Splunk Search

Community Activity

Help with Splunk query in combining two source types? Hi,I have two source types CardMember_cycle_data (with card member cycle date info) and CardMember_Demographic_data (... by sujoybose77 Explorer in Splunk Search 06-08-2023 0 1	0	1
Can I fix this tstats where error? Hi, So i have this search: \| tstats prestats=true count WHERE index=_ot (source="sgre" OR o_wp="sgre*") A... by Imhim Explorer in Splunk Search 06-08-2023 0 5	0	5
How to merge two diff queries, but display only if the patching has happened? Index = prod-x7 host IN ( 12345678) sourcetype=“Wineventlog” Eventcode=“19” \|eval patching = if(eventcode =“19”, “ok”... by haripotu Loves-to-Learn Everything in Splunk Search 06-07-2023 0 3	0	3
How to extract last words? Hi I have sample like this Source Sample time fr... by akshayinnamuri Loves-to-Learn Lots in Splunk Search 06-07-2023 0 1	0	1
AppInspect check_indexes_conf_does_not_exist too restrictive? Background to this question I am the developer of a Splunk app, recently published on Splunkbase, that is intended f... by Graham_Hanningt Builder in Splunk Search 06-07-2023 1 4	1	4
How can I use timechart with Where condition and stats? Hello!I am trying to figure out how to convert an table query into a histogram using timechart(), but I am having iss... by Alanmas Explorer in Splunk Search 06-07-2023 0 4	0	4
How to use splunk MLTK to detect outliers in case to find latency anomalies? Hi Team, I have a field "duration". There are lot of APIs for which this field is populatedcan i use the Detect outli... by amitrinx Explorer in Splunk Search 06-07-2023 0 3	0	3
How to merge two very high volume index into one? Hello, I have 2 index, one that received about 40 millions records per day and the other one about 80% of the first i... by usernamejpblais Engager in Splunk Search 06-07-2023 0 4	0	4
How to compare two KV files? Need to compare 2 KV files and report the missing records of File1 in File2File 1: Row#roll numbersName Registration ... by akshaycloud11 Loves-to-Learn Lots in Splunk Search 06-07-2023 0 2	0	2
How to use subsearch without a field name? (but just with field value for more than one fileld) Here is the document, but how?https://docs.splunk.com/Documentation/Splunk/8.2.6/Search/Changetheformatofsubsearchres... by thanchen Explorer in Splunk Search 06-07-2023 0 10	0	10
How to send individual email notifications to emails in a field? Hello, I have a search query which list users and there email addresses as the result. Now I want to send individual ... by Dayalss Engager in Splunk Search 06-07-2023 0 2	0	2
How to write rex command by comparing two different indexes? Hi all, I need your help in validating my query. Please help.. in indexA , fields are: user, login(user=firstname, lo... by RanjiRaje Explorer in Splunk Search 06-07-2023 0 4	0	4
Why are events are not displayed in the search results because _raw fields exceed the limit of 16777216 characters? Hi Team I am getting below warning notification from indexers , can someone help how to clear this . "Search peer X... by ssuluguri Path Finder in Splunk Search 06-06-2023 1 3	1	3
How can I resolve return 0 for "No Results Found"? Hi, I have a query where I'm extrapolating type based on a conditional then counting by type. This works great when t... by philh Explorer in Splunk Search 06-06-2023 0 4	0	4
How to compare Field Values of Two Different Fields from Two Lookups? \|inputlookup lookup1,csv \|fields IP Host_Auth \|lookup lookup2.csv IP output Host_Auth as Host_Auth.1 Some of the fiel... by atebysandwich Path Finder in Splunk Search 06-06-2023 0 1	0	1
How to count total with only displaying one stat? I am looking to display only one statistic row being named Total with the count of all of the hosts added up, which s... by jialiu907 Path Finder in Splunk Search 06-06-2023 0 3	0	3
Correlation Analysis Labs- How do I modify search to display the transactions in table? index=web sourcetype=access_combined \| transaction _time,clientip, JSESSIONID,action How do I Modify my search to dis... by Nadeem New Member in Splunk Search 06-06-2023 0 3	0	3
Why is this search returning the wrong result? The search query it showing only the roles for currently logged-in user. But this is not what we are looking for, we ... by Lavani Observer in Splunk Search 06-06-2023 0 2	0	2
How to combine values from fields in different indexes using it to sort? Hi, I'm trying to combine values from two different fields in two different indexes. But it seems to come up blank. I... by FGAnders Explorer in Splunk Search 06-06-2023 0 4	0	4
How to compare the date from the lookup and write new value? Hello, Splunkers.Problem Statement:I've searched the data with "date" and "score" to get the latest data and got the ... by zen29d Explorer in Splunk Search 06-06-2023 0 5	0	5
How to get count ? I have a table in splunk with columns\|table _time idx Event_count IsOutlier Actual_outlier atf_hour_of_day atf_day_o... by MG Engager in Splunk Search 06-06-2023 0 2	0	2
How to compare two inputlook kv columns? Hi There, we have two inputlook kv (File1 and File2) files and I want to compare 3 columns (AvsA, BvsB, CvsC) betwee... by akshaycloud11 Loves-to-Learn Lots in Splunk Search 06-06-2023 0 8	0	8
What is the SPL for cancelled / timed out searches? Hi everyone, I've a scenario where Splunk is timing out in querying customer SIEM environments and reporting as poten... by McMac84 Engager in Splunk Search 06-06-2023 0 2	0	2
How to get the 0 data rows using tstats query? Original query: index=app-data sourcetype=clientapp-code \|rex field=_raw "\Status\:(?<Code>.*?)\\|" \|eval Failed=if... by Vani_26 Path Finder in Splunk Search 06-06-2023 0 2	0	2
How to merge the field value and its count into one field? I am relatively new to Splunk and I am trying to create a field that contains the field value and its count into one... by man03359 Communicator in Splunk Search 06-06-2023 0 5	0	5