Splunk Search

Community Activity

Why is eval case not evaluating fields? Hi, i have a field with the models, like below, and with this info i want to define a new field like brand. i trie... by lemospt Explorer in Splunk Search 07-20-2023 0 3	0	3
How do I search field extraction for table? Hi, I have below scenario. Image_Name and Name_Space are being ingested with below variations in table A. Image_name ... by mbasharat Builder in Splunk Search 07-20-2023 0 16	0	16
Dropdown panel issue- How do I get just one value in DIVISOR? i have two drop down panels Basically when i select any value in Monitored statistics the Divisor value should chang... by venky1544 Builder in Splunk Search 07-20-2023 0 1	0	1
Routing and transforming to two different indexers? Today I have a custom sourcetype = custom:access_combined this is routed in its entirety at the heavy forwarder to tw... by ldnail_at_TI Path Finder in Splunk Search 07-20-2023 0 3	0	3
InfoSec - Continuous Monitoring - Intrusion Detection Dashboard Would someone be able to help me understand how do to this? I would like to modify the built in dashboard in the Inf... by AJSCSA Loves-to-Learn Lots in Splunk Search 07-20-2023 0 1	0	1
Editing current finding variance search Hello,I have an search that is used on a dashboard that I would like tweaked.Currently this search/panel displays the... by bryhoffman Explorer in Splunk Search 07-20-2023 0 1	0	1
Need help with Regex Requirement is to fetch values for all agentName and put it in a field. Tried - 'agentName':\s(?<agentname>.*?,) but ... by sbhatnagar88 Path Finder in Splunk Search 07-20-2023 0 1	0	1
Splunk query to use lookup data as a field value Hi,I have a lookup file which has ClientName,ostype,currentforwarderversion I wanted to know which Client is reporti... by umesh Path Finder in Splunk Search 07-19-2023 0 1	0	1
Rex help From the below logs i want to capture DIM: data and CONSUMER: data using rex i am not sure about rex command much, p... by Harish2 Path Finder in Splunk Search 07-19-2023 0 1	0	1
Unable to access event data for comparison reasons I have ingested configuration information from WebSphere Application Server. Specifically, appserver configuration da... by gsmith93 Engager in Splunk Search 07-19-2023 0 5	0	5
How do I Compare field values between Lookup Table and Sourcetype and find the Delta Hello,I am facing issues to find delta.I have:Lookup Table: testaccount_holder.csv2 Field names in Lookup: account_no... by SplunkDash Motivator in Splunk Search 07-19-2023 0 6	0	6
Optimize a search So we have this alert set up to check to see if any hostnames that are being monitored havnt received any time monito... by Abass42 Communicator in Splunk Search 07-19-2023 0 1	0	1
Is there a query that will table and display the triple: Hi people,There was a good answer provided to part of this question here: Solved: Re: How to display a list of fields... by JohnEGones Communicator in Splunk Search 07-19-2023 0 2	0	2
Add a custom column based on host value Hi, let me first state that I am very new to Splunk.How can I do the following please?I would like to add a column ca... by Naji Explorer in Splunk Search 07-19-2023 0 4	0	4
How to extract message from log events. I want to extract the message that is 'until-successful' retries exhausted from the below logs.And also a second rex ... by avi7326 Path Finder in Splunk Search 07-19-2023 0 4	0	4
Field _time modification based on _time condition .... Hello,I need to modify _time value based on ... _time value. If: 1) original _time is before working hours, than set... by pioootrek Splunk Employee in Splunk Search 07-19-2023 0 2	0	2
How to embed Line chart at statistical table Hello Splunk experts, I'm working over a dashboard where I would like to have statistical table with line chart in th... by krastevk Observer in Splunk Search 07-19-2023 0 1	0	1
External python search - How do I resolve Error "Failed to parse transport header"? Hi guys,I'm trying to write a very simple external python search but it's just not working.I get the following error ... by kepffr Explorer in Splunk Search 07-19-2023 1 6	1	6
Splunk Report- How to remove item from results? Hi Splunkers, I have results in the following way. Country Count Japan 50 USA. ... by revanthammineni Path Finder in Splunk Search 07-18-2023 0 1	0	1
Fetching statistics: Unique discrepancy details, removing numerical characters, and identifying null and deleted values Hello Community,I am fairly new to Splunk, and I am struggling with this. Here is my raw event: these are discrepancy... by adikrhd Path Finder in Splunk Search 07-18-2023 0 15	0	15
Dashboard Panel field concatenation- Can this be done? Hi,In the below code for a panel on my dashboard, I am displaying whether a report/alert is being skipped. If the _ti... by auzark Communicator in Splunk Search 07-18-2023 0 2	0	2
How to group daily results by week more close together? Hello,I have this search for a chart that counts values weekly and divides then by day of the week.Is there any optio... by KalebeRS Explorer in Splunk Search 07-18-2023 0 3	0	3
Why is return command not giving desired result? Hi,I'm trying to exclude list of sites from my search from lookup table its not working as expected, base search sub ... by AL3Z Builder in Splunk Search 07-18-2023 0 11	0	11
doing sum with if condition in search query Hi All!I want to calculate the sum of failed and declined \| eval Msg=if((Failure_Message=="200 Emv error " OR Failure... by man03359 Communicator in Splunk Search 07-18-2023 0 12	0	12
How can I fix tstats error after upgrading to Splunk 9.0.4? Hi All, we had successfully upgraded to Splunk 9.0.4. However, we observed that when using tstats command, we are ge... by keishsplunk Explorer in Splunk Search 07-18-2023 0 4	0	4