Splunk Search

Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
Stijn

Is there a way to use a span that is equal to the time range picker?

source=PR1 sourcetype="sap:abap" EVENT_TYPE=STAD EVENT_SUBTYPE=MAIN TCODE="ZORF_BOX_CLOSING" SYUCOMM="SICH_T" ACCOUNT...
by Stijn Loves-to-Learn in Splunk Search 02-17-2023
0 1
0
1
woodlandrelic

How to monitor three users?

Hi  My system is Linux.  Am trying to monitor 3 users in an index.  The last time they login, IP address etc. There a...
by woodlandrelic Path Finder in Splunk Search 02-17-2023
0 4
0
4
markangeltruema

How to extract badly formatted JSON?

Hi I'm trying to extract some json values into tables for a dashboard. The log line that i'm using is something like ...
by markangeltruema Engager in Splunk Search 02-17-2023
0 1
0
1
joe06031990

How to write rex to remove?

Hi, I have the bellow event:   {"log":"2023-02-16t14:14:25.827471424z stderr F I0216 14:14:25.827359               1 ...
by joe06031990 Communicator in Splunk Search 02-17-2023
0 4
0
4
Yossarian622

How to achieve field with a value containing commas?

Unfortunately I have no control over the log data formatting... it is in format:  Field1=Value1|Field2=Value2| ... |C...
by Yossarian622 Engager in Splunk Search 02-16-2023
0 6
0
6
meleschi

How to timechart the time differences between (ITNM) events / phases?

I have the following data that I'm trying to timechart the differences between: 2023-02-16T16:14:04: Data Processing ...
by meleschi Explorer in Splunk Search 02-16-2023
0 1
0
1
power12

How to merge two counts into one search

Hello Splunkers, I have the following raw data2023-02-15T12:43:06.774603-08:00 abc OpenSM[727419]: osm_spst_rcv_proce...
by power12 Communicator in Splunk Search 02-16-2023
0 2
0
2
ft_kd02

How to to dynamically change earliest & latest in subsearch to fill summary data gaps with live data?

Hi all,I'm working on a dashboard in which I populate a panel with summary data. The summary data runs once per hour ...
by ft_kd02 Path Finder in Splunk Search 02-16-2023
0 3
0
3
fredclown

How to get a count difference when I add index=* to tstats?

I'm logged into my system as an admin, so I have access to all the indexes. I've also verified this by looking at the...
by fredclown Builder in Splunk Search 02-16-2023
0 1
0
1
GhanaRusk

How to create a search using data from csv and grabbing the latest timestamps for multiple queries?

I've a couple of queries - index="main"app="student-api" "tags.studentId"=3B70E5 message="Id and pwd entered correctl...
by GhanaRusk Engager in Splunk Search 02-16-2023
0 11
0
11
sabari80

How to fix being unable to print few fields from Dynatrace usersession resultset?

Following query is printing 'pp_user_action_name','Total_Calls','Avg_User_Action_Response' not getting 'pp_user_actio...
by sabari80 Explorer in Splunk Search 02-16-2023
0 3
0
3
gut1kor

How to increase transaction command output limit and always fetch latest transactions?

Hi Team,I have events being pushed to HTTP event collector 24/7. In my dashboard I query and format the events using ...
by gut1kor Explorer in Splunk Search 02-16-2023
0 0
0
0
Shobhitha1

How to fetch report from different timestamp(asynchoronus journey)from unique id?

Hello Everyone, I have a requirement where I have to generate a query.  event 1 : <l:event dateTime="2023-02-10 11:28...
by Shobhitha1 New Member in Splunk Search 02-16-2023
0 3
0
3
Stijn

Why can't I compare if RESPTI is bigger than the UCL (since it does not want to load in the value)?

source=PR1 sourcetype="sap:abap" EVENT_TYPE=STAD EVENT_SUBTYPE=MAIN (TCODE="ZORF_BOX_CLOSING") SYUCOMM="SICH_T" ACCOU...
by Stijn Loves-to-Learn in Splunk Search 02-16-2023
0 3
0
3
midcoffessplunk

メインサーチのイベントの時間をサブサーチに渡したい

メインサーチのイベントの_timeをサブサーチに渡したいのですが、上手くいきません。何か方法はありますでしょうか。 index=event_data|eval earlytime=_time-60 latesttime=_time+6...
by midcoffessplunk Engager in Splunk Search 02-15-2023
0 1
0
1
dickersons

How to create an interesting field "statusCode" and have it sorted by different statusCode values?

Hi, I am using a regex to search for a field "statusCode" which could have multiple values, i.e. "200", "400", "500",...
by dickersons Explorer in Splunk Search 02-15-2023
0 5
0
5
LeeMoe

How to extend a dataset to add a column that represents a numerical column as text?

I have a dataset which has a column "Port" that contains (limited) numerical values.  I want to make these values dis...
by LeeMoe Path Finder in Splunk Search 02-15-2023
0 8
0
8
solaced

How to compare search results with lookup for duplicates?

I have a lookup which I want to compare search results against and find duplicate values.   How do I ignore duplicate...
by solaced Explorer in Splunk Search 02-15-2023
0 5
0
5
carl_landry

Why is XML file not re-ingested?

Hi, I have a problem finding answers about the failure of a universal forwarder to re-ingest an XML file. 02-08-2023 ...
by carl_landry New Member in Splunk Search 02-15-2023
0 0
0
0
splunkuser320

Groups in stats command: How to get the sum of multiple fields by a field?

I am trying to create a query to get the sum of multiple fields by a field.    index="*****"|stats sum(field_A) as  A...
by splunkuser320 Path Finder in Splunk Search 02-15-2023
0 2
0
2
MDSplunkNinja

Ranking Data From Search Results into Deciles

I have a table of data with values like this:String         NumericClient 1      99.9Client 2      99.2Client 3      ...
by MDSplunkNinja Explorer in Splunk Search 02-15-2023
0 2
0
2
Woodpecker

How can I join values of a 'single field name' to two lookups and get the corresponding values from each lookup

Hi,I have search which has S_host name values of different DB instances say MSSQL and Oracle in a single field.eg: S_...
by Woodpecker Path Finder in Splunk Search 02-14-2023
0 2
0
2
AL3Z

How to filter out events to make a search out of it?

Hi,I want to create a search out of the below event, to raise an alert if the particular system having the label lost...
by AL3Z Builder in Splunk Search 02-14-2023
0 10
0
10
sahilmits

How to extract JSON arrays in Splunk?

Here is the query i have and need to extract the "sts:ExternalId"   requestParameters: { [-]policyDocument: {<!-- -->"Version...
by sahilmits Engager in Splunk Search 02-14-2023
0 7
0
7
sjringo

How to chart job ending time - Time on Y Axis / Day on X Axis ?

If I am starting with this query:index&#61;anIndex sourcetype&#61;aSourcetype ( aJobName AND "COMPLETED OK" )The job im inter...
by sjringo Contributor in Splunk Search 02-14-2023
0 1
0
1
Claim a $25 Cisco Store Gift Card
Help us improve the Splunk Community and complete our survey today!
Top Labels
Get Updates on the Splunk Community!

Splunk Mobile: Your Brand-New Home Screen

Meet Your New Mobile Hub  Hello Splunk Community!  Staying connected to your data—no matter where you are—is ...

Introducing Value Insights (Beta): Understand the Business Impact your organization ...

Real progress on your strategic priorities starts with knowing the business outcomes your teams are delivering ...

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

As of today, Enterprise Security (ES) Essentials 8.3 is now generally available, helping SOC teams simplify ...