Splunk Search

Community Activity

Importing HCL BigFix data from Insights, how to verify? We are using HCL BigFix and HCL Insights as a data warehouse. There have been times when the import of data from HCL... by richtate Path Finder in Splunk Search 03-07-2023 0 0	0	0
How to find the No. of users using application? My log contains entries as shown below. 2023-03-03T14:14:12.718, Level=INFO, ProcessName=App-web, Thread=http-nio-80... by Ajit Engager in Splunk Search 03-07-2023 0 2	0	2
How to extract the latest scope with respect to latest date? date Scope 12/11/2020Linux Shadow17/02/2023Linux Project20/02/2023Linux Project21/02/2023Linux Project22/02/2023Linux... by smanojkumar Contributor in Splunk Search 03-07-2023 0 3	0	3
Can I scrub IP only? I'm tasked to provide apache logs to a third party for their analysis, but the IPs must be replaced to hide the brows... by rstanonik Engager in Splunk Search 03-07-2023 3 5	3	5
Exporting more than 50k rows in lookup editor app? Hi There! I would like to export more than 50k rows in lookup editor app of the results of kv store lookup file, ... by smanojkumar Contributor in Splunk Search 03-07-2023 0 2	0	2
How do I compare two vector fields from my log and produce an output? I have a field called start.point and end.point in my logs. We can assume it has values in x and y coordinates. A par... by ap666 Explorer in Splunk Search 03-06-2023 0 8	0	8
Auditing changes in _configracker index via json path data.changes{}.properties{} ? The configtracker index contains a json path of: data.changes{}.properties{}In that path, there are numerous objects ... by gazoscreek Path Finder in Splunk Search 03-06-2023 0 3	0	3
How can I extract address from string? I have the following string: SL=5601%20BLVD%20E%2C%20WESTON%20NEW%20YORK%2C%20NJ%20%2007093%20(WEST%20NEW%20YORK%20TO... by Annieg Observer in Splunk Search 03-06-2023 0 1	0	1
Splunk Reporting- condition where I have to create a new field based off some column values? Hi Splunkers,I'm working on a condition where i have to create a new field based off some column values.Example:Colum... by revanthammineni Path Finder in Splunk Search 03-06-2023 0 4	0	4
Is there a way to restore archived data more than 1year? Hi Team, I have a data in my archive folder since 2019 for one of my index app_o365 , we need to restore the complete... by ssuluguri Path Finder in Splunk Search 03-06-2023 0 1	0	1
Help with the search for a reassigned alert? Hi, Need a search for the below scenario,If a previously assigned alert is reassigned to a different user on the port... by AL3Z Builder in Splunk Search 03-06-2023 0 5	0	5
How can I calculate duration? Hi I want to calculate duration. For example, I have 2 different event in a sourceFirst event: 04/03/2023 PLUGIN_CL... by jacknguyen Path Finder in Splunk Search 03-06-2023 0 5	0	5
Search for Yesterday Total Event Minus Today's Event? Hi, I want to minus yesterday' total event with today's total event and divide by yesterday's total event. To see In... by Akmal57 Path Finder in Splunk Search 03-05-2023 0 6	0	6
How to get a ratio in the search results？ Hi experts,I was stuck in a quandary when I was trying to see which of my customer base was using optimization mode a... by Ameszzz Engager in Splunk Search 03-05-2023 0 3	0	3
Exclude results from lookup table in search v2? I'm trying to optimize my Splunk Windows Event Log dashboard, and wanted to add CSV exclusion file that would filter ... by TurboTurtle Engager in Splunk Search 03-05-2023 0 1	0	1
Mvappend or Mvjoin only to fill blank spaces? Hello, I want to append the results from one field to another, however, I only want to fill the null and blank spaces... by PTC_ Explorer in Splunk Search 03-05-2023 0 4	0	4
How to get the percentage? index=acs-app-log sourcetype=iccim_bwm_servicename processname=response_AM\|stats count by verificationstatusResult... by Harish2 Path Finder in Splunk Search 03-05-2023 0 2	0	2
How to change the search that will convert table format to bar or column chart? Hello Splunkers , I have the following search which gives me the the dashboard look as table...but can we make this ... by power12 Communicator in Splunk Search 03-04-2023 0 3	0	3
Creating a table combining common field from index and lookup? by weetabixsplunk Explorer in Splunk Search 03-04-2023 0 3	0	3
How to check 30 minutes after an event in Splunk for a failed login attempt? I have a search in Splunk that returns events for failed logins. I want to be able to check 30 minutes after the even... by MM0071 Path Finder in Splunk Search 03-03-2023 0 5	0	5
How to count matching events in lookup in last 30 days? A have a lookup table that includes a "time" column (timeformat=%m/%d/%Y %H:%M:%S). Can someone please help me develo... by Sven1 Path Finder in Splunk Search 03-03-2023 0 4	0	4
How to create a search that shows a daily message count and the average for each direction? I'm trying to create a search that shows a daily message count (both inbound and outobound) and the average for each ... by weetabixsplunk Explorer in Splunk Search 03-03-2023 0 3	0	3
How to compare two searches using a shared variable? I am trying to make 2 searches using the same index and source. The first search is looking for all entries with "mes... by ckutach Engager in Splunk Search 03-03-2023 0 1	0	1
Transaction ends and begins with same code- How to differentiate? I'm trying to differentiate between cd burns and cd read codes from Window Event Viewer using WinZipBurn. From what I... by michaeler Communicator in Splunk Search 03-03-2023 0 1	0	1
Problems with dedup dropping too many records? I am having trouble with deduping on a Salesforce object and my "feels like" here is dedup isn't doing what I underst... by arist0telis Explorer in Splunk Search 03-03-2023 0 3	0	3