Splunk Search

Community Activity

Search to Consolidate similar messages into one? Query:index=xxx application_code=mobile NOT feature \|stats count by code message\|sort -count\|eval message-substr(... by Vani_26 Path Finder in Splunk Search 03-16-2023 0 3	0	3
Why is Regex not displaying results? HiI have a key namedick=2c27194g-af5e-4f7d-9847-07cd5c4c70af Want to search all the ick using regex I tried regex ick... by amitrinx Explorer in Splunk Search 03-16-2023 0 2	0	2
CSV _time differences depending on API call? When I manually run a Splunk search via the API as follows: curl "https://host:8089/services/search/v2/jobs" -d searc... by rvandolson Loves-to-Learn in Splunk Search 03-16-2023 0 1	0	1
How to add column values based on subsearch? Hi everyone I got the following sample search that yields the table below. index=server\| stats avg(response_time) by ... by Gabriel Path Finder in Splunk Search 03-15-2023 0 4	0	4
How to extract job Id values from raw text in events and add the job id into a separate field? Hi User, Thanks for the reply. Below is the raw text that has been received on splunk user interface. {"timestamp": ... by Renunaren Loves-to-Learn Everything in Splunk Search 03-15-2023 0 1	0	1
Add automatic lookup for kvstore? I have kvstore which generate the data by API. when I use \| lookup mylookup id output data - its working I want to ... by Shakira1 Explorer in Splunk Search 03-15-2023 0 5	0	5
Combining results in metric index? I have a metric index with a hierarchical structure (maybe all metric indexes are like this). SuperCategory.Category... by winknotes Path Finder in Splunk Search 03-15-2023 0 0	0	0
How to convert a timestamp from one format to a different one? convert 2023-03-15T17:25:18.832-0400 to YYYY-MM-DD HH:MM:SS.Millisec . 2023-03-15T17:25:18.832-0400 -----------------... by xp001975 Explorer in Splunk Search 03-15-2023 0 3	0	3
Average of current time window over last week? Still working on this. I want to create a single pane dashboard panel with trend indicator. This value is going to d... by smahoney Path Finder in Splunk Search 03-15-2023 0 4	0	4
Chart average event occurrence per hour of the day for the last 30 day I'm trying to get the chart that shows per hour of the day, the average amount of a specific event that occurs per ho... by jpringle03 Path Finder in Splunk Search 03-15-2023 2 9	2	9
Difference between chart command with specified aggregated fields and without? I have two different queries that return the absolute same result: value \| chart count(status) by request_method... by calm27 Engager in Splunk Search 03-15-2023 0 1	0	1
How to join with search from 2 sources? Hi, I am trying to figure out how to use join to table the results from 2 searches. sourcetype=AAD_MSGraph_UserData A... by garrywilmeth Explorer in Splunk Search 03-15-2023 0 2	0	2
How to generate a output bases on a common value from two different events? we have two separate events which have a common field x-provider-api-correlation-id .In 1st event it is coming as par... by xp001975 Explorer in Splunk Search 03-15-2023 0 9	0	9
What stats/eval to use to find results of email recipients who clicked a link? Hello, I'm building a report to list all phishing and malware threat detections by sender, classification, and threat... by 0p3r4t0r8089 Explorer in Splunk Search 03-15-2023 0 2	0	2
How to resolve error "This XML file does not appear to have any style information associated with it." Getting the error "This XML file does not appear to have any style information associated with it." while trying to e... by sh254087 Communicator in Splunk Search 03-15-2023 0 6	0	6
How to split data in a single cell? I have the following data in a Cell that reads 1.01.01 Example App AL11111 Is there a way I can split the data into ... by MR1992 Explorer in Splunk Search 03-15-2023 0 2	0	2
Suggestions needed! How to combine data from different sensors I'm new to Splunk so I apologize if this is very obvious, but I haven't seen anything that seems like it fits my need... by CBailey632 Engager in Splunk Search 03-15-2023 0 2	0	2
Why does mvappend fail in my alert? I've been trying to write an alert that notifies our SOC when someone tries to obfuscate their command with base64 en... by MonkeyK Builder in Splunk Search 03-15-2023 0 8	0	8
How to find events for only host names listed in my lookup file? I have a lookup file of HostNames HostNameHost1Host2Host3Host4Host5 I would like to create a search to include even... by adamscaa1 Explorer in Splunk Search 03-15-2023 0 7	0	7
How to extract job Id values from raw text in events and add the job id into a separate field? The above snippet consists of the raw data in the events in our splunk environment. Need Help in extracting the jobId... by Renunaren Loves-to-Learn Everything in Splunk Search 03-15-2023 0 2	0	2
How to get percentage of 200 responses? I have current search index="intau_workfusion" host=* sourcetype="services_status.out.log" service="HTTP/1.1" status=... by sphiwee Contributor in Splunk Search 03-15-2023 0 4	0	4
Why is it showing more data after dc count with the right order? Hi! im working on an alert for access from different countries for certain users in a short time period. The alert an... by dieguiariel Path Finder in Splunk Search 03-15-2023 0 3	0	3
Why are tstats search not filtering out local IP ranges? Hi, I am using tstats to search the Network Datamodel for outbound SMB traffic (port 445) to external IP address rang... by dmbrcx Explorer in Splunk Search 03-14-2023 0 2	0	2
How to properly use inputlookup csv file to perform extended searches? Hello, I am stuck on a query and need someone's help please. The goal of the query is to perform a lookup on column ... by awant68 Explorer in Splunk Search 03-14-2023 0 6	0	6
How to pass time token to the custom field based on search Hi, I have onboarded data via DBConnect through Rising Column for which we have configured the Risinig Column value a... by kalaiyarasi Loves-to-Learn Lots in Splunk Search 03-14-2023 0 1	0	1