Splunk Search

Community Activity

Comparing results from 2 days? Hello, I'm struggling with a task and would like to ask for your opinion about it. Goal is to set up an alert, which ... by pbabos Explorer in Splunk Search 03-16-2023 0 2	0	2
How can I reduce the storage size of an index, what are the different methods/options? Hi, How can I reduce the storage size of an index, what are the different methods/options? Also, will removing logs... by foundationservi New Member in Splunk Search 03-16-2023 0 2	0	2
How to use Regex inside a Case statement? Hi,How can i write this statement\| eval protocolUsed = case( regex consumerkey="[a-z0-9]{8}-[a-z0-9]{4}-[a-z0-9]{4}-[... by amitrinx Explorer in Splunk Search 03-16-2023 0 6	0	6
Same search returns different results each time it is run? I have this weird issue where the same exact search, run for a same exact period returns different number of events e... by mmarinov Explorer in Splunk Search 03-16-2023 0 11	0	11
Search to Consolidate similar messages into one? Query:index=xxx application_code=mobile NOT feature \|stats count by code message\|sort -count\|eval message-substr(... by Vani_26 Path Finder in Splunk Search 03-16-2023 0 3	0	3
Why is Regex not displaying results? HiI have a key namedick=2c27194g-af5e-4f7d-9847-07cd5c4c70af Want to search all the ick using regex I tried regex ick... by amitrinx Explorer in Splunk Search 03-16-2023 0 2	0	2
CSV _time differences depending on API call? When I manually run a Splunk search via the API as follows: curl "https://host:8089/services/search/v2/jobs" -d searc... by rvandolson Loves-to-Learn in Splunk Search 03-16-2023 0 1	0	1
How to add column values based on subsearch? Hi everyone I got the following sample search that yields the table below. index=server\| stats avg(response_time) by ... by Gabriel Path Finder in Splunk Search 03-15-2023 0 4	0	4
How to extract job Id values from raw text in events and add the job id into a separate field? Hi User, Thanks for the reply. Below is the raw text that has been received on splunk user interface. {"timestamp": ... by Renunaren Loves-to-Learn Everything in Splunk Search 03-15-2023 0 1	0	1
Add automatic lookup for kvstore? I have kvstore which generate the data by API. when I use \| lookup mylookup id output data - its working I want to ... by Shakira1 Explorer in Splunk Search 03-15-2023 0 5	0	5
Combining results in metric index? I have a metric index with a hierarchical structure (maybe all metric indexes are like this). SuperCategory.Category... by winknotes Path Finder in Splunk Search 03-15-2023 0 0	0	0
How to convert a timestamp from one format to a different one? convert 2023-03-15T17:25:18.832-0400 to YYYY-MM-DD HH:MM:SS.Millisec . 2023-03-15T17:25:18.832-0400 -----------------... by xp001975 Explorer in Splunk Search 03-15-2023 0 3	0	3
Average of current time window over last week? Still working on this. I want to create a single pane dashboard panel with trend indicator. This value is going to d... by smahoney Path Finder in Splunk Search 03-15-2023 0 4	0	4
Chart average event occurrence per hour of the day for the last 30 day I'm trying to get the chart that shows per hour of the day, the average amount of a specific event that occurs per ho... by jpringle03 Path Finder in Splunk Search 03-15-2023 2 9	2	9
Difference between chart command with specified aggregated fields and without? I have two different queries that return the absolute same result: value \| chart count(status) by request_method... by calm27 Engager in Splunk Search 03-15-2023 0 1	0	1
How to join with search from 2 sources? Hi, I am trying to figure out how to use join to table the results from 2 searches. sourcetype=AAD_MSGraph_UserData A... by garrywilmeth Explorer in Splunk Search 03-15-2023 0 2	0	2
How to generate a output bases on a common value from two different events? we have two separate events which have a common field x-provider-api-correlation-id .In 1st event it is coming as par... by xp001975 Explorer in Splunk Search 03-15-2023 0 9	0	9
What stats/eval to use to find results of email recipients who clicked a link? Hello, I'm building a report to list all phishing and malware threat detections by sender, classification, and threat... by 0p3r4t0r8089 Explorer in Splunk Search 03-15-2023 0 2	0	2
How to resolve error "This XML file does not appear to have any style information associated with it." Getting the error "This XML file does not appear to have any style information associated with it." while trying to e... by sh254087 Communicator in Splunk Search 03-15-2023 0 6	0	6
How to split data in a single cell? I have the following data in a Cell that reads 1.01.01 Example App AL11111 Is there a way I can split the data into ... by MR1992 Explorer in Splunk Search 03-15-2023 0 2	0	2
Suggestions needed! How to combine data from different sensors I'm new to Splunk so I apologize if this is very obvious, but I haven't seen anything that seems like it fits my need... by CBailey632 Engager in Splunk Search 03-15-2023 0 2	0	2
Why does mvappend fail in my alert? I've been trying to write an alert that notifies our SOC when someone tries to obfuscate their command with base64 en... by MonkeyK Builder in Splunk Search 03-15-2023 0 8	0	8
How to find events for only host names listed in my lookup file? I have a lookup file of HostNames HostNameHost1Host2Host3Host4Host5 I would like to create a search to include even... by adamscaa1 Explorer in Splunk Search 03-15-2023 0 7	0	7
How to extract job Id values from raw text in events and add the job id into a separate field? The above snippet consists of the raw data in the events in our splunk environment. Need Help in extracting the jobId... by Renunaren Loves-to-Learn Everything in Splunk Search 03-15-2023 0 2	0	2
How to get percentage of 200 responses? I have current search index="intau_workfusion" host=* sourcetype="services_status.out.log" service="HTTP/1.1" status=... by sphiwee Contributor in Splunk Search 03-15-2023 0 4	0	4