Splunk Search

Community Activity

	Splunk Alert search time latest=-5m@m OR latest=now Hello everyone,I'm currently setting up a lot of alarms in Splunk, and a question has arisen regarding what is better... by Flenwy Explorer in Splunk Search 10-27-2023 0 2	0	2
	i want the output in the below format. please answer my query how to achieve it. i want the output in the below format :-Input as below:-host sql instance db nameabc ... by AyushiSrivas Loves-to-Learn in Splunk Search 10-27-2023 0 1	0	1
	Dedup Command Using All Available Memory Hello,Didn't get any hits on this issue so starting a new thread, and didn't find any previous defect reported on thi... by Dennis Explorer in Splunk Search 10-27-2023 0 3	0	3
	eventtype=A eventtype=B is this an OR or an AND? As I understand the documentation ANDs are implied, so "eventtype=A eventtype=B" is the same as "eventtype=A AND eve... by gerrysr6 Explorer in Splunk Search 10-27-2023 0 1	0	1
	Splunk app for AWS security dashboard shows '0' data Splunk app for AWS security dashboard shows '0' data, need help to fix this issue when I try to run/edit query shows... by Gaikwad Explorer in Splunk Search 10-27-2023 0 3	0	3
	Cannot break for some events by lines Hello to everyone!I have a strange issue with some events that come from our virtual environment.As you can see in t... by NoSpaces Contributor in Splunk Search 10-27-2023 0 16	0	16
	conditional count(eval) Hi community,\| eval ycw = strftime(_time, "%Y_%U")\| stats count(eval("FieldA"="True")) as FieldA_True, c... by learningquery Explorer in Splunk Search 10-26-2023 0 11	0	11
	Passing token value to another dashboard Hi There! I'm having the dropdown "office" in dashboard 1 as a multiselect (full office, half office), based on th... by smanojkumar Contributor in Splunk Search 10-26-2023 0 6	0	6
	help with splunk query for getting current concurrency configs & utlization and role utilization I am trying to setup a dashboard which gives me details like user's current concurrency settings & roles utilization ... by Sid Explorer in Splunk Search 10-26-2023 0 2	0	2
	How to fetch the current utilization from defined search quota for a given user? Hello All,Using the below code, I get the defined quota limits for each role in Splunk environment: - \|rest /service... by Taruchit Contributor in Splunk Search 10-26-2023 0 2	0	2
	Dispositions values in reports Hello,I am trying to make report which will display what notables were closed with what disposition. But unfortunatel... by xyberdef Explorer in Splunk Search 10-26-2023 0 4	0	4
	universal forwarder installation in ubuntu on windows hi i am windows user i am trying to install universal forwarders in ubuntu i am a windows user can anyone share like ... by pm New Member in Splunk Search 10-26-2023 0 1	0	1
	Timechart and auto bin sizing What I am trying to do is graph / timechart active users. I am starting with this query:index=anIndex sourcetype=pe... by sjringo Contributor in Splunk Search 10-26-2023 0 2	0	2
	How to extract using rex I want to extract the below contractWithCustomers and contracts using rex named as entity . For ID 1349c1f4-989c-4... by avi7326 Path Finder in Splunk Search 10-26-2023 0 3	0	3
	Why does strptime not parse timestamps to nanoseconds (%9N/%9Q)? Splunk Enterprise 9.0.5.1Hello!I have to calculate the delta between two timestamps that have nanosecond granularity.... by andrewtrobec Motivator in Splunk Search 10-26-2023 0 1	0	1
	API /timeserieswindow endpoint returns 400 When I call:https://api.{REALM}.signalfx.com/v1/timeserieswindowwith my access token as header: X-SF-TOKENI receive:{<!-- -->... by PiotrSekula New Member in Splunk Search 10-26-2023 0 0	0	0
	How to replace blank with "NA" while using Rex command I am extracting these three values and if there is any empty value in any of the fields, it returns as no result.How ... by manojchacko78 Path Finder in Splunk Search 10-26-2023 0 2	0	2
	Use Subsearch to insert commands Hello,I would like to use a subsearch to literally paste a command into the SPL e.g.: \| makeresults [\| makeresults \|... by duesser Path Finder in Splunk Search 10-26-2023 0 8	0	8
	Need to use 2 time range pickers in a single query I have a query to retrieve user experience metrics from Dynatrace index. Wanted to compare the response times for 2 d... by sabari80 Explorer in Splunk Search 10-26-2023 0 7	0	7
	How can I add metadata to events at the forwarder? I'd like to add metadata to my events at the source and change the _meta value periodically without restarting the fo... by rphillips_splk Splunk Employee in Splunk Search 10-26-2023 0 7	0	7
	Extract multiple groups (rex), key/value pairs comma separated I'm looking for the regular expression wizards out there. I need to do a rex with two capture groups: one for name, a... by ejwade Contributor in Splunk Search 10-26-2023 0 2	0	2
	Is there a way to encrypt sensitive data in index time and decrypt it in search time in Splunk? Hi folks, Is there a way to encrypt sensitive data in index time and decrypt it in search time in Splunk ?if yes, how... by human96 Communicator in Splunk Search 10-26-2023 0 8	0	8
	Having timestamp at the end of json entry - cannot view other fields Hi,I am trying to upload elastic log file to splunkthis is an example of one entry in a long log:{"_index":"index-00"... by yossieven New Member in Splunk Search 10-26-2023 0 3	0	3
	stats count Hello again splunk expertsThis is my current situation:-job_no field4131 string1 ... by splunk_novice99 Explorer in Splunk Search 10-25-2023 0 2	0	2
	Change a metadata value programaticaly Hi everyone,Do you know a way to change the value of a metadata for a universal forwader ?I add my own metadata with ... by michaelissartel Explorer in Splunk Search 10-25-2023 0 2	0	2