Splunk Search

Community Activity

	Why is return command not giving desired result? Hi,I'm trying to exclude list of sites from my search from lookup table its not working as expected, base search sub ... by AL3Z Builder in Splunk Search 07-18-2023 0 11	0	11
	doing sum with if condition in search query Hi All!I want to calculate the sum of failed and declined \| eval Msg=if((Failure_Message=="200 Emv error " OR Failure... by man03359 Communicator in Splunk Search 07-18-2023 0 12	0	12
	How can I fix tstats error after upgrading to Splunk 9.0.4? Hi All, we had successfully upgraded to Splunk 9.0.4. However, we observed that when using tstats command, we are ge... by keishsplunk Explorer in Splunk Search 07-18-2023 0 4	0	4
	find request but not in response Hi,[12:30:13 INF 0ceafa153290582e1f1faec3f98d84ac] Gateway API\|Request...[12:30:15 INF 0ceafa153290582e1f1faec3f98d84... by nmarun Explorer in Splunk Search 07-17-2023 0 5	0	5
	Splunk Stream for M1/arm-based processor Since Splunk stream doesn't support M1/arm-based processors yet, are there any Splunk stream alternatives that we can... by dantimola Communicator in Splunk Search 07-17-2023 0 0	0	0
	Reverse data table to horizontal Guys, good morningI'm having trouble inverting this table below. I need to leave the horizontal "key_type" informatio... by isac_santana Explorer in Splunk Search 07-17-2023 0 2	0	2
	finding percentage different between last week and week before? I have spl in splunkindex=demo search compliance= standard1 \| timechart span=1week count by status \| add totals row=t... by abi2023 Path Finder in Splunk Search 07-17-2023 0 1	0	1
	Why are my sourcetypes not loading any data? I have installed Splunk add on for AWS and created the inputs, which have a listed source type. However, when I try t... by henryf Explorer in Splunk Search 07-17-2023 0 7	0	7
	Correlate multivalues and count each relation to other values Hi.I need help in understanding how this can be done:The application's log have a multivalue like this:<somedata> [fi... by Lithyum Engager in Splunk Search 07-17-2023 0 2	0	2
	Strange behavior of values function Is there anyone who can explain me strange behaivor of "values" function. I created statistic by "stats" with "values... by emzed Path Finder in Splunk Search 07-17-2023 0 4	0	4
	Format table I've a search that return a table like this:column1 column2 column3 a ... by rissois Observer in Splunk Search 07-17-2023 0 2	0	2
	comparing two string doesn't work i have a search query and i want to add another condition to check the url if test!=staging. the first test is coming... by rezaeimo Explorer in Splunk Search 07-17-2023 0 9	0	9
	Flow chart Hi,I have a table of 3 columns: Event name, time(=when the event happened) and source (file name).I need to create a ... by maayan Path Finder in Splunk Search 07-17-2023 0 1	0	1
	Flatten JSON associative array with variable key names that even containing dots I have JSON event data like this (it is shown as a collapsable tree structure in the event view): { "data": { ... by rikinet Path Finder in Splunk Search 07-16-2023 0 3	0	3
	Finding events for users that have not been seen in the last X days I need to create a baseline for what is common in an environment before creating a rule.The rule can be as simple as:... by Liran Observer in Splunk Search 07-16-2023 0 2	0	2
	UserID exists in query 1 but not query 2 by host ? I have been trying to figure this out but getting stumped. I have seen other questions similar but just slightly diff... by sjringo Contributor in Splunk Search 07-15-2023 0 8	0	8
	Job terminated unexpectedly with no obvious error if too many rex mode=sed commands in query I am trying to summarize AWS ELB Access Logs. Once I get the raw URLs, I need to substitute out the path and query p... by john_arrowwood Explorer in Splunk Search 07-15-2023 0 4	0	4
	How to compare a particular word with each and every word in the list of host and get the below output . I have a list of below host in a csvuasws12usaws120usaws11usaws13susaws13usaws130usaws14usaws15usaws16usaws17usaws173... by AyushiSrivas Loves-to-Learn in Splunk Search 07-15-2023 0 8	0	8
	When clicking on table header want to sort by case insensitive We have table with a list of users. Some user names are all lower case, some all upper case, some mixed case. We can ... by simpkins1958 Contributor in Splunk Search 07-15-2023 0 6	0	6
	Split pattern into multiple rows? Split pattern in CSV lookup format into multiple rows\| lookup table.csvNote that the number of SubnetID-IP pair is no... by LearningGuy Motivator in Splunk Search 07-14-2023 0 3	0	3
	How to add multi-value key-value pairs to current event? Greetings.Suppose I have an event schema of just a URL, where the query section of the URL may change: ```ndjson{ url... by cdieringerwm Observer in Splunk Search 07-14-2023 0 3	0	3
	Splitting results by matched conditions \|tstats count where index=app-data (TERM(Errors) TERM( Started) TERM( in) TERM(s) TERM(ms)) OR (TERM(system) T... by mahesh27 Communicator in Splunk Search 07-14-2023 0 3	0	3
	calculating percentage using eval and stats commands Hi, I am working on a task: calculating the percentage of employees working in food industry for each country. I trie... by manju1318 Engager in Splunk Search 07-14-2023 0 2	0	2
	How to achieve 90 perccentile and average on the same query? How to calculate 90 percentile and average on the same query. following query is not providing 90 percentile values ... by sabari80 Explorer in Splunk Search 07-14-2023 0 5	0	5
	How do we enhance the dlp search ? Hi,I need a help in enhancing the below search if users triggers one or more of these policies:Index=dlp sourcetype... by AL3Z Builder in Splunk Search 07-14-2023 0 3	0	3