Splunk Search

Community Activity

Using multiple lookup tables in a query index=netlogs [\| inputlookup baddomains.csv \| eval url = ".domain."" \| fields url] NOT [\| inputlookup good_domains.... by MM0071 Path Finder in Splunk Search 11-16-2023 0 2	0	2
Splunk API Script Help All,Leveraging the following article (https://community.splunk.com/t5/Other-Usage/How-to-export-reports-using-the-RES... by qcjacobo2577 Path Finder in Splunk Search 11-16-2023 0 1	0	1
Search and count by multiple specific substrings in a field Hello. I have logs which contains field "matching" which is a String type. This field contains this kind of informat... by chimuru84 Path Finder in Splunk Search 11-16-2023 0 17	0	17
Need help with nested json and spath I've seen a few of the spath topics around, but wasn't able to understand enough to make it work for my data. I have ... by manderson7 Contributor in Splunk Search 11-16-2023 0 2	0	2
How to calculate percentrank in Splunk? How to calculate percentrank in Splunk?I appreciate your helpBelow is the expected result: Percentrank exc and Perc... by LearningGuy Motivator in Splunk Search 11-16-2023 0 12	0	12
I need to add filter to error query into total transaction query so that i can get filtered error counts as well as Hi, i need to add filter to error query into total transaction query so that i can get filtered error counts as well ... by Aj01 Path Finder in Splunk Search 11-16-2023 0 1	0	1
how to extract field from csv raw data below csv file getting generated which is ingested into splunk. These are the file counts created date wise on differ... by ravir_jbp Explorer in Splunk Search 11-16-2023 0 4	0	4
Splunk left join not returning as expected I have the below code. I know that values exist under the subsearch which are not returning when I run the below quer... by MrJohn230 Path Finder in Splunk Search 11-16-2023 0 6	0	6
How to display one row table in a pie chart? How to display one row table in a pie chart?Thank you for your help.index=test---- Score calculation -----\| table Sco... by LearningGuy Motivator in Splunk Search 11-16-2023 0 3	0	3
Line graph by instance and time Hello, I have the below Splunk search and I want to put the results into a line graph so I can compare all of the dis... by danroberts Explorer in Splunk Search 11-15-2023 0 1	0	1
optimize lookup search I have a lookup file with 50,000 records. When I want to do a search, it takes a lot of time to find my results. Is t... by badoomi New Member in Splunk Search 11-15-2023 0 5	0	5
Automatic lookup during data ingestiont (Splunk cloud) Hi folksI've a KVstore containing the following values: hostname, IP address.This KVstore is updated every hour to en... by pslacik Splunk Employee in Splunk Search 11-15-2023 0 0	0	0
How to extend Splunk log retention to forever? We use splunk for data analysing and monitoring. We have the Service Now add in to collect CMDB data. It goes back an... by johnrbhancock Engager in Splunk Search 11-15-2023 0 3	0	3
Joining two events and compare to needed result Hi , I am trying to find the list of ids that fail from my logs. Say I have 2023-11-14T10:30:30,118 INFO Operation fa... by dharbhm New Member in Splunk Search 11-15-2023 0 6	0	6
inputlookup - count of values including Null Hello,I have a lookup file and I would like to use it to search a dataset and return a table showing each entry in th... by warren Explorer in Splunk Search 11-15-2023 0 4	0	4
Remote desktop user Hi,The code is likeindex=main host=server10 (EventCode=4624 OR EventCode=4634) Logon_Type=3 NOT user="*$" NOT user "... by gjhaaland Explorer in Splunk Search 11-15-2023 0 2	0	2
Alternative/Compliment to stats first() \| makeresults \| eval _raw="id;x;y;z;k a;1;;; a;;1;; a;;;1; a;2;;; a;;2;; a;;;;1 b;1;;; b;;1;; b;;;1; b;2;;; b;;2;; b... by duesser Path Finder in Splunk Search 11-15-2023 0 3	0	3
Join 2 searches which has common fields as 2 different field name with same value Hi, My main goal is to find user id.Index=A sourcetype=signlogs outcome=failureThe above search has a field name call... by Dharani Path Finder in Splunk Search 11-15-2023 0 3	0	3
How do i use if/case functions using lookup table search? Hello,I have a use case where I have a bunch of email alerts that I need to determine the system name for.Examples, l... by umithchada Explorer in Splunk Search 11-14-2023 0 5	0	5
How to find the most recent log event for each user ? Here is what I am attempting to write SPL to show. I will have users logged into several hosts all using a web appli... by sjringo Contributor in Splunk Search 11-14-2023 0 2	0	2
Add description to field value Hello, I have a system log which contains different DNS error messages (in the 'Message' field) and I am looking for ... by phildefer Explorer in Splunk Search 11-14-2023 0 1	0	1
Extract text from message field I need to extract a string from a message body, and make a new field for it. <Junk_Message> #body \| Thing1 \| Stuff2... by codedtech Path Finder in Splunk Search 11-14-2023 0 1	0	1
How do I find all duplicate events? I suspect that I may have duplicate events indexed by Splunk. The cause may be my originating files having dupes OR m... by maverick Splunk Employee in Splunk Search 11-14-2023 17 14	17	14
Join data from 2 indexes Hi All, i have 2 indexes having below 2 queries host,hostname are common for both, want to add sourceIp using 2nd s... by sekhar463 Path Finder in Splunk Search 11-14-2023 0 6	0	6
How to group messages based on substring Hello community. I'm trying to extract information from a string type field and make a graph on a dashboard. In the g... by chimuru84 Path Finder in Splunk Search 11-14-2023 0 12	0	12