Splunk Search

Community Activity

How to find second maximum value I have a search like this to fetch the maximum value. Now the case i wanted to add is, if the maximum value field is ... by sivaranjani Explorer in Splunk Search 05-26-2023 0 4	0	4
How to perform field extraction for key/value pairs with special character used as delimiter? Hello, I have events with Key/Value pair assigned by "="Highlighted in Bold) and separated by special character "^". ... by SplunkDash Motivator in Splunk Search 05-26-2023 0 8	0	8
What is the difference between stats eventstats streamstats? Hi All I'm new to Splunk and I'm confused between stats eventstats and streamstats. Can anyone help me to understand? by maitrifer Engager in Splunk Search 05-26-2023 2 5	2	5
How to compare assets from previous week and highlight the difference? Hello I have created a dashboard that shows the previous 4 days and the equivalent days the week before for asset cou... by supersnedz Path Finder in Splunk Search 05-26-2023 0 3	0	3
Issues with Rollup Events Hello,I have a Roll Up events. One file created every month and new events added up every day within that file. How w... by SplunkDash Motivator in Splunk Search 05-26-2023 0 5	0	5
How to give space in dashboard query? Have drop down vaules like below Extual vaul Index =abc source = abc source Drop down values like prod lable Valu... by Sekhar Explorer in Splunk Search 05-25-2023 0 3	0	3
How to match at least one field from separate events but the same source file? We have a log file that is split into multiple events. In these events we need to count the number of occurrences whe... by dmoberg Path Finder in Splunk Search 05-25-2023 0 2	0	2
Why doesn't the Automatic lookup work? I have a new lookup setup I want to query against it .presently its not working may I know what I have to do in order... by rajneeshc1981 Explorer in Splunk Search 05-25-2023 0 12	0	12
Help with logs line breaking issue? My application logs json object . Sample logs look like this: {"ts":"05 25 2023 14:57:05.114","msg":"Listeners is... by ajitdev381 Engager in Splunk Search 05-25-2023 0 1	0	1
Help with making stats table in decreasing order I am looking for the table to be in decreasing order and with the Total row on top. This is my current search. index=... by jialiu907 Path Finder in Splunk Search 05-25-2023 0 1	0	1
How can I find all scheduled searches that have a timeframe of 'All time'? I am looking to find all scheduled searches within the environment that are using a timeframe of 'All time' e.g. if a... by cwhelan Explorer in Splunk Search 05-25-2023 0 10	0	10
Why am I unable to search with string tokens against two fields on an lookup? Hi, I have a dashboard where the data is coming from a lookup called "ABC" which has 2 fields called "src_ip" and "de... by POR160893 Builder in Splunk Search 05-25-2023 0 2	0	2
How to use timechart to display whether a log exists or not over a certain time range in 15 minute buckets? I am trying to write a search that displays a table that shows whether a log in cloud watch exists or not every 15 mi... by JohnCM8181 New Member in Splunk Search 05-25-2023 0 1	0	1
How to convert nested xml block into json formatted nested block ? I have the below sample botsv3 sample data set which is sysmon in xml format. I need to convert that into json format... by damode1 Path Finder in Splunk Search 05-24-2023 0 5	0	5
How to select the value of a field where another field equals a specific value? Hi! I have a search query problem that's wrecking my newbie brain. I have log events that look like this: { "op... by TravellingGuy Engager in Splunk Search 05-24-2023 0 4	0	4
How can I resolve this syntax error? Hi All I have a room mailbox in office365 and i want to get the information of how many meetings were booked for one ... by risingflight143 Explorer in Splunk Search 05-24-2023 0 1	0	1
How to extract a field in using regex? I am relatively new to Splunk and I am trying to extracting fields in Splunk, I have a pattern I am attempting to ex... by man03359 Communicator in Splunk Search 05-24-2023 0 6	0	6
How to make a for loop query from a lookup table? I have a lookup table from which I need to read the IP addresses one by one, perform calculations on each address, an... by k_ashabi Loves-to-Learn Lots in Splunk Search 05-24-2023 0 7	0	7
Why is heavy forwarder not sending _audit and _internal logs to indexer? Hi All, We noticed that one of our Heavy Forwarder has not been sending _audit and _internal logs to our indexer. It ... by neeravmathur Path Finder in Splunk Search 05-24-2023 0 7	0	7
Email regex from mail.log to extract 2 email addresses, display them in a table? I have mail.log. This is displayed in the "Event" column: May 24 14:02:05 srv7 amavis[10129]: (10129-08) Passed C... by devtech83 Engager in Splunk Search 05-24-2023 0 1	0	1
Why does Dropdown retain entries from old query result? I have a query for for my dropdown with tokens inserted here and there and whenever the values on those tokens change... by jonvijay1993 Explorer in Splunk Search 05-24-2023 0 4	0	4
Nessus data charting- How to make a trend chart of specific data set? I am making a trend chart of specific data set. What I am looking for is (generic example)index=nessus \| eval Month=s... by jenkinsta Path Finder in Splunk Search 05-24-2023 0 2	0	2
How to execute/ignore block of code based on token values? I have a union [] command that I want to execute only if a check box is checked, how can I manage this? SPL2 branch d... by jonvijay1993 Explorer in Splunk Search 05-24-2023 0 11	0	11
What is the quickest and safest way to move indexed data from one location to another? What's the quickest and safest way to move indexed data from one location to another? I have data that is currently s... by acontarciego Explorer in Splunk Search 05-23-2023 3 7	3	7
How to convert multiple individual json objects into a nested json object in an event ? I want to convert some of the below individual json objects in the event into nested single json object like the seco... by dm1 Contributor in Splunk Search 05-23-2023 0 2	0	2