Splunk Search

Community Activity

	Help with splunk search for unix timestamp? I want to create an alert for which I am writing a search query but I am unable to filter using the time range picker... by vinothkumark Path Finder in Splunk Search 07-12-2023 0 5	0	5
	Why do I keep getting outliers in network? Hi Team, I'm trying to find outliers in the network kpi for a project but every time I run this query I get 0 outlie... by Hassan989 New Member in Splunk Search 07-12-2023 0 1	0	1
	How to find the average, min, and max values per minute for a 7 day search? I'm trying to find the avg, min, and max values of a 7 day search over 1 minute spans. For example: index=apihits a... by tkwaller Builder in Splunk Search 07-12-2023 0 7	0	7
	How to add a row with statistics for the last week? Hey guys! I need the statistics of a bunch of data by month. And this is done already. search\|eval Month=strftime(_ti... by qqzj Explorer in Splunk Search 07-12-2023 0 1	0	1
	Excluding logs with specific keywords from dashboards Hello, I have application which ends specific kind of log. Every log have a jobId field and additional information" r... by kp2 Loves-to-Learn Lots in Splunk Search 07-12-2023 0 5	0	5
	Using lookup table to circumvent search time constraints I just want a sanity check to see if this is possible before I go through the effort. I am currently restricted to se... by michaeler Communicator in Splunk Search 07-12-2023 0 3	0	3
	How to work out average Hi all i have a search running with the following resultsdate_year count 2022 ... by PaulaCom Path Finder in Splunk Search 07-12-2023 0 9	0	9
	need time fields extracted as start and end time 1q) i have my search starting with earliest=-1mon latest=now()i want to get the dates as startdate = earliest and end... by venky1544 Builder in Splunk Search 07-12-2023 0 1	0	1
	How to identify '\n' in Splunk rex? SPL as below: \| makeresults\| eval TEST="\n User-Agent: iOS/16.4.1 iPhone\n P-Access-Network-Info: 3GPP-NR-TDD;utran-... by Tao_Zeng Explorer in Splunk Search 07-12-2023 0 6	0	6
	Splunk Enterprise free - user preferences Hi all,I use splunk enterprise with the free license at home. This week I upgraded to version 9.1.0.1 and I was happy... by Hoekb03 Explorer in Splunk Search 07-12-2023 0 1	0	1
	How to extract string before specific character Hello. I want to extract strings anything comes before "\|" .ex.Math \|Math \| Science \| MathEnglish \| MathScience \| Sci... by marinella26 Explorer in Splunk Search 07-12-2023 0 2	0	2
	Httpstatuscode success/failure Hi All,I have 3 API's 1. in first API the status are code 200 & 403 as a success reaming all status codes are failure... by lucky Explorer in Splunk Search 07-12-2023 0 1	0	1
	Unable to get 4 weeks average of same day by each store Hi all , I am trying to get the average of sum of last 5 weeks data by each store . As in if today's monday I want va... by rebelnato New Member in Splunk Search 07-12-2023 0 1	0	1
	Not able to add forward-server on splunk universal forwarder This is what happening, /opt/splunkforwarder/bin # ./splunk add forward-server <splunk-server-ip>:9997it asks for cre... by porasm1998 New Member in Splunk Search 07-12-2023 0 3	0	3
	How to extract random numbers There are over 10000 events and I want to extract events of 100 random Users.Is there any simple way to extract this?... by marinella26 Explorer in Splunk Search 07-11-2023 0 2	0	2
	identify and generate alerts for specific policies Hi all,When I run this query it is not giving any alerts from the policies marked in red color what changes do we nee... by AL3Z Builder in Splunk Search 07-11-2023 0 1	0	1
	How to use rex to extract from logs. I want to extract that BID@ from the log. and for other logs the external ID will be different so what will be the ... by avi7326 Path Finder in Splunk Search 07-11-2023 0 1	0	1
	How to delete events which has timestamp order decreasing? I have the following tableTimestamp 2021-08-09 12:26:55.78522021-08-09 12:26:56.22782021-08-09 12:26:56.22782021-08-0... by Kirthika Path Finder in Splunk Search 07-11-2023 0 0	0	0
	How can I display yesterday data when today's report did not run yet? Hey! I have a dashboard that is updated everyday by a report that runs at 12:30 UTC. All the visualizations are displ... by andregalera Engager in Splunk Search 07-11-2023 0 2	0	2
	How to collect data from a scheduled run by single base search followed by two different search? Hi Splunk Experts,I've a dashboard, where I have a base search and use the base search results in two different Panel... by Thulasinathan_M Contributor in Splunk Search 07-11-2023 0 4	0	4
	Count by two different fields in one result Hello all, i'm sure tje answer exists somewhere but i can't find it...As you can see, i start with this powerfull too... by humi Explorer in Splunk Search 07-11-2023 0 2	0	2
	Classic Dashboard query - 3 visuals with 3 different times Hi all I have a dashboard that i need to build to show number of Helpdesk calls for :1) year to date2) Average monthl... by PaulaCom Path Finder in Splunk Search 07-11-2023 0 3	0	3
	Define a field and get an integer value Hello, I have a log file that do not conform to the log4j standards. The log file entry is as Some text before. Mem=5... by dnikam New Member in Splunk Search 07-11-2023 0 2	0	2
	How to rename and combine results in search? Hi All I have a table showing number of Helpdesk calls and count for the year eg \| search "problemtype.detailDis... by PaulaCom Path Finder in Splunk Search 07-11-2023 0 6	0	6
	subnet I need help creating a regex that extracts subnet masks by lorscardala985 Explorer in Splunk Search 07-11-2023 0 3	0	3