Splunk Search

Community Activity

How to pass parameter from savedsearch to a macro (inside the savedsearch) ? hey guys, i'm stuck with this macro problem, where i cannot run a savedsearch with a macro inside it. 1. i have a sav... by highsplunker Contributor in Splunk Search 06-22-2023 0 1	0	1
Any examples of using now() inside map command? It appears that using now() inside of the map command will always return the time that the map was started rather tha... by fredclown Builder in Splunk Search 06-21-2023 0 7	0	7
How to join different fields together? I have an index called index=advanced_hunting and in this index there is a field called category, where there are sev... by jhilton90 Path Finder in Splunk Search 06-21-2023 0 2	0	2
How can I use a variable from a lookup in a search? I have a lookup table that contains usernames and userids. I want to use this to match a username to userid & vice ve... by wgawhh5hbnht Communicator in Splunk Search 06-21-2023 0 4	0	4
How to set token value based on selection from multiselect input? Hi @Splunkers, I created panel which give output based on multiselected fields, both are having different sources/in... by dhirendra761 Contributor in Splunk Search 06-21-2023 0 7	0	7
AdminManagerDispatch- How do I resolve this error? I was setting `ModularInputs` to WARNING.. wanted to know the default value of `AdminManagerDispatch` ... as of now i... by ydholakia Splunk Employee in Splunk Search 06-21-2023 0 0	0	0
How to write a regex to cover few options? Hi people, I need help designing a regex that will cover the below strings, please. ---------------------------------... by DanAlexander Communicator in Splunk Search 06-21-2023 0 9	0	9
How do I fix my tsidxstats search? Please! Help me fix search code. Thank you very much! by mrphu New Member in Splunk Search 06-21-2023 0 1	0	1
How to segregate the count or limit the count to 1? index="go_pro" Appid="APP-5f" prod (":[ Axis" OR "ErrorCode" OR "System Error" OR "Invalid User :")\| rex field=_raw "... by Aj01 Path Finder in Splunk Search 06-21-2023 0 4	0	4
How can I get Membership information? Hi All i have an unified group(i.e office365 unified group) created from Office365. i want to know membership detail... by risingflight143 Explorer in Splunk Search 06-21-2023 0 1	0	1
How to extract nested JSON fields and array from Splunk data using spath? I'm trying to extract some information from nested JSON data stored in Splunk. Here's a simplified and anonymize... by siksaw33 Path Finder in Splunk Search 06-21-2023 0 11	0	11
How to create unique event? Hello! I have some events just like this 2023-06-20 17:25:35.878 INFO Trace:[::] [#kafka-producer-network-thread \| p... by alexeysharkov Path Finder in Splunk Search 06-20-2023 0 6	0	6
How to identify an unusual source sending a high volume of emails, excluding VCP public wifi from the 172 Host? Hi,I'm trying to build a search query for the Unexpected Host Sending a Large Amount of Email in which i need to Exc... by AL3Z Builder in Splunk Search 06-20-2023 0 3	0	3
How to count specific field in a mini batch log events? Each log event has more than 1 transaction because we are logging a mini batch log events. So, for every 2 minutes a ... by VP1 Loves-to-Learn in Splunk Search 06-20-2023 0 2	0	2
How can I refer part of query as a table? I have a dbx query plus SPL commands that makes me a certain table, which I want to refer to via a table name, is it ... by jonvijay1993 Explorer in Splunk Search 06-20-2023 0 2	0	2
How to search a list of all enabled apps in Splunk and their versions on a search head? Hi, Could you please help me to create a search which can list all apps enabled in Splunk (on splunk search head) an... by thezero Path Finder in Splunk Search 06-20-2023 1 12	1	12
Index based search for user being added to multiple windows groups? Hello Folks, Needed help with index based search for any user being added to multiple windows groups (preferably more... by john-doe Engager in Splunk Search 06-20-2023 0 3	0	3
Splunk Search to get time if exceeds cut off time on account of day changed? Hai All,Good day,we have event in splunk for job_name Test job HAS START_TIME at 2023/06/15 23:30:33 and END_TIME 2... by sekhar463 Path Finder in Splunk Search 06-19-2023 0 4	0	4
How to calculate percentage based on 3 different searches with Joins? Is that possible? First query: index="raw_es2" app message="[Login][Password]Login simplified active." \| stats count by message \| renam... by francine0 New Member in Splunk Search 06-19-2023 0 1	0	1
How cache fields are computed in index _audit? Hello All,I need help to understand the cache related fields returned by _audit index for scheduled searches.duration... by Taruchit Contributor in Splunk Search 06-19-2023 0 0	0	0
How to find top 10 URLs with high response time? Hello Team, I need to have top 10 url's in the order of max average response time taken. Could you please help in tha... by Devi13 Path Finder in Splunk Search 06-19-2023 0 2	0	2
How to create a join when first search contains multivalues for single field? Hi,I'm trying to join two searches where the first search includes a single field with multiple values. The matching ... by Woodpecker Path Finder in Splunk Search 06-19-2023 0 1	0	1
How to combine events having one field value same and create single row? Hi, Require to combine events having one field value same and create single row . Query: index=webmethods_dev5555_in... by Abhineet Loves-to-Learn Everything in Splunk Search 06-19-2023 0 1	0	1
What is the best way to use if clause with where? Hello Community, I have a table: Filename Status file1 1 file2 0 \| eval Status=if(where S... by appsik Explorer in Splunk Search 06-19-2023 0 2	0	2
What is the difference between run_time and total_run_time? Hello all, I need help to understand the difference between two fields run_time (fetched from index: _internal) and t... by Taruchit Contributor in Splunk Search 06-19-2023 0 1	0	1