Splunk Search

Community Activity

Splunk time format conversions? How do I convert the below time format 2023-05-02T02:35:47Z into2023-05-03 15:37:22 by pavanae Builder in Splunk Search 05-03-2023 0 1	0	1
How to resolve Splunk "StatsFileWriterLz4" write failed file? HI Splunk pals, I am getting an error when trying to write a relatively large file using tstats. splunk "StatsFileWri... by Keysofsandiego Path Finder in Splunk Search 05-03-2023 0 0	0	0
How to make Search Visualization where count=0? Complete novice here, but I was able to get my search result thanks to others who have had questions. Currently I'm s... by ToddClayton Engager in Splunk Search 05-03-2023 0 2	0	2
How can I view Splunk results via GUI when job was started via API? I have a problem where I need to use the Splunk API to return timechart graphs as an image, however as the API cannot... by Tosheey123 Loves-to-Learn in Splunk Search 05-03-2023 0 1	0	1
How to onboard Sophos Firewall logs in Splunk Cloud instance? Team, I am new to Splunk Cloud. I need someone's help to get stated with Splunk. I have the Splunk cloud instance up ... by ravikm_bdvt New Member in Splunk Search 05-03-2023 0 1	0	1
Large-scale index deduplication-What are the best practices for managing duplicates over a large index? My team has duplicate events in our index (~600 GB). We have fixed duplicate source and need to remove the existing d... by brayps Explorer in Splunk Search 05-03-2023 0 3	0	3
How to perform TTest in Splunk? Hi Team, I want to calculate p value of tTest from Splunk query any suggestions? by Veerendra Loves-to-Learn Lots in Splunk Search 05-03-2023 0 0	0	0
How to use foreach to extract value from another json object? I am trying to get the values from one json object using the keys from another json array. \| makeresults\| eval lim... by GaryZ Path Finder in Splunk Search 05-02-2023 0 3	0	3
How to compile 3 searches into one to get the following Information: SAML Group, Splunk Role, index? These are the 3 searches I have found, but I need to combine them so that I can get the information all out on one se... by NanSplk01 Communicator in Splunk Search 05-02-2023 0 6	0	6
How do I get the sum of similar values in chart? Hello, thank you in advance for your time.I need to perform the sum of similar fields that results in a chart.My curr... by Borys New Member in Splunk Search 05-02-2023 0 2	0	2
If my field value name changed, can I still search to chart all the data? my field value name got modify. under network config field name. field value used to be "port 80 blocked"now it got c... by abi2023 Path Finder in Splunk Search 05-02-2023 0 4	0	4
How can I share a lookup script with other apps? I have a lookup script that is placed in my apps bin folder. How can I use this external lookup from other apps? Whe... by jameshgibson Path Finder in Splunk Search 05-02-2023 3 3	3	3
What is the most efficient way to reconcile the data from 2 indexes and create a report? I wanted to reconcile the data from 2 indexes say index=A and index=B both indexes have some common fileds like field... by iamsplunker Communicator in Splunk Search 05-02-2023 0 3	0	3
Is there a way to replace values that say null with nothing? We use Axonius to pull in identities. When creating the the search some of the values come in with the word "null". ... by lmmills Explorer in Splunk Search 05-02-2023 0 2	0	2
How to parse field data with delimiter from dbxquery result? how to parse field data with delimiter from dbxquery result?For example: Dbxquery result isFW Rule name: DNSFW Rule: ... by LearningGuy Motivator in Splunk Search 05-02-2023 0 3	0	3
Why are field values not displaying? I was running a search to display the last one week count for each notable and i used a query like this below index=n... by krish9vuda New Member in Splunk Search 05-02-2023 0 1	0	1
Is there anyway in Splunk to search in Date field? my Spl is my base search \| transaction ID \| stats count values(Date) as Date value(field1) as field1 by ID I get resu... by abi2023 Path Finder in Splunk Search 05-02-2023 0 3	0	3
Is it possible to event break from a single field? I do have a multivalue field with the letters cls and tenant at the end of it. Is it possible to break the data into ... by rpraveena03 New Member in Splunk Search 05-02-2023 0 3	0	3
How to solve Error parsing URL in Splunk? Hello, I'm trying to parse URLs in Java logs (*.trace), it works for complete URL with this following request : index... by Badab New Member in Splunk Search 05-02-2023 0 2	0	2
How to achieve difference between rate_sum and rate_avg aggregations using mstats command? Hi, I am trying to create a timechart using mstats command but I have some questions as follows, I would appreciate i... by tankelvi New Member in Splunk Search 05-02-2023 0 2	0	2
Subquery - How can I modify format with multiple conditions? Hello,The default format of my subsearch result looks like: (( Host_Name="srv1" AND icid="va1_icid1" AND mid="val_mid... by emilep Explorer in Splunk Search 05-02-2023 0 5	0	5
How can I get the latest result? my spl base search \|transaction ID \| table date field1 field2 ID my result Date field1 fiel2 ... by abi2023 Path Finder in Splunk Search 05-01-2023 0 2	0	2
How can I lookup update field value question? I have sanitized the index names-I have users that have propagated a lookup command in dashboards that is now a major... by Dallastek1 Path Finder in Splunk Search 05-01-2023 0 2	0	2
How to match my lookup table? my lookup table is history data for the search I am running. from my search and my lookup table I have command field ... by abi2023 Path Finder in Splunk Search 05-01-2023 0 1	0	1
How do I search for outdated data in the index and delete it, retaining only the latest information? Hello, I'm working on IOC but unfortunately, keeping them in a lookup table is already getting messy and we have to i... by wvpony Engager in Splunk Search 05-01-2023 0 2	0	2