Splunk Search

Community Activity

How do i use if/case functions using lookup table search? Hello,I have a use case where I have a bunch of email alerts that I need to determine the system name for.Examples, l... by umithchada Explorer in Splunk Search 11-14-2023 0 5	0	5
How to find the most recent log event for each user ? Here is what I am attempting to write SPL to show. I will have users logged into several hosts all using a web appli... by sjringo Contributor in Splunk Search 11-14-2023 0 2	0	2
Add description to field value Hello, I have a system log which contains different DNS error messages (in the 'Message' field) and I am looking for ... by phildefer Explorer in Splunk Search 11-14-2023 0 1	0	1
Extract text from message field I need to extract a string from a message body, and make a new field for it. <Junk_Message> #body \| Thing1 \| Stuff2... by codedtech Path Finder in Splunk Search 11-14-2023 0 1	0	1
How do I find all duplicate events? I suspect that I may have duplicate events indexed by Splunk. The cause may be my originating files having dupes OR m... by maverick Splunk Employee in Splunk Search 11-14-2023 17 14	17	14
Join data from 2 indexes Hi All, i have 2 indexes having below 2 queries host,hostname are common for both, want to add sourceIp using 2nd s... by sekhar463 Path Finder in Splunk Search 11-14-2023 0 6	0	6
How to group messages based on substring Hello community. I'm trying to extract information from a string type field and make a graph on a dashboard. In the g... by chimuru84 Path Finder in Splunk Search 11-14-2023 0 12	0	12
How to calculate individual fail time? I have following data:02:00:00 Item=A Result=success 02:00:05 Item=B Result=success 02:05:00 Item=A Result=fail 02:05... by WK Loves-to-Learn in Splunk Search 11-13-2023 0 4	0	4
How to show results if 2 values are true Im trying to get specific results if two values in the same field are true but I keep failingI want to count the numb... by Dallastek1 Path Finder in Splunk Search 11-13-2023 0 3	0	3
Brute Force Attack false alert we had a vendor setup a Splunk instance for us a while ago and one of the things they did was setup a Brute Force att... by MalcolmC New Member in Splunk Search 11-13-2023 0 1	0	1
Dashboard Studio : DataSource gets results. MultiSelect token used in Chain search. Spaces in DS result no go. Good Day Ladies, Gentlemen!It's my first Dashboard Studio experience, and one (1) space boggles me.I have a datasourc... by GEO Engager in Splunk Search 11-13-2023 0 1	0	1
Using a Lookup with wildcard to check on logging status Hello all, I have a lookup with a single column that lists source file names and paths. I want to search an index an... by alferone Explorer in Splunk Search 11-13-2023 0 4	0	4
How to filter row if some fields are empty? Hello,How to filter all row if some fields are empty, but do not filter if one of the field has value? I appreciate... by LearningGuy Motivator in Splunk Search 11-13-2023 0 10	0	10
Help with Rex Field Extraction I am trying to write a rex command that extracts the field "registrar" from the below four event examples. The below ... by scout29 Path Finder in Splunk Search 11-13-2023 0 3	0	3
How does Splunk components and infrastructure work under scheduled search? Hello All,I have a SPL which is scheduled to run each minute for a span of 1 hour.On each execution the search runs f... by Taruchit Contributor in Splunk Search 11-13-2023 0 6	0	6
stats count when a given when A > some value AND B > some value Hi Everyone,Hope everyone is alright. I have the below base search. I am trying to built an alertindex=idx-cloud-azur... by man03359 Communicator in Splunk Search 11-13-2023 0 10	0	10
Obtain key with the largest number of objects from array in JSON Good day everyoneSomeone here will have had experience obtaining values from a JSON.. Currently I have _raws in JSON ... by spy_jr Explorer in Splunk Search 11-12-2023 0 2	0	2
Does Transaction work with append [ ... ] ? I have a working query that uses Transaction to find the Starting / Ending log event. I am trying to make some change... by sjringo Contributor in Splunk Search 11-12-2023 0 9	0	9
How to visualize data using the time field from the raw data, as opposed to the Timestamp? Hello, I am a beginner with Splunk. I am experimenting with a csv dataset containing the daily average temperature fo... by phildefer Explorer in Splunk Search 11-12-2023 0 4	0	4
How to Remove Outliers - values greater than 90 percentile Looking help to remove outliers (values greater than 90 percentile responses). For Ex: Response Time --------------... by sabari80 Explorer in Splunk Search 11-12-2023 0 2	0	2
how to reduce multiple results into one based on the earliest time Hi there:I have the following query:source=accountCalc type=acct.change msg="consumed" event_id="" process_id="" po... by djoobbani Path Finder in Splunk Search 11-12-2023 0 3	0	3
Filter events in a time frame by a condition I have the query to find the response code and count vs time (in 1 minute time interval) as below. index=sample_index... by RemyaT Explorer in Splunk Search 11-12-2023 0 2	0	2
Classify into a group Example logs2022-08-19 08:10:53.0593\|Starting2022-08-19 08:10:53.5905\|fff2022-08-19 08:10:53.6061\|dd2022-08-19 08... by Kirthika Path Finder in Splunk Search 11-11-2023 0 2	0	2
How to create multiple events with different values using makeresults Hi there:I have the following makeresults query:\| makeresults count=3\| eval source="abc"\| eval msg="consumed"\| eval t... by djoobbani Path Finder in Splunk Search 11-11-2023 0 4	0	4
Calculate any Server network throughput from Cisco ASA logs. I can see logs from Cisco ASA firewall to Splunk and we are getting logs when a connection close. It have the total d... by Hami-g New Member in Splunk Search 11-10-2023 0 2	0	2