Splunk Search

Community Activity

Adding delimiter to a field values Hi all,I need some help in creating a new field,I have a field like followingField 1AABBCCDDEEFFAAAABBBBCCCC Id like ... by Laxman24 Explorer in Splunk Search 03-02-2023 1 4	1	4
Why does my search empty during run? Hi all.I have a search that searches a large amount of events.Its run on fast mode, on the statistics page.When i sta... by michaelnorup Communicator in Splunk Search 03-02-2023 0 3	0	3
DateParserverbose warning logs despite having proper Time format and prefix in props.conf Hey community,Need your help!!!!We have lot of internal warn logs for DateParserverbose issue in our splunk prod envi... by likithgowda New Member in Splunk Search 03-02-2023 0 4	0	4
SPL search to find the license purchase and expiration date in Splunk Cloud? As rest command has some limitation on splunk cloud. How to find the license purchase date and expiration date on spl... by restinlinux Explorer in Splunk Search 03-01-2023 0 0	0	0
Stats for multiple fields in the same table? I have logs like below: { [-] TransactionName: "my TransactionName" type1Error: NA eventTime: 2023-02-28... by Nidd Path Finder in Splunk Search 03-01-2023 0 4	0	4
Dedup not removing results that are duplicates Hi All!Had a look around but couldn't find an answer to this. I'm trying to do a search where I track a users log in ... by Southy567 Explorer in Splunk Search 03-01-2023 0 1	0	1
How to extract rex specific data from Splunk log? We have a rule engine that assigns category codes to items. The category codes are assigned per location. We want to ... by AnirbanG Loves-to-Learn Lots in Splunk Search 03-01-2023 0 5	0	5
How to perform splunk subsearch through Splunk java SDK? how to perform splunk subsearch through splunk java SDK by kanurag1795 Engager in Splunk Search 03-01-2023 0 1	0	1
What is the Default bucketing time and retention policy? Hello to all I would like to know the default time set for hot, warm, cold and frozen buckets. I also want to know wh... by splunkcol Builder in Splunk Search 03-01-2023 0 0	0	0
Help searching IIS/W3C log for parent URL? We're indexing a set of standard IIS W3C logs into our indexer and have a need to obtain a list of the parent sites f... by marshallsuk Engager in Splunk Search 03-01-2023 0 1	0	1
What is the difference between $user$ and user=$user$ ? Hello, I can see in many Use Cases examples that tokens are using alternately in drill down searches:$user$ and user=... by suspense Explorer in Splunk Search 03-01-2023 0 2	0	2
How to add multiple email addresses in Splunk Alert based on field value? Hello Splunkers, How can we send email to multiple email addresses using Splunk alert? I saw below documentation in ... by whitefang1726 Path Finder in Splunk Search 03-01-2023 0 3	0	3
How to start time calculation for each transaction? Hi , I have a splunk log where we have End time and time to Serve Requst (in Millisec).i want calculate Start ti... by xp001975 Explorer in Splunk Search 02-28-2023 0 14	0	14
How to extract local user account in Splunk from syslog messages in unix audit.log? How to extract local user account in Splunk from syslog messages in unix audit.log?Thanks by LearningGuy Motivator in Splunk Search 02-28-2023 0 1	0	1
How to write Timechart for search with binary value result? Hi I have a field, mode, which returns either returns data or is None (mode_true, mode_false). I'm trying to search a... by mrf23 Explorer in Splunk Search 02-28-2023 0 4	0	4
How to create alert if there is no data from an extracted field? Hello Splunkers , I am trying to schedule an alert when there is no data from a particular field which is extracted f... by power12 Communicator in Splunk Search 02-28-2023 0 4	0	4
Why can't I search field values created in eval? I have a field called "Node_ID" that I extracted from another field "issue" that is formatted as N1234. There were so... by michaeler Communicator in Splunk Search 02-28-2023 0 1	0	1
How to search to find disabled alert? Hi!I'm using Splunk cloud. Trying to create alert to catch event when someone disabling alert.Need advice on the sear... by kimberlytrayson Path Finder in Splunk Search 02-28-2023 0 6	0	6
How to extract field from source field? I am trying extract "user20" from rest of "_9a4ab75c_239_process.log". tried multiple ways but unable to separate th... by ravir_jbp Explorer in Splunk Search 02-28-2023 0 1	0	1
How to perform splunk search for local account in the openstack tenant (and audit) logs ? How to perform splunk search for local account in the openstack tenant (and audit) logs ?Thanks by LearningGuy Motivator in Splunk Search 02-28-2023 0 3	0	3
How to retrieve data from Splunk dashboard and display results in Java Spring boot applications using SplunkSDK/ ..? How can we retrieve the data from Splunk dashboard and display the results in Java Spring boot applications using Spl... by kanurag1795 Engager in Splunk Search 02-28-2023 0 1	0	1
Lookup using temporary dataset? I'm trying to add a lookup to enrich results returned from a 'simple' search. The search command I'm using [and I ha... by Mick_OBrien Path Finder in Splunk Search 02-28-2023 0 5	0	5
How to randomly join two sets of data? Hi, I have a query where I am first getting 3 fields from an index ("A", "B", "C") describing tasks to be completed a... by POR160893 Builder in Splunk Search 02-28-2023 0 17	0	17
Why the error capturing using regex? Hi Alli have been trying to capture the error split up and ratio from the following sample log event which probably n... by kumar497 Path Finder in Splunk Search 02-28-2023 0 7	0	7
How to eval calculate time since event? I'm trying to add a "Downtime" field to my table. The timestamp on the event isn't reliable because it is when the is... by michaeler Communicator in Splunk Search 02-28-2023 0 6	0	6