Splunk Search

Community Activity

Field Extraction Issue - Need True/False comparison of all Values to Max Value of Same Field I'm wanting to avoid using saved searches and lookup tables as much if possible so it's easily maintainable by anyone... by BinaryAddict Engager in Splunk Search 07-27-2023 0 2	0	2
need help with regex field extraction between square brackets I am still trying to get my head around regular expressions in splunk, and would like to use regex that could parse t... by Steve_A200 Path Finder in Splunk Search 07-27-2023 0 3	0	3
Getting max/last value on different period Hello,I have an index with a field that record how long a computer has been running. Basically, when I display the in... by Altexec New Member in Splunk Search 07-27-2023 0 1	0	1
Extracting specific parts from _raw logs Hi All,Can anyone help me create a regex to extract the bolded parts from the following _raw log, please?meta sequenc... by DanAlexander Communicator in Splunk Search 07-27-2023 0 7	0	7
Savedsearch - alternative to CRON job? I have a savedsearch running on a 5 minute cron schedule iteratively working through a list of previously saved searc... by GregSmith Explorer in Splunk Search 07-27-2023 0 2	0	2
How to troubleshoot Splunk search performance slow by Ramana246 Explorer in Splunk Search 07-27-2023 0 2	0	2
Trying do not use a join Hi guys!I have a static snapshot lookup that stores a lot of information about vulnerabilities actives on my hosts in... by pierre_weg Path Finder in Splunk Search 07-27-2023 0 2	0	2
If a field position change in logs then how to trace? Hello everyonePlease assist me in solving the problem below.I'm attempting to determine how to track it in Splunk if ... by mk00928640 New Member in Splunk Search 07-27-2023 0 6	0	6
Search for multiple keywords. Hi, I want to do a search having multiple strings. Example: Consider,I am looking for SearchKey1 and SerachKey2 I... by ykmohank New Member in Splunk Search 07-27-2023 0 3	0	3
How can I pull all the service name in a list? Hi, I need help! I have this query. Ticket_Encryption_Type=0x17 Account_Domain="ad.contoso.com" but I need, pull all ... by leonuz01 Engager in Splunk Search 07-26-2023 0 1	0	1
How can I compare Todays result with yesterdays? I have the code below and I need to get the statuses yesterday and today with respect to API value.My current search ... by Teemanny Engager in Splunk Search 07-26-2023 0 7	0	7
How to calculate SUM by type? Hello everyone, I am trying to SUM the columns. index="nzc-neel-uttar" source="http:kyhkp" \| timechart span=1d count... by Neel881 Path Finder in Splunk Search 07-26-2023 0 3	0	3
How to Split a field that is the subject of a Top command? When I ran the following query: index="myindex" sourcetype="hamlet" environment=staging \| top limit=10 client \| e... by Naji Explorer in Splunk Search 07-26-2023 0 4	0	4
How to chart over multiple fields? my query: index=abd ("start app" AND "app listed") \|rex field=_raw "APP:\s+(<application1>\S+)" \|rex field=_raw ... by mahesh27 Communicator in Splunk Search 07-26-2023 0 4	0	4
Using stats and table command Hi,I am new to splunk, could you please help me with below SPL, I am trying to use stats and table commandWe have 4 e... by Vig95 Engager in Splunk Search 07-26-2023 0 3	0	3
Splunk tstats - Indexes with no traffic dropping off I'm trying to create something that displays long term outages: any index that hasn't had traffic in the last hour.I'... by john_c_calhoun Explorer in Splunk Search 07-26-2023 0 1	0	1
How do i remove values shown in graph In the below graph i see values displayed on top of each bar. How do i remove them? by sravan Explorer in Splunk Search 07-26-2023 0 1	0	1
Splunk Webhook- Can we simply add my JAVA API URL in webhhok to get response payload ? Hi, Against my corporate account I want to enable webhook action to get all responses against a query in my Java API ... by Abhinav Loves-to-Learn in Splunk Search 07-26-2023 0 0	0	0
appen empty values to results in lookup I have the following search to track search usage, i have a list of user who i want to track in a csv file. However, ... by bluewizard Explorer in Splunk Search 07-26-2023 0 2	0	2
How can I count by host? index=abc sourcetype=app_logs \|stats count as events by host, host_ip \|where events >0 When i schedule this as alert... by Harish2 Path Finder in Splunk Search 07-26-2023 0 2	0	2
How to check if the query is running or not in splunk? by AA1 New Member in Splunk Search 07-26-2023 0 1	0	1
Help on where match and rex field commands HiI have a field called ObjectD which is always different for each eventsBut in this field, there is always à charact... by jip31 Motivator in Splunk Search 07-25-2023 0 18	0	18
How to use map command to run for each deviceid? I have the following query, index="xxxx" source="$Device_ID$xxxx*" \| eval Device_ID=mvindex(split(source,"/"),5) ... by Kirthika Path Finder in Splunk Search 07-25-2023 0 6	0	6
Compare a search with two sources I have a search that has "index=A", "Source=A", "Source=B" and both sources have the column "Address"I want to compar... by anmar02930 Engager in Splunk Search 07-25-2023 0 1	0	1
How to set a token from a base search in my dashboard to be consumed in an HTML panel? hi there, I want to display an image based on the result of a search. My dashboard has a "base search" which is use... by swe Path Finder in Splunk Search 07-25-2023 1 6	1	6