Splunk Search

Community Activity

Lookup against an Array I'm trying to run a lookup against a list of values in an array. I have a CSV which look as follows:idxy123DataData2... by gbam Explorer in Splunk Search 11-10-2023 0 1	0	1
Calculating duration of several events in a row with the same field value I'm having some trouble coming up with the SPL for the following situation:I have some series of events with a timest... by Roynsky Engager in Splunk Search 11-10-2023 1 1	1	1
How do I extract multiple values for a field in the same event using field extractions? Hello, I have the following event (all lines belong to the same event): A Tue Oct 30 13:54:12:863 2018 A ** RABAX:... by damucka Builder in Splunk Search 11-10-2023 0 6	0	6
Extract and count IDs from a table Hi!  I have a fallowing table:SESSION_IDSUBMITTED_FROMSTAGE1 submit1startPagesomeStage12 submit2page1someStage12page... by wkk Explorer in Splunk Search 11-10-2023 0 4	0	4
Search peers / Replication status / Initial I'm trying to setup a distributed search. I have successfully added my search peers to the search head already. The ... by kevinsikora Explorer in Splunk Search 11-10-2023 2 4	2	4
Compare two timestamps Hello, We are implenting splunk in our environment and right now i import every 7 days our vulnerability scan to spl... by LionSplunk Explorer in Splunk Search 11-10-2023 0 5	0	5
extracting texts from a field Hello there:I have the following two events:Event #1source=foo1 eventid=abcmessage="some message dfsdfdfgfdggfg fgdfd... by djoobbani Path Finder in Splunk Search 11-09-2023 0 4	0	4
converting this search to hours instead of days Hi im trying to convert this search to show totals in hours instead of days/dates can anyone help me please?index=ana... by Peterm1993 Explorer in Splunk Search 11-09-2023 0 6	0	6
How can I find an event count of event that are less than a p95 duration? I need to identify the count of events that have a duration that is less than the p95 value.Sample searchindex=xyz st... by mark_groenveld Path Finder in Splunk Search 11-09-2023 0 7	0	7
Working with OpenTelemetry Cumulative Histogram Bucket with Calculations Hi, I am new to Splunk and couldn't figure out how to work with OpenTelemetry's histogram bucket in Splunk. I have a ... by cchan Loves-to-Learn in Splunk Search 11-09-2023 0 0	0	0
MLTK import error- Does anyone have suggestions? initially MLTK was working fine but now I started getting this error "Error in 'fit' command: (ImportError) DLL load ... by badrinath Path Finder in Splunk Search 11-09-2023 0 1	0	1
how to join 2 lookup files to combine all the rows. how to join 2 lookup files to combine all the rows. I used this query but not giving proper values and used join/appe... by Anud Path Finder in Splunk Search 11-09-2023 0 7	0	7
Splunk Search results limit 4999 Hello, Currently, I am using the append command to combine two queries and tabulate the results, but I see only 4999 ... by kc_prane Communicator in Splunk Search 11-09-2023 0 4	0	4
search query Hi there:I have two events shown below:Event #1source=foo1eventid=abcdEvent #2source=foo2event_id=abcdI am trying to ... by djoobbani Path Finder in Splunk Search 11-09-2023 0 1	0	1
Better PDF report visualization Hello, i am reaching out to ask if there is any way to make the chart that was generated with the scheduled PDF repor... by Abass42 Communicator in Splunk Search 11-09-2023 0 0	0	0
grouping count by multiple field substrings Hi,We currently have events where identifying the app that makes the event depends multiple fields, as well as substr... by OrionCulver Explorer in Splunk Search 11-09-2023 0 5	0	5
Automated lookup using KVstore lookup I have a KV store collection that is populated. I have a lookup definition pointing to the KV store. If you use the... by coreyCLI Communicator in Splunk Search 11-09-2023 0 6	0	6
Encrypt the Source data Hi All, My requirement is source data records data need to be encrypted. What does process need to follow? Is there a... by vijreddy30 Loves-to-Learn Everything in Splunk Search 11-09-2023 0 3	0	3
How to apply eval to fields with complex names? I am basically faced with this problem: \| makeresults count=3 \| streamstats count \| eval a.1 = case(count=1, 1, coun... by duesser Path Finder in Splunk Search 11-09-2023 0 1	0	1
Trying to create a custom Field Extraction I am trying to write a regex to extract a field called "registrar" from some data like i have below. Can you please h... by scout29 Path Finder in Splunk Search 11-08-2023 0 4	0	4
way to detect half-duplex connections Does anyone know a pattern for detecting half-duplex connections from server/laptop sources to server destinations? n... by virginiatech199 Explorer in Splunk Search 11-08-2023 0 1	0	1
parse ps command I have events like this :11/06/2023 12:34:56 ip 1.2.3.4 This is record 1 of 5USER PID %CPU %MEM VSZ RSS TTY STAT STAR... by lorinj62 Engager in Splunk Search 11-08-2023 0 3	0	3
splunk merge field values I have a field called environment which has values like dev,prod,uat,sit.Now I want to create a new_field which all t... by viku7474 Explorer in Splunk Search 11-08-2023 0 3	0	3
Comparing every elements in a list with a table Hello! Could you advise, please, how can I compare results of 2 searches, which returns results in a different format... by oleg90 Explorer in Splunk Search 11-08-2023 0 6	0	6
How to limit search results to * % of all results I've got a search query which outputs 175 rows. I want it to output only top 5%. The row count will change over time ... by kk2204 Explorer in Splunk Search 11-08-2023 0 6	0	6