Splunk Search

Community Activity

How to showcase the count of devices and userlogged in? Hi Team, We have users logging in multiple devices. So, we need to showcase the count of devices and user logged in.... by Nagalakshmi Path Finder in Splunk Search 08-28-2023 0 6	0	6
Why is subsearch truncating the results with join command? Hi, I am trying to join 2 searches with produce some results but I am getting this error which says - "subsearch pro... by shashank_24 Path Finder in Splunk Search 08-27-2023 0 7	0	7
How to use index time to search the data to avoid skipped searches etc? Dear All, I was going through a Splunk conf 21 where the narrator explained to use the index time instead of search... by mohammadsharukh Path Finder in Splunk Search 08-27-2023 0 1	0	1
Is it possible to set up the VSCode extension to connect to multiple instances? Is it possible to set up the VSCode extension to connect to multiple instances? by kwells New Member in Splunk Search 08-26-2023 0 1	0	1
How to extract value from search response which has a text plus json? Hello I am beginner with Splunk.I made a query and my search result is like text1 text2 text3 response: { "st... by aliosa Loves-to-Learn Lots in Splunk Search 08-26-2023 0 5	0	5
How to get events of selected hosts I have an index which has 15 hosts and around 15 sourcetypes mapped to all hosts. How can I get events of only few s... by splunker09 Engager in Splunk Search 08-26-2023 0 1	0	1
How to add lines of query from somewhere into search query Hi Splunk Experts,I've a big list of rex commands in my search query. While using dashboard I added those rex command... by Thulasinathan_M Contributor in Splunk Search 08-25-2023 0 2	0	2
Compare entire lookup table to another I thought this would be easy but i'm struggling. I have a CSV of firewall rules from yesterday, and a CSV of Firewal... by splunk219783 Path Finder in Splunk Search 08-25-2023 0 1	0	1
How to Print Id's which are not present in Index search? I have a lookup file( with one column combinedrules{}) which would be dynamic and i want to run a scheduled search to... by RahulMisra Engager in Splunk Search 08-25-2023 0 10	0	10
How to modify query if status is offline for 10 mins? hi All, i am using below search to get status if any offline and i want to create alert if status offline for more t... by sekhar463 Path Finder in Splunk Search 08-25-2023 0 18	0	18
Calculate average time between events for a series with a unique identifier HiWe have logs of images created in a series, like below. They are identified by a unique series id, the number of ev... by mikfro Loves-to-Learn in Splunk Search 08-25-2023 0 2	0	2
Check if latest logs contain IOC INDEX Name generated (10 million new records every day)INDEX Fields username, secret, key Lookup file secrets.csv wi... by superuser88 Engager in Splunk Search 08-25-2023 0 4	0	4
timechart response time from proxy servers I simply need to timechart the numeric values from field that is being returned. For exampleindex=proxy \| timechart ... by rstrong30 Loves-to-Learn in Splunk Search 08-24-2023 0 1	0	1
Subsearch all events in another index I have two indexesIndex accounts: [user. payroll]Index employees: [user, emp_details, emp_information] I am trying to... by superuser88 Engager in Splunk Search 08-24-2023 0 2	0	2
How to Compare two mv fields and audit individual results? I'm looking specifically at the index for _configtracker to audit changes to serverclass.conf file. Because the natu... by dural_yyz Motivator in Splunk Search 08-24-2023 0 3	0	3
How to search value in previous time period and add the counts Hi,is it possible to search a field value and then count it for example first today and then add the count of the sam... by Woodpecker Path Finder in Splunk Search 08-24-2023 0 0	0	0
How to extract part of a URL and create alert. Hi, I have the following log lines:2023-08-23 06:27:13,551 DEBUG [org.keycloak.protocol.oidc.utils.RedirectUtils] (ex... by muqeeiz Loves-to-Learn in Splunk Search 08-24-2023 0 3	0	3
How to filters results and convert rows to columns? I have a splunk query to get execution time of methods shown below basesearch \| where like(method,"A") OR like(met... by Splunk_321 Path Finder in Splunk Search 08-24-2023 0 1	0	1
How to Include search results as variable in query? I'm working on building a dashboard that will take a base report and parse it into different items that can be flagge... by dwelbba00 New Member in Splunk Search 08-24-2023 0 5	0	5
Why did The extraction failed - error for Regex? Hi, When I extract any fields from json log, following error is generated "The extraction failed. If you are extra... by hitong Loves-to-Learn in Splunk Search 08-24-2023 0 3	0	3
How to Add percentage to Column? HiI am trying to add % to the "by percent" column only. I can't seem to get it to show.Thanks by woodlandrelic Path Finder in Splunk Search 08-23-2023 0 3	0	3
How to join data from index and dbxquery without using JOIN, APPEND or stats command? Hello,How to join data from index and dbxquery without using JOIN, APPEND or stats command?Issue with JOIN: limit of... by LearningGuy Motivator in Splunk Search 08-23-2023 0 12	0	12
how to change color for column chart \| timechart span=1mon count by status \| addtotals row=t col=f labelfield=Total True False "Not available" fieldname="... by abi2023 Path Finder in Splunk Search 08-23-2023 0 2	0	2
How to join a Transaction search with a non Transaction search Hello,I'm still in the learning process of Splunk searches and I have been tasked to create a table that contains onl... by mninansplunk Path Finder in Splunk Search 08-23-2023 0 5	0	5
How to prevent Splunk from streaming / chunking data to custom search commands? Hi all, I encountered the problem in MLTK that the data from the search is passed in multiple chunks to my custom cla... by pmunaret Explorer in Splunk Search 08-23-2023 1 2	1	2