Splunk Search

Community Activity

	How to add a variable from a lookup table to filter results? I am trying to do a tstats command to get the last logged time a server has sent logs. My server list i want in the ... by Gggflyer New Member in Splunk Search 08-09-2023 0 1	0	1
	How to convert time duration in minutes? I want convert minutes like (1.78,1.80,1.84,1.95) to (1h:44m,1h.55m,1h.44m,1h.58m) for example we have 1 hour 95 minu... by ramkyreddy Explorer in Splunk Search 08-09-2023 0 7	0	7
	How to create Splunk lookup query? I have a lookup test_lookup with 2 fields a1 and b1. The field a1 is common with the fields in the raw data.the value... by phularah Communicator in Splunk Search 08-09-2023 0 3	0	3
	How to extract the below mentioned fields from the raw date to interesting fields to apt the efficient query Hi Team,I was trying to find out the workstations clock out of sync logs in splunk by using the below query. but I ca... by Muni9066 New Member in Splunk Search 08-09-2023 0 2	0	2
	How to extract and rename field from JSON I have an index, where each event is a JSON object, the structure is as follows: { "otherFields": "othe... by itnewbie Explorer in Splunk Search 08-09-2023 0 6	0	6
	Why is multiple OR not working as expected with AND clause in search query? Hi Everyone,I have a requirement to implement a search query where I have 3 unique values and one common value3 uniqu... by hgoyal Engager in Splunk Search 08-09-2023 0 10	0	10
	How to create Alert query when date in field is less that 30days? Hi Team, I am setting up an alert on Splunk where my data is in below format. I am writing a query where it returns ... by drogo Explorer in Splunk Search 08-09-2023 0 1	0	1
	How to flatten xyseries results multiple columns? Trying to do a cross-reference multi-search that gathers specific result counts for two outputs (column1 & column2). ... by interrobang Explorer in Splunk Search 08-08-2023 0 8	0	8
	How to create alert on if log message does not appear? Hi, I have a splunk source which does have data ingestion from multiple servers, i want to setup an alert on that sou... by batham Explorer in Splunk Search 08-08-2023 0 1	0	1
	Splunk event combine: How to get data of one timestamp in a single event? Hello Splunkers!! I have used DB connect to fetch the data from oracle database table and after ingesting the data I... by uagraw01 Motivator in Splunk Search 08-08-2023 0 2	0	2
	How to subsearch with JOIN with multiples fields? I'm trying to build a search that returns the changes that were made to the GPO. For this, I have my main search that... by wmvalente New Member in Splunk Search 08-08-2023 0 0	0	0
	mstats and eval - How to get free memory in GB instead of bytes? Hi I have following query to show a graph of the free memory on the server. This working nicely. However, the numbers... by bloodseaker Explorer in Splunk Search 08-08-2023 0 5	0	5
	How to search the event log based on a parameter value from another search from the same event log? We would like to have the search results based on the following criteria. We have records in the event log with the f... by vijayaxyz New Member in Splunk Search 08-08-2023 0 2	0	2
	How to find the delta, what values are missing in lookup table comparing the actual data? Hi,I am facing issues to find delta.I have:Lookup Table: testpolicies.csvField names in Lookup: policynameindex=test ... by innoce Path Finder in Splunk Search 08-08-2023 0 3	0	3
	How to combine Eventtype Search and lookup data into one table? Hi Everyone,I have an search query and a lookup.Search query gives some filenames and their time of creation and in m... by hgoyal Engager in Splunk Search 08-08-2023 0 2	0	2
	Data Trim I have some questions regarding data trim.From which version data trim has been added?What is the parameter to trim... by Siddharthnegi Contributor in Splunk Search 08-08-2023 0 19	0	19
	How to parse events before indexing? Hi Splunk Experts,I want to break all lines as a single Line event [\r\n]. But if there are logs with stacktrace I wa... by Thulasinathan_M Contributor in Splunk Search 08-08-2023 0 10	0	10
	How to display Dashboard Studio Map display simply information? Dear All how to display simply infor when i move mouse over the point in the map? when i move mouse over the point, d... by Jianming Explorer in Splunk Search 08-07-2023 0 0	0	0
	How to get data for last week and current week? I have data stored in the csv file, which contains the time field. I want the data for complete last week and also th... by agupta13 Engager in Splunk Search 08-07-2023 0 2	0	2
	Selected Fields - Open in new tab (or window) - Value does not carry over. There are several topics related to this , but it seems they not exactly what im asking (ie those are related to cust... by spunk311z Path Finder in Splunk Search 08-07-2023 0 2	0	2
	How to compare multivalue fields? Union, intersection, membership tests When comparing multivalue fields, there are a number of relationships one might be interested in.Equality is easy to ... by emottola Explorer in Splunk Search 08-07-2023 0 2	0	2
	Splunk SaaS licensing usage ovetime per index. Please let me know the Splunk SaaS cloud licensing usage over time per index. by sathiyasun Explorer in Splunk Search 08-07-2023 0 1	0	1
	How to Extract Fields from web_input app? How would you extract fields from this Data, I would like to extract the panel ID, watts, grid Hz, grid voltage and t... by MGlass Explorer in Splunk Search 08-07-2023 0 3	0	3
	How to create a Splunk search for the following problem? My base search PAGE_ID=*\| where PAGE_ID=DGEFH OR PAGE_ID =RGHJH NOT NUM_OF_MONTHS_RUN>=6 AND NOTNUM_OF_INDIVIDUA... by kc_prane Communicator in Splunk Search 08-07-2023 0 3	0	3
	How can we use tstats with TERM and PREFIX? I'm trying to run - \| tstats count where index=wineventlog* TERM(EventID=4688) by _time span=1m It returns n... by danielbb Motivator in Splunk Search 08-07-2023 0 6	0	6