Splunk Search

Community Activity

How to compare fields "list" and "standard"? Hello everyone In the result of my search I got such results (last command was stats values(list) as list, values(sta... by bosseres Contributor in Splunk Search 03-25-2023 0 3	0	3
How to merge two searches where initial output is fed to lookup table? I am working to merge two searches. The first search outputs one or more account names: index=x sourcetype=y \| ta... by Sven1 Path Finder in Splunk Search 03-24-2023 0 12	0	12
Help with lookup table Hi, looking for splunk query having field name similar to field in lookup file with respective value in lookup file.... by Abhineet Loves-to-Learn Everything in Splunk Search 03-24-2023 0 6	0	6
Why are there empty fields after a left join? Hello fellows!I have a sourcetype called cmdb with a field called BIA to any src_host. After this join index=lab sour... by pierre_weg Path Finder in Splunk Search 03-24-2023 0 6	0	6
How to pass the time from one query to another query? Actually I want to pass the time from first query to second and get results out on basis of first query time.First qu... by Veeru Path Finder in Splunk Search 03-24-2023 0 1	0	1
How to extract non-english column? Hi everyone,I have a column called "SCRN_NM" (name of screen)and only want to extract English data, not non-English ... by iwascar New Member in Splunk Search 03-24-2023 0 1	0	1
How to search field in two indexes? how to search value of "Dst_IP" field from "ASA" index to "otx" index "indicator" field and display the scrip" field ... by shashilendraman Explorer in Splunk Search 03-24-2023 1 5	1	5
How to delay with search result when run via Splunk API? Hi, We have a platform where lot of dashboards are populated using splunk searches via splunk api call. All the que... by surabhi New Member in Splunk Search 03-24-2023 0 0	0	0
How to map extracted field name (e.g actual_time) with _time field? Hi SMEs, I have a unique requirement which need one of my extracted filed name = actual_time to be mapped with _time ... by pm2012 Explorer in Splunk Search 03-24-2023 0 1	0	1
How to filter out IPv6 and 169.254.0.0/16 from a multi-value field? How do you filter out IPv6 and internal routed 169.254.0.0/16 from a multi-value field?Data ExampleHOST ... by mag314 Explorer in Splunk Search 03-23-2023 0 1	0	1
How to view creation time logs compare with index time and timestamp? I have some Checkpoint logs (Firewall) that are generating an alert (Data hygiene - events in the future), I would li... by Zarack Engager in Splunk Search 03-23-2023 0 1	0	1
Is there a way to instruct Splunk to not add quotes when passing searches stored in a lookup table to the map command? I am trying to store a list of searches in a lookup table and then pass each search to the map command. \|inputlook... by sjaworski Communicator in Splunk Search 03-23-2023 3 10	3	10
How to rex? I have 2 kind of logs where there are two types of uri which i want to rex into different fields {logType=DOWNSTREAM_... by mikeyty07 Communicator in Splunk Search 03-23-2023 1 4	1	4
Are hidden characters breaking my joins? I am trying to build an Alert for login failures in AWS CloudTrail. In general I have it working -- but my joins are ... by ttovarzoll Path Finder in Splunk Search 03-23-2023 0 3	0	3
How to start a Spunk Docker container via Dockerfile and adding it as a search peer in one bash script? Hello, I am attempting to start a Splunk docker container (search head) and add it as a search peer to an existing en... by krishanp Explorer in Splunk Search 03-23-2023 0 2	0	2
How to use a column of field names FROM MVFIELD to dynamically select fields for use in eval expression? Hi,I am looking for a solution to a problem that has been addressed here: Using a column of field names to dynamicall... by dpuhr Explorer in Splunk Search 03-23-2023 0 8	0	8
How to search freetext after a join? I'm looking for a way to search for freetext after a join.It is easy when the field is known. For instance, there is ... by Konrad_Schlude Explorer in Splunk Search 03-23-2023 0 3	0	3
Is there a way to export raw logs from specific time? I have a specific source type and hosts that I want to export the raw logs for the past 24h is there a way to do that... by tb582 Explorer in Splunk Search 03-23-2023 0 10	0	10
Regex- Help with extracting field Can someone please help me in extracting the field Specific_DL_Testing from the below sample log. instance of the "\S... by Dayalss Engager in Splunk Search 03-23-2023 0 9	0	9
How to join two tables with different rows but same columns? Hello amazing community! I'm now stuck with a problem that most probably has a really simple solution  I have a tab... by PeterGian Engager in Splunk Search 03-23-2023 0 3	0	3
How to calculate median, avg for total results? hey, I need to build a report, that contains approx 500 thousand events. the requirement is that the report will con... by badbuda Loves-to-Learn Lots in Splunk Search 03-23-2023 0 6	0	6
How to get logs to show fieldnames Hi everyone!I'm still fairly new to Splunk so sorry if it is a simple question.I have some logs that does not show th... by NJ Path Finder in Splunk Search 03-22-2023 0 7	0	7
How to integrate Splunk with Heroku? Hi, I want to use Splunk for logs for Heroku apps. How to integrate Splunk with Heroku. Can you please help me with i... by nikita29 Loves-to-Learn in Splunk Search 03-22-2023 0 6	0	6
Splunk says bundle directory contains a large lookup file in .delta file but the .delta file does not contain a large lookup Hi all, We receive the warning : The current bundle directory contains a large lookup file that might cause bundle re... by fboeje Explorer in Splunk Search 03-22-2023 0 6	0	6
How to compare today vs last week same hour stats and give percentage? I have this working query which needs some additional detailing.index=_internal earliest=-1h@h latest=@h\| lookup api ... by DougiieDee Explorer in Splunk Search 03-22-2023 0 1	0	1