Splunk Search

Community Activity

Is there any way we can control logs generation time? Hi, Can you advise on my Query. Splunk Universal Forwarder installed on client machine, the are generating log files ... by VijayA Explorer in Splunk Search 04-11-2023 0 4	0	4
How to compare fields between db and lookup file and to pick a column value from lookup as resultant field? I have two data sources - 1. Discovered data. Can be either a lookup file or a db table. Let's assume db table. I'm p... by sh254087 Communicator in Splunk Search 04-11-2023 0 0	0	0
How to execute a dbxquery in Splunk by adjusting only the time tokens? Hi Y'all, I am trying to execute a dbxquery in Splunk by adjusting only the time tokens. Splunk server is in a time... by _pravin Contributor in Splunk Search 04-11-2023 0 2	0	2
How to show result of if a field not contains another field? Hi all, I have two fields. I want a splunk query that not a field contains another field. For example field1 is ::fff... by hoseineagle Observer in Splunk Search 04-11-2023 0 4	0	4
How to compare last value with the 7th last value? How to compare last value with the second last value? Say I have a column with N records in it882267. -->445512447580... by aguasd12 Observer in Splunk Search 04-10-2023 0 3	0	3
Are there way to optimize this query? Hello, following query is slow and processing a lot of data environment=tesxt earliest=-0d@d (index=iis_openapi OR... by msrama5 Explorer in Splunk Search 04-10-2023 0 7	0	7
How to Sum(column1, column2, column3) as column4? I need to know how to Sum(CreatedSD?,CreatedBD,CreatedLOD) as CreatedTotal Login, Document and Loan Counts High Level... by abnderby Engager in Splunk Search 04-10-2023 0 4	0	4
How to capture all "Names" from a single event? Hi, Hypothetically speaking, if I have the following event: q[pworei[qpweori[pqwoeirp[qowier[powierw"NAME":"BOB";PO... by Android99 Engager in Splunk Search 04-10-2023 0 1	0	1
How to create a table that indicates a column with the sourcetype? Hi everyone,I am currently trying to create a table that shows the count of activity by user as well as the occurrenc... by greentomatoes Engager in Splunk Search 04-10-2023 0 2	0	2
Help with tstats SPL query Hi Team, In below query I am trying to pull all the host from various index and match those host in a list lookup fil... by SabariRajanT Path Finder in Splunk Search 04-10-2023 0 4	0	4
How to create Splunk search based on textbox field? I have a splunk search query which shows the details but the problem here is it only shows the results if the hostnam... by srv007 Path Finder in Splunk Search 04-10-2023 0 5	0	5
Why are there different results for the same search however when rerun same results are returned? I have done a search as below to create a table in Dashboard to list the top 20 users that upload files the most to c... by TrangCIC81 Communicator in Splunk Search 04-10-2023 0 4	0	4
How to pass token from search result? Hi All, I had a panel "OS", that gives the value os in single value visualization, based on the value of os, i... by smanojkumar Contributor in Splunk Search 04-10-2023 0 1	0	1
How to create this graph in splunk I want to create this graph in splunk can some one please help me .Required graph The one that i am getting after wri... by Anidy21 Engager in Splunk Search 04-09-2023 0 5	0	5
How to change the order of stacked area chart where the small area is on top? I am very new to Splunk I need to create a stacked bar/area chart where I have two separate searches. I'd like to s... by fikristar Explorer in Splunk Search 04-09-2023 1 6	1	6
How to extract field in json format? Hi All, I have a log which is in Json format. I used spath and extracted the fields. But there is no field valu... by vineela Path Finder in Splunk Search 04-08-2023 0 6	0	6
How to use events from last 30 minutes find duplicates from last 4 hours? Could someone help me with such a query? I am running a scheduled search every 30 minutes which aims to find duplicat... by solaced Explorer in Splunk Search 04-07-2023 0 3	0	3
How to get dc and then sum of field? <search>\| eval vm_unit=case(vmSize="Standard_F16s_v2",2,vmSize="Standard_F8s_v2",1,vmSize="Standard_F4s",0.5,vmSize="... by Sathiya123 Explorer in Splunk Search 04-07-2023 0 18	0	18
特定期間を経過したデータを抽出したい (How to extract data after a certain period of time has passed?) お世話になります。現在、あるログの集計をしております。接続元IPアドレスと、接続日時をキーにして、初回接続日から10日間経過後も接続しているログのみを抽出出来るようにしたいですが、上手く抽出することが出来ません。 ※合計接続日数は... by clio706 Explorer in Splunk Search 04-07-2023 0 3	0	3
集計軸が違う場合にCount数を加工して出力する方法についてお教え下さい (How to process and output the count number when the aggregation axis is different) 集計軸が違う場合にCount数を加工して出力する方法についてお教え下さい。 index「接続情報」のデータ項目は「タイムスタンプ、ユーザ名、接続プロトコル」になります。またデータイメージは下記にタイムスタンプが付加された物になります。... by NgSplunk New Member in Splunk Search 04-07-2023 0 1	0	1
How to achieve timeline visualization of event field over time? Hello, I am trying to use the custom splunk visualisation. I have formatted my search as the following: index=my_i... by James1 New Member in Splunk Search 04-07-2023 0 1	0	1
Subsearch Hi everyone, My post is huge. sorry for that. I need suggestion from you for the query I framed.I have 2 lookup used ... by RanjiRaje Explorer in Splunk Search 04-07-2023 0 2	0	2
How to pass a token in one dashboard that will impact other panel based on values? Hi There, I had a panel "OS", that gives the value os, based on the value of os, if it were "Windows" it should... by smanojkumar Contributor in Splunk Search 04-07-2023 0 8	0	8
Request for information on CPU information app in Splunk Enterprise Security Hi there! I was wondering if there's a specific app available in Splunk Enterprise Security that can provide CPU info... by balu1211 Path Finder in Splunk Search 04-06-2023 0 2	0	2
Can someone help with regex to extract new field? Hello Team, can anyone help me with the extraction of new field input: site: mclaudelinemugasqiln.platinilemu.com:1... by pacifiquen Explorer in Splunk Search 04-06-2023 0 3	0	3