Splunk Search

Community Activity

	How to calculate variance of a group leaving one ID at a time? I have the data as below: LoginID AccessDateOrganizationSectionlogCount 110thAprilO1S11.39211thAprilO2S21.76312th... by Veerendra Loves-to-Learn Lots in Splunk Search 04-20-2023 0 5	0	5
	What is the spl code to use the output of Panel_1 to other panels? Hi all, I want to implement 2 panels in one dashboard.Output of Panel_1 will be a list of ID that meet the search key... by Jouman Path Finder in Splunk Search 04-20-2023 0 3	0	3
	How can I combine two graphs into one? I have the following queries: index=myIndex app_name IN (my-app-a, my-app-b) process=end \| eval app_name = repla... by yk010123 Path Finder in Splunk Search 04-20-2023 0 3	0	3
	How to find events immediately following/preceding another event? I have to search for events I have one event let's say MIT=" step started"and another event says MIT=" step completed... by AjayTakur Loves-to-Learn Everything in Splunk Search 04-20-2023 0 3	0	3
	How to extract dates where no-traffic? Hi All, I want to extract the dates for last 1 month where there is no-traffic in my application using splunk query. ... by jp_duraimurugan Engager in Splunk Search 04-20-2023 0 3	0	3
	Having trouble with rex matching wildcards with escaped double quotes Hi there, I am having some trouble matching patterns from a search string using the rex command.I will show the messa... by weropitjpoerit Engager in Splunk Search 04-20-2023 0 2	0	2
	How to find events that haven't happened in a given amount of time? I'm looking over vulnerability scan data and have the _time field formatted as \| eval Last_Scanned = strftime(time... by atebysandwich Path Finder in Splunk Search 04-20-2023 0 6	0	6
	How to merge two different index and calculate time for start event and event end? I have two event 1 index= non prod source=test.log "recived msg" \| fields _time batchid Event 2 index =non-agent sou... by Sekhar Explorer in Splunk Search 04-20-2023 0 12	0	12
	How to exclude data from a field? Is there a way to exclude specified data from a single field. The example I have is on Destination IP addresses from ... by MR1992 Explorer in Splunk Search 04-20-2023 0 4	0	4
	How to remove double quotes from extracted field values Filed extracted like rex field = msg " student information\" : (?<studentname>.*?)," Student name getting like below"... by Sekhar Explorer in Splunk Search 04-20-2023 0 3	0	3
	Matching field from two different index and source I have two event start event having extracted fields from log managerid ,branch I'd,empname using index = emp source... by Sekhar Explorer in Splunk Search 04-20-2023 0 1	0	1
	How to remove repeated duplicate values? I am trying to remove duplicates in my result using the \|dedup command. Even though I am seeing 2 entries in my resul... by alexspunkshell Contributor in Splunk Search 04-20-2023 0 6	0	6
	How to achieve auto filed value extraction? Hi Team, I have to do auto field extraction of the fields coming inside the payload under <mTypes>....</mTypes> to th... by pm2012 Explorer in Splunk Search 04-20-2023 0 5	0	5
	How would I value map ip addresses? I have an example data on csv named invent.csv like this: I want to map ip values to host output using lookup usin... by f_666dhn Explorer in Splunk Search 04-19-2023 0 1	0	1
	How to write this query in Splunk? This is application insight query which i need to write in splunk , can some one help me please let a=traces\| where c... by Anidy21 Engager in Splunk Search 04-19-2023 0 7	0	7
	How can I find results only iff the previous queries returns results? I calculate the requests per second for my application using the following query: method!=GET process="start" \| tim... by yk010123 Path Finder in Splunk Search 04-19-2023 0 1	0	1
	Querying log events based on field values nested inside a escaped raw JSON property Hi, I need some help with querying log events based on field values nested inside a escaped raw JSON object property.... by btsr Explorer in Splunk Search 04-19-2023 0 4	0	4
	How to reliably use a \| rex command in a dashboard? Hi, I regularly have the problem, that I save searches containing regexes with $ characters to a dashboard where they... by bitnapper Path Finder in Splunk Search 04-19-2023 0 11	0	11
	Search Keywords with search button I am currently working on a search dashboard. I have the dashboard created and the search (Submit Button). In this ... by ASR1022 Loves-to-Learn Lots in Splunk Search 04-19-2023 0 4	0	4
	VT4Splunk APP correlation with paloalto Hi, I have installed the virustotal add-on for Splunk.When I enter the dashboards that are already pre-built I find t... by splunkcol Builder in Splunk Search 04-19-2023 0 0	0	0
	How to whitelist through subsearching with out lookups? So there's ton of documentations of whitelisting through the subsearch approach using lookups, however, is it possibl... by Henesys New Member in Splunk Search 04-19-2023 0 3	0	3
	What timeframe do REST API searches use? I need to count the number of times an alert has triggered in a specific time window (say, last 24 hours). I am tryi... by random_event Explorer in Splunk Search 04-19-2023 0 3	0	3
	Rex field extraction I have a field called 'description'. I want to be able to extract MD5, SHA1, SHA256 values present in this field.Need... by zacksoft_wf Contributor in Splunk Search 04-19-2023 0 3	0	3
	How to search for values greater than 90 days? index=test sourcetype=csv source=prtg.csv host=prtg device=all "Down for"=*\| rename "Down for" AS Downtime\| eval "Dow... by willsy Communicator in Splunk Search 04-19-2023 0 7	0	7
	How to replace blank values with "0"? Trying to replace the blank values on my dashboard with 0s. If table is empty, should display 0. On the logs data, it... by harshparikhxlrd Path Finder in Splunk Search 04-18-2023 0 2	0	2