Splunk Search

Community Activity

OR function Hi guys, I started today with Splunk and have one question. I want to use an or function that if the second "or" the ... by Lennard Engager in Splunk Search 12-13-2023 0 2	0	2
How to extract particular matching string value in Splunk I want to extract only the process name value from the logs and store in a table:Input Log:-------------<30>1 2023-12... by Jagat Engager in Splunk Search 12-13-2023 0 4	0	4
Multi source with one index Hi All,I need some help in searching, I have 1 index but it has multiple sources,Index = Index1Source = source 1Sourc... by nithys Communicator in Splunk Search 12-12-2023 0 2	0	2
How do I limit a search to everything except the top 1 How do I grab all of the versions of Splunk EXCEPT the top 1, basically the opposite ofindex=winconfig sourcetype="WM... by CoryC Engager in Splunk Search 12-12-2023 0 1	0	1
Field extraction from one multivalued event Hi experts,I want to extract below fields in separate separate event to further work on it .INFO 2023-12-11 17:06:01,... by nehamvinchankar Path Finder in Splunk Search 12-12-2023 0 4	0	4
Split values from each fields from output table We got output in table but all values are in one column for each fields of output table. We want to split values in ... by KundanNagare23 Loves-to-Learn Lots in Splunk Search 12-12-2023 0 4	0	4
How to return unique values with highest count, and sort them highest to lowest Hello, I am working on a search to find domains queried via a particular host, and list out a count of hits per uniqu... by ea-2023 Path Finder in Splunk Search 12-12-2023 0 5	0	5
Splunk Duplicate query in a table HI ,Need some help on removing the duplicates from table. Am querying the accounts which uses the plain port connect... by kowsi_ksk New Member in Splunk Search 12-12-2023 0 1	0	1
Splunk Search I have two different logs where the error is capturing in different fields in each log message...(error_message and e... by yuvaraj_m91 Loves-to-Learn Lots in Splunk Search 12-12-2023 0 1	0	1
mulitvalue and single value difference How to get difference of lastest value with now i have multiple values in latest column and only one value in now co... by nehamvinchankar Path Finder in Splunk Search 12-12-2023 0 1	0	1
Why does tstats works different for root event datasets within the same data model Hi.I have a data model that consists of two root event datasets. Both accelerated using simple SPL.First dataset I ca... by att35 Builder in Splunk Search 12-12-2023 1 1	1	1
How to create a search that provides option for a LIKE and not LIKE option Is there a way of creating a search where we can have both LIKE and NOT LIKE, based on user selected option? ie. if $... by GaryZ Path Finder in Splunk Search 12-11-2023 0 1	0	1
Translate and overwrite the values of a field I am new to Splunk. I am trying to overwrite the values of a field (eventLevel) that is in Japanese. I created a look... by akr Loves-to-Learn Lots in Splunk Search 12-11-2023 0 1	0	1
Boolean query to exclude value in Filter Lookup Hi, I am new at Splunk and I'm following the lab in Enriching Data with Lookups, where I'm requested to exclude a val... by mojoes Engager in Splunk Search 12-11-2023 0 1	0	1
Lookup search I have a csv file with the user list and I want to create an alert to monitor the user login failure alert from the u... by Abhirup_10 New Member in Splunk Search 12-10-2023 0 1	0	1
Do you lose any information between Chain Searches in Dashboards? Do you need to return output from one section of a chain search to another, like when writing a function in a program... by splunkernator Path Finder in Splunk Search 12-09-2023 0 17	0	17
How do I calculate the number of Events Per Day so I can then divide by 86400 to get the daily EPS? Hi, I'm trying to calculate the number of events per day so I can then divide by 86400 to get the daily EPS. I know I... by Rhidian Path Finder in Splunk Search 12-09-2023 0 12	0	12
Identify missing servers Hi, I have two datasets for example –1.Index=abc host=def_inven, consider as Dataset A (inventory with 100 servers) a... by Muthu_Vinith Path Finder in Splunk Search 12-09-2023 0 7	0	7
Rex to extract string with words and characters Looking for help with this rex command. I want to capture the continuous string after "invalid user" whether it has s... by AK89 Explorer in Splunk Search 12-08-2023 0 3	0	3
Error - search is waiting for the input Hi There! I'm facing the error "Search is waiting for the input"<form stylesheet="dashboard.css,infobutton.css" scr... by smanojkumar Contributor in Splunk Search 12-08-2023 0 1	0	1
How to extract data from log message data using rex field=_raw? Hi,I have logger statements like below:Event data - {"firstName":"John","lastName":"Doe"} My query needs <rex-stateme... by bharath_hk12 Explorer in Splunk Search 12-08-2023 0 7	0	7
Character limit of alert/correlation name? What is the character limit of an alert name in splunk ES? by vamshikn72 Explorer in Splunk Search 12-07-2023 0 2	0	2
String comparison I've got this searchindex=main sourcetype="bigfix" \| eval raw=_raw \| rex mode=sed field=raw "s/\n/ /g" \| rex field=... by jwhughes58 Contributor in Splunk Search 12-07-2023 0 1	0	1
What is a "scheduled_rtsearch?" Hi, I'm configuring some new roles, and came across the "schedule_rtsearch" capability. The doc simply says "Lets t... by a212830 Champion in Splunk Search 12-07-2023 1 6	1	6
How to add the multiple timelines into one timeline. Hello All, I need to convert the Timeline with different times into one.For example:12:05AM 12:10AM 12:15AM should be... by RENUKA1 Loves-to-Learn Lots in Splunk Search 12-07-2023 0 3	0	3