Advice: Crafting a Splunk Query for Identifying Dormant Systems from Windows Event Logs (EventCode=4624) I'm currently working on crafting a Splunk Query to identify systems that have been inactive for a specified duration... by KingUs80 Loves-to-Learn Lots in Splunk Search 12-13-2023 0 2	0	2
How to find events between time ranges for a service now integrated with Splunk HiI am trying to see for a ticket that is not assigned to an analyst for the last 15 mins from the time of arrival. I... by varsh_6_8_6 Explorer in Splunk Search 12-13-2023 0 1	0	1
Searching Nested JSON Data Hello Splunkers,I am New to Splunk and am trying to figure out how to parse nested JSON data spit out by an end-of-li... by nkavouris Path Finder in Splunk Search 12-13-2023 0 5	0	5
How to extract json with filter I have a data like this.{<!-- --> env: prod host: prod01 name: appName info: { data: [ ... ] indicators... by MirrorCraze Explorer in Splunk Search 12-13-2023 0 1	0	1
OR function Hi guys, I started today with Splunk and have one question. I want to use an or function that if the second "or" the ... by Lennard Engager in Splunk Search 12-13-2023 0 2	0	2