Splunk Search

Community Activity

How would we match static content of error to interesting fields of splunk search by editing lookup table with regex? If we have some error messages with some static and dynamic content. We want to match static content of error to inte... by Naga1 Loves-to-Learn Lots in Splunk Search 05-28-2023 0 1	0	1
How to perform lookup on CSV file from search on index? how to perform lookup on CSV file from search on index?For example below: I want to find out if "name" on employee... by LearningGuy Motivator in Splunk Search 05-28-2023 0 9	0	9
How would I write a Splunk search to build a table for PASS and FAIL? Hello Everyone, I have below query with which I am trying to build a table showing data for SUCCESS for sum of statu... by super_edition Path Finder in Splunk Search 05-28-2023 0 1	0	1
How to extract a word between two words? stream=stdout 9 INFO [DataEnrichmentController] (default task-597) start : comm-uuid : rsvp-service : nljnj42343n43k ... by spatt New Member in Splunk Search 05-27-2023 0 2	0	2
extract fields from json-wrapped postfix logs? I have logs landing in Splunk Cloud that are normal `postfix_syslog` lines, but are wrapped in a `json` object. 3 Exa... by cgosnell New Member in Splunk Search 05-26-2023 0 0	0	0
How to pass token in dashbaord Below is my original xml code for dashboard.from the panel of EPP TimeZone , i have modified the query using tstats, ... by Vani_26 Path Finder in Splunk Search 05-26-2023 0 3	0	3
How to display source IP and destination IP mapping count by connection events? Hi, I am trying to build a dashboard to show a mapping between source IP and destination IP based on different connec... by junster Explorer in Splunk Search 05-26-2023 0 2	0	2
How to find second maximum value I have a search like this to fetch the maximum value. Now the case i wanted to add is, if the maximum value field is ... by sivaranjani Explorer in Splunk Search 05-26-2023 0 4	0	4
How to perform field extraction for key/value pairs with special character used as delimiter? Hello, I have events with Key/Value pair assigned by "="Highlighted in Bold) and separated by special character "^". ... by SplunkDash Motivator in Splunk Search 05-26-2023 0 8	0	8
What is the difference between stats eventstats streamstats? Hi All I'm new to Splunk and I'm confused between stats eventstats and streamstats. Can anyone help me to understand? by maitrifer Engager in Splunk Search 05-26-2023 2 5	2	5
How to compare assets from previous week and highlight the difference? Hello I have created a dashboard that shows the previous 4 days and the equivalent days the week before for asset cou... by supersnedz Path Finder in Splunk Search 05-26-2023 0 3	0	3
Issues with Rollup Events Hello,I have a Roll Up events. One file created every month and new events added up every day within that file. How w... by SplunkDash Motivator in Splunk Search 05-26-2023 0 5	0	5
How to give space in dashboard query? Have drop down vaules like below Extual vaul Index =abc source = abc source Drop down values like prod lable Valu... by Sekhar Explorer in Splunk Search 05-25-2023 0 3	0	3
How to match at least one field from separate events but the same source file? We have a log file that is split into multiple events. In these events we need to count the number of occurrences whe... by dmoberg Path Finder in Splunk Search 05-25-2023 0 2	0	2
Why doesn't the Automatic lookup work? I have a new lookup setup I want to query against it .presently its not working may I know what I have to do in order... by rajneeshc1981 Explorer in Splunk Search 05-25-2023 0 12	0	12
Help with logs line breaking issue? My application logs json object . Sample logs look like this: {"ts":"05 25 2023 14:57:05.114","msg":"Listeners is... by ajitdev381 Engager in Splunk Search 05-25-2023 0 1	0	1
Help with making stats table in decreasing order I am looking for the table to be in decreasing order and with the Total row on top. This is my current search. index=... by jialiu907 Path Finder in Splunk Search 05-25-2023 0 1	0	1
How can I find all scheduled searches that have a timeframe of 'All time'? I am looking to find all scheduled searches within the environment that are using a timeframe of 'All time' e.g. if a... by cwhelan Explorer in Splunk Search 05-25-2023 0 10	0	10
Why am I unable to search with string tokens against two fields on an lookup? Hi, I have a dashboard where the data is coming from a lookup called "ABC" which has 2 fields called "src_ip" and "de... by POR160893 Builder in Splunk Search 05-25-2023 0 2	0	2
How to use timechart to display whether a log exists or not over a certain time range in 15 minute buckets? I am trying to write a search that displays a table that shows whether a log in cloud watch exists or not every 15 mi... by JohnCM8181 New Member in Splunk Search 05-25-2023 0 1	0	1
How to convert nested xml block into json formatted nested block ? I have the below sample botsv3 sample data set which is sysmon in xml format. I need to convert that into json format... by damode1 Path Finder in Splunk Search 05-24-2023 0 5	0	5
How to select the value of a field where another field equals a specific value? Hi! I have a search query problem that's wrecking my newbie brain. I have log events that look like this: { "op... by TravellingGuy Engager in Splunk Search 05-24-2023 0 4	0	4
How can I resolve this syntax error? Hi All I have a room mailbox in office365 and i want to get the information of how many meetings were booked for one ... by risingflight143 Explorer in Splunk Search 05-24-2023 0 1	0	1
How to extract a field in using regex? I am relatively new to Splunk and I am trying to extracting fields in Splunk, I have a pattern I am attempting to ex... by man03359 Communicator in Splunk Search 05-24-2023 0 6	0	6
How to make a for loop query from a lookup table? I have a lookup table from which I need to read the IP addresses one by one, perform calculations on each address, an... by k_ashabi Loves-to-Learn Lots in Splunk Search 05-24-2023 0 7	0	7