Splunk Search

Community Activity

How to convert multiple individual json objects into a nested json object ? I want to convert some of the below individual json objects in the event into nested single json object like the seco... by damode1 Path Finder in Splunk Search 05-23-2023 0 2	0	2
How to search or extract specific key/value pair from array? Using the Splunk addon for AWS to collect ec2 instance metadata I get an array called tags with key/value pairs such ... by rolabrie Loves-to-Learn in Splunk Search 05-23-2023 0 8	0	8
How to correlate similar field values together and adding totals? I am trying to use a lookup we use to track usage of exceptions in one of our platforms so that we can remove unneede... by jacobfrasca New Member in Splunk Search 05-23-2023 0 1	0	1
How to create multiple values in time chart based on dropdown menu token? I am looking to have a time chart table that has a dropdown menu based on a token, be able to show all of the values... by jialiu907 Path Finder in Splunk Search 05-23-2023 0 2	0	2
How to get that file to be replicated to the other search heads? I have a cron job that creates a lookup file under $splunkhome$/etc/apps/search/lookups on one of the search heads. H... by umd06 Engager in Splunk Search 05-23-2023 0 1	0	1
How to extract field names from an object or nested JSON field? For these following two events: { "people": { "bob": 172, "maria": 161 } } { "people": { "bob": 1... by SwervyMcBourbon Engager in Splunk Search 05-23-2023 0 2	0	2
How to combine two lookups? On Splunk, I have the following 2 searches: 1)`ABC_logs(traffic)` user != "unknown" src_ip IN () dest_ip IN () \| st... by POR160893 Builder in Splunk Search 05-23-2023 0 1	0	1
How to make timechart with ratio failed/total ? This is my search:message_data_type=gd*\| timechart count by message_data_type limit=10These are my results:But I need... by AnaSpiStats Engager in Splunk Search 05-23-2023 0 3	0	3
How to apply regex to a field? Hello Splunkers, i want to to extract a 10-digit path from a url but unfortunately i always get this error: Error ... by msalghamdi Path Finder in Splunk Search 05-23-2023 0 3	0	3
How to update table only with the values filtered on dropdown selection? I have a table with 3 different csv files that I have to show, with different values.When I select the value that I w... by KalebeRS Explorer in Splunk Search 05-23-2023 0 1	0	1
How to return count column in the existing search? Hello, I have below search query index=my_index openshift_cluster="cluster009" sourcetype=openshift_logs openshi... by super_edition Path Finder in Splunk Search 05-23-2023 0 2	0	2
Federated Search Questions- Authentication option and Indexers? Regarding Federated search: Is the only authentication option username and password? We use SSO on the remote search ... by jonaclough Path Finder in Splunk Search 05-22-2023 0 3	0	3
How to create the proper search to extract all of the fields and their respective field_values from the sample data? Hi Splunkers!Any one able to assist me with a search that I am trying to create below. I want to extract some data fr... by Strangertinz Path Finder in Splunk Search 05-22-2023 0 4	0	4
How do I evaluate on column in space and tab delimited logs? Hello all. I have a log file that looks like this; PROCESS UP STATUS RESTARTS AGEPROCESS1 2/2 Running 0 6d19hPROCES... by HelloItsMe76 Explorer in Splunk Search 05-22-2023 0 3	0	3
How extract data model fields using REST search? I'm trying to at least initially to get a list of fields for each of the Splunk CIM data models by using a REST searc... by Runals Motivator in Splunk Search 05-22-2023 3 3	3	3
What is the fastest way to use a lookup (or match records against a secondary source)? I have index with json data that represents call data (phone calls), but there is nothing native in the index that re... by loganramirez Path Finder in Splunk Search 05-22-2023 0 3	0	3
Why is data is got getting indexed when we are adding csv file from add data under settings? Hi,data is got getting indexed when we are adding csv file from add data under settings .. its events count is showin... by SharmaS2 Explorer in Splunk Search 05-22-2023 0 5	0	5
Upgrade Splunk Enterprise from 8.x to 9.x We are currently required to upgrade our Splunk environment from version 8.2.4 to version 9.x, and we are concerned a... by Amirahussein Path Finder in Splunk Search 05-22-2023 0 1	0	1
How to configure alert when a service is in failed state in a centos server? We have configured some program to run as a service in Unix server. I want to configure an alert in Splunk that when... by londonColney Loves-to-Learn in Splunk Search 05-21-2023 0 0	0	0
How to search for disk usage greater than 70 percent for 10 mins? I wanted to know how we can construct a search query for a service which is running on a centOS server and the utiliz... by londonColney Loves-to-Learn in Splunk Search 05-21-2023 0 2	0	2
Help on SPL for Lateral Movement? Hello Folks, I am new with Splunk. I am looking to build a query to detect lateral movement using Windows Service cre... by john-doe Engager in Splunk Search 05-20-2023 0 3	0	3
How retrieve search results via Splunk API? I recently enabled Splunk tokens (using SAML authentication) and am able to successfully execute basic API calls (suc... by qcjacobo2577 Path Finder in Splunk Search 05-19-2023 0 1	0	1
How to have all of the CLTW workstations to be summed up as 1 count and so forth for the other locations? I am having trouble with using the time chart command effectively to make count of all workstations and with them bro... by jialiu907 Path Finder in Splunk Search 05-19-2023 0 9	0	9
Why are streamstats reset_after for streamstats aggregation not working? Hello,I am trying to use Streamstats with Sum(value) and I want to reset that sum after it reaches a certain threshol... by patientsplunker Loves-to-Learn Everything in Splunk Search 05-19-2023 0 12	0	12
Why did the search job terminat unexpectedly? We have a job which is getting terminated intermittently , even though when this search gets executed successfully it... by VK_27 Loves-to-Learn in Splunk Search 05-19-2023 0 2	0	2