Splunk Search

Community Activity

To extract the timestamp for the events Hi everyoneI need to grouping the below 3 events with correlation ID. I have tried transaction cmd below but it is no... by parthiban Path Finder in Splunk Search 11-07-2023 0 18	0	18
Find three different events within a timeframe for the same user In this dataset, transactions (#3 + #9 + #10 - Mike), and (#5 + #7 +#11 - Alex) -- Would be displayed.#TimeUserTrans... by mlorrette Path Finder in Splunk Search 11-07-2023 0 2	0	2
lookup data not population in final part of query Hi alli have the below query where i have a lookup file with Error messages im trying to match the error messages in... by vk1544 Explorer in Splunk Search 11-07-2023 0 1	0	1
How to get the min, average, max, median event size, standard deviation of event size by sourcetype How to Inspect each feed by different criteria:Average ingestion rate per day, Minimum event size, 24 hour periodAver... by harishsplunk7 Explorer in Splunk Search 11-07-2023 0 3	0	3
Search a particular time of day across multiple days Hello, I'm trying to map out usage by time of day: Morning (6am-8am) Day Off Peak (8am-6pm) Prime Time (6pm-11pm) N... by sambiggins Explorer in Splunk Search 11-07-2023 1 9	1	9
Filtering data using a second query I have data in two different applications. I need to get fields from one query to use as filters for another, like th... by jacu86 Engager in Splunk Search 11-07-2023 0 1	0	1
Convert date and time bunched together to a readable date In my splunk search for getting the date of Nessus plugins feed version used in a scan I get the number returned in t... by splunkthat Engager in Splunk Search 11-07-2023 0 1	0	1
What do "total_slices" represent in the audittrail? I have been investigating a particular search an api user runs which has become markedly slower past a specific date.... by briancronrath Contributor in Splunk Search 11-07-2023 0 4	0	4
help correct eval command Please help me correct the command below. It keeps returning all the devices as no even though the app is installed.i... by olawalePS Path Finder in Splunk Search 11-06-2023 0 7	0	7
how to find what commands in the search language are being used I want to list what commands in the search language are being used. I think its possible in the same _audit index an... by harishsplunk7 Explorer in Splunk Search 11-06-2023 0 4	0	4
index query results against inputlookup return stats/multiple stats Hello and thank you for your time.I would like to run a search in splunk, using the results against inputlookup lists... by DanWilkinson Engager in Splunk Search 11-06-2023 0 2	0	2
Dropdown populated by search ok, now how to set a token based on an alternate field <input type="dropdown" token="tok_choice" searchWhenChanged="true"> <fieldForLabel>host</fieldForLabel> <fieldForVa... by dural_yyz Motivator in Splunk Search 11-06-2023 0 2	0	2
Does Splunk meet 800-53 Audit Reduction requirements and a common Date-Time Stamp capability? I am having trouble finding documentation that explicitly states Splunk's ability to perform audit reduction. I am a... by rotht New Member in Splunk Search 11-06-2023 0 2	0	2
Input on how to perform a search, field extraction and calculation ? Here is what I am attempting to do:I am trying to calculate the distinct count of the 'type' of users that are active... by sjringo Contributor in Splunk Search 11-06-2023 0 3	0	3
Query Pivot multiple columns Hello, I have the below code. I'm trying to create a new column that extracts and pivots CareCnts, CoverCnts, NonCove... by MrJohn230 Path Finder in Splunk Search 11-06-2023 0 3	0	3
Lookup Table with CIDR, running but no matches Hello, I think this is a simple answer but I'm not able to find a solution. I created a lookup table that looks like... by yoshileigh66 Explorer in Splunk Search 11-06-2023 0 6	0	6
Return "Yes" if field exists in another field in the table Hello! I have run a search which results in displaying a table. In this table, I would like to check if a combination... by nanuli Engager in Splunk Search 11-06-2023 0 4	0	4
How to count valuse and display againts another field? Sorry, I am unsure how to describe what I am looking for using Splunk terminology, and I am sure that is why I am hav... by Matrix20085 Explorer in Splunk Search 11-06-2023 0 4	0	4
rare command hello!I have this search, and I want to add more parameters like time etc.the thing is - when I'm using rare its show... by Shakira1 Explorer in Splunk Search 11-06-2023 0 5	0	5
Strptime() Eval command returning empty What is wrong with the query below, it does not return any value in the timestamp field. The attached image shows a r... by olawalePS Path Finder in Splunk Search 11-06-2023 0 3	0	3
visualize stats(sum) Hello SplunkersI can use stats count and visualize the output as a single value so its nice and big in that panel in ... by splunk_novice99 Explorer in Splunk Search 11-05-2023 0 4	0	4
How to use addcoltotals to calculate percentage? How to use addcoltotals to calculate percentage?For example: my search below scoreSum % is empty Thank you for you... by LearningGuy Motivator in Splunk Search 11-05-2023 0 3	0	3
addcoltotals I have used the below query to get the total from that columnIndex="" source=""\| fields queryHits \| table queryHits ... by nithys Communicator in Splunk Search 11-04-2023 0 2	0	2
Filter transaction Hii have log line like this,1-need to group by them by ID,2- filter those transactions that has T[A] #txn116:30:53:00... by indeed_2000 Motivator in Splunk Search 11-04-2023 0 15	0	15
How to find field value, based on where condition, and assign to variable? Good Morning!I rarely get to dabble in SPL, and as such, some (probably simple) things stump me. That is what brough... by sarge338 Path Finder in Splunk Search 11-04-2023 0 6	0	6