Splunk Search

Community Activity

How to chart over multiple fields? my query: index=abd ("start app" AND "app listed") \|rex field=_raw "APP:\s+(<application1>\S+)" \|rex field=_raw ... by mahesh27 Communicator in Splunk Search 07-26-2023 0 4	0	4
Using stats and table command Hi,I am new to splunk, could you please help me with below SPL, I am trying to use stats and table commandWe have 4 e... by Vig95 Engager in Splunk Search 07-26-2023 0 3	0	3
Splunk tstats - Indexes with no traffic dropping off I'm trying to create something that displays long term outages: any index that hasn't had traffic in the last hour.I'... by john_c_calhoun Explorer in Splunk Search 07-26-2023 0 1	0	1
How do i remove values shown in graph In the below graph i see values displayed on top of each bar. How do i remove them? by sravan Explorer in Splunk Search 07-26-2023 0 1	0	1
Splunk Webhook- Can we simply add my JAVA API URL in webhhok to get response payload ? Hi, Against my corporate account I want to enable webhook action to get all responses against a query in my Java API ... by Abhinav Loves-to-Learn in Splunk Search 07-26-2023 0 0	0	0
appen empty values to results in lookup I have the following search to track search usage, i have a list of user who i want to track in a csv file. However, ... by bluewizard Explorer in Splunk Search 07-26-2023 0 2	0	2
How can I count by host? index=abc sourcetype=app_logs \|stats count as events by host, host_ip \|where events >0 When i schedule this as alert... by Harish2 Path Finder in Splunk Search 07-26-2023 0 2	0	2
How to check if the query is running or not in splunk? by AA1 New Member in Splunk Search 07-26-2023 0 1	0	1
Help on where match and rex field commands HiI have a field called ObjectD which is always different for each eventsBut in this field, there is always à charact... by jip31 Motivator in Splunk Search 07-25-2023 0 18	0	18
How to use map command to run for each deviceid? I have the following query, index="xxxx" source="$Device_ID$xxxx*" \| eval Device_ID=mvindex(split(source,"/"),5) ... by Kirthika Path Finder in Splunk Search 07-25-2023 0 6	0	6
Compare a search with two sources I have a search that has "index=A", "Source=A", "Source=B" and both sources have the column "Address"I want to compar... by anmar02930 Engager in Splunk Search 07-25-2023 0 1	0	1
How to set a token from a base search in my dashboard to be consumed in an HTML panel? hi there, I want to display an image based on the result of a search. My dashboard has a "base search" which is use... by swe Path Finder in Splunk Search 07-25-2023 1 6	1	6
How to LDAPGROUP filter by MEMBER_TYPE? I am successfully using some simple LDAPSEARCH + LDAPGROUP searches to produce membership lists for various AD groups... by ddetlef Explorer in Splunk Search 07-25-2023 0 6	0	6
How can I output only the first n characters of field value? HI people, I want from a query to only print out the first n-characters of the field value. So: index=someIndex sou... by JohnEGones Communicator in Splunk Search 07-25-2023 0 3	0	3
Splunk HF exports logs using a CLI command as a Linux crontab? I'm new to Splunk Enterprise, and my task is to forward logs from Splunk HF (AWS EC2 instance) to an AWS Cloud Watch ... by sarvananth Explorer in Splunk Search 07-25-2023 0 3	0	3
How to Easily Copy/Paste or Extract Multiple Results from a Dash? Hi everyone,Working on a dash for which the goal is to automate manual data entry which needs to take place over 100s... by interrobang Explorer in Splunk Search 07-24-2023 0 5	0	5
How to calculate duration by error code? Hi team,I have raw data with status: 200, 404, 503.183080267.ap-southeast-1.elb.amazonaws.com \| app \| 200183080267.ap... by dungnq Loves-to-Learn in Splunk Search 07-24-2023 0 4	0	4
How to perform lookup from index search with dbxquery? How to perform lookup from index search with dbxquery?\| index=vulnerability_index\| table ip_address, vulnerability, s... by LearningGuy Motivator in Splunk Search 07-24-2023 0 10	0	10
When a user queries he gets "insufficient permissions to perform this operation", and when I query I get 0 return events I have created a lookup test123.csv owned by me and A user queries and he gets the error - "User has insufficient pe... by anikeshp7 Path Finder in Splunk Search 07-24-2023 0 6	0	6
Splunk Search Query Suppose there are 10 events as "raw text" in Splunk in last 7 days as below :Event 1 : 7/11/23 5:28:33.265 PM"host":"... by Awanish1212 Explorer in Splunk Search 07-24-2023 0 1	0	1
How to create a Time Chart for duration? Hi looking to create a time chart that has duration on the y axis and start date on the x-axis. The Y- axis is in hou... by Talking_Master Explorer in Splunk Search 07-24-2023 0 1	0	1
time span query Hi All I'd like some help please with a query thats been asked of me and its a little out of my depth the current bel... by PaulaCom Path Finder in Splunk Search 07-24-2023 0 5	0	5
Spl query for host downtime consolidation I have a data like belowServename downtimeWeb1 7 day 2 hWeb2 2 h 23 minWeb2 ... by Harikiranjammul Explorer in Splunk Search 07-24-2023 0 3	0	3
convert data in string format to json is there any function available in splunk which converts the data in string format to json, which is actually json da... by AnilPujar Path Finder in Splunk Search 07-24-2023 0 3	0	3
why does the results from 'eventscount' and displayed DDAS storage usage in CloudMonitoring Console differ wildly? I tried to determine the size of my indexes in preparation for a Splunk Cloud Migration. I figured I could use the "e... by Falko Explorer in Splunk Search 07-24-2023 0 0	0	0