Splunk Search

Community Activity

How to display next 10 numbers? Hi Splunkers, Here I'm asking help on Splunk query. I have a csv file with some numbers between 101-999, I need to wr... by thippeshaj Explorer in Splunk Search 06-18-2023 0 2	0	2
How to dynamically select column in an XY series? Hello! I am currently trying to dynamically select columns in my output that are generated by an xyseries. I am compa... by ajones Explorer in Splunk Search 06-17-2023 0 2	0	2
How to remove null values then add fields? Hi all, would love help with this one. I currently have a query where I have 4 different processing times by session... by user33 Path Finder in Splunk Search 06-17-2023 0 5	0	5
How to exclude users from service account values: a generic approach? Hi,I'm attempting to create a method to exclude users from service account values without excluding a particular serv... by AL3Z Builder in Splunk Search 06-17-2023 0 15	0	15
Extract multiple JSON fields I am trying to create a table whereby two of the values are within a JSON array. The data in each array entry is base... by srcno Loves-to-Learn in Splunk Search 06-16-2023 0 5	0	5
How to remove comms and parenthesis? index="myIndex" app_name="myappName" My.Message = "failed to retrieve the workOrder"\| rex "Order (?<Order>[^\s]+)"... by Sureshp191 Explorer in Splunk Search 06-16-2023 0 10	0	10
How do I create a search to show Cisco logins sorted by User? I can search through cisco logs easily enough, and can also sort for logins, or failed logins without issue - but sin... by Crabbok Engager in Splunk Search 06-16-2023 0 1	0	1
How to add unique count column on the stats result? Hi, I have data as below \| date \| buyer \| product \|\| Jun-1 \| A \| P-01 \|\| Jun-1 \| A \| P-02 \|\| Jun-1 \| B ... by mia Explorer in Splunk Search 06-16-2023 0 3	0	3
How to write query to find perimeter fw details? Hi, I am trying to build a query on perimeter firewall how we can find the ips hitting to the fw. Thanks by AL3Z Builder in Splunk Search 06-16-2023 0 20	0	20
How to cancel scheduled alerts if no logs are being ingested? Hi, currently I have scheduled alerts that are triggered based on file count results. If count of 'file x' for that d... by Ana01 Loves-to-Learn Everything in Splunk Search 06-15-2023 0 2	0	2
How to extract two characters before last set of numbers in a string? Tried many variations but just cant get it right. Example Data:onetwoap321.siteonethreap3ua.somesiteoneforpd210.site... by jenkinsta Path Finder in Splunk Search 06-15-2023 0 2	0	2
How to combine two searches/data sets into one table? I have two searches/data sets that I would like to combine into a table, and am not entirely sure on what the correct... by Apples Explorer in Splunk Search 06-15-2023 0 4	0	4
Does anyone have an idea how to make a bitwise AND operation for a high number of events in Splunk? Hey all The PAN-OS traffic log include a log field ‚flags‘ ‚Flags‘ is a 32-Bit field that provide details on session.... by Berma New Member in Splunk Search 06-15-2023 0 3	0	3
How to get eval assignment of a nested JSON list does not assign? Hi, I'm trying to assign a list from a nested JSON event { "timestamp": "2023-06-14T18:03:57.047201+00:00", . ... by splunked38 Communicator in Splunk Search 06-15-2023 0 2	0	2
How to alert when a field value has > 500 events? Hello, I'm not sure how to achieve this. I need to create an alert for when a field (user) value has > 500 events fo... by mninansplunk Path Finder in Splunk Search 06-15-2023 0 2	0	2
How to make a query that counts by comparing values? I'm new to splunk and I'm asking for help. I will give an example as below. if event_id or orig_event are the same, c... by hyewonkim Engager in Splunk Search 06-15-2023 0 3	0	3
How to exclude data that is already duplicated? Hi , I have somthing data need to deduplicate. I got some data from two database and save in different indexes . I us... by Hong_TP Engager in Splunk Search 06-15-2023 0 1	0	1
Why is lookup not showing results? Hey all, Does anyone know why this isn't working (I'm a new Splunk user)? I'm trying to show the errorMessageFilter, ... by TolTest Explorer in Splunk Search 06-15-2023 0 10	0	10
How to build multisearch dynamically? This is mostly just a curiosity, motivated by this post on how to compare a particular time interval across multiple ... by w564432 Explorer in Splunk Search 06-14-2023 0 7	0	7
Is there any way to display single accurate values within each cell of the table? I have used search query like this- \| savedsearch REPORT1 \|chart values(COLUMN3) AS Status BY COLUMN2 PROCESS_ID\| fil... by Sss Path Finder in Splunk Search 06-14-2023 0 2	0	2
Why am I am receiving an error in 'rex' command? I am trying to use a similar splunk query:index="myIndex" appname="myapp" msg.result.message ="TradingSymbol(s):" \|... by Sureshp191 Explorer in Splunk Search 06-14-2023 0 4	0	4
How to go about stats count by a values between a range? I am trying to return data for a pie chart with a specified range of values. How would I go about this? \| stats co... by jenkinsta Path Finder in Splunk Search 06-14-2023 0 2	0	2
Is it possible to consider "time" as "_time" on logstash config? Hi I have logstash config that send logs to Splunk HEC. these data contain field that call "time". Now question is: I... by indeed_2000 Motivator in Splunk Search 06-14-2023 0 5	0	5
Why is search query within link is showing "Unexpected close tag" error? We are trying to run a rex command inside of a custom drill down link. Here is the relevant XML Code we are using: ... by whorst1 Engager in Splunk Search 06-14-2023 2 3	2	3
How can we create an API call that returns a link to a report? We need to call a search via the API and return a link to a report, produced by this call. Is it doable? So, I have s... by danielbb Motivator in Splunk Search 06-14-2023 0 1	0	1