Splunk Search

Community Activity

How to add host to command in the BY section? \| chart values(Date_Policy) BY Volume,WeekRange, in above command I wanted to add host as well in the BY section but ... by AShwin1119 Explorer in Splunk Search 02-22-2023 0 1	0	1
How to rearrange below numeric columns based on order? Hi, I have to rearrange below columns in below orderi.e. 31-60 Days, 61-90 Days, 91-120 Days,151-180 Days,Over 180 Da... by Ashwini008 Builder in Splunk Search 02-22-2023 0 4	0	4
How come this doesn't work given indexers.csv is a list of Splunk servers with role indexer? How come this doesn't work given indexers.csv is a list of Splunk servers with role Indexer? \| inputlookup indexers.c... by albledsoe Engager in Splunk Search 02-22-2023 0 2	0	2
Dashboard not populating as they have $ symbol in some field values, is there another way? Hello SplunkersI have the following search.The search works fine when running it but when its saved as a panel in a d... by power12 Communicator in Splunk Search 02-22-2023 0 3	0	3
Why does field becomes null when attempting to subtract? I am feeling puzzled. I am trying to take a date, convert it to epoch time, and then subtract a number of seconds fro... by iomega311 Explorer in Splunk Search 02-22-2023 0 3	0	3
Data Models and incomplete source data Greetings,I'm finally tackling the topic of data models within my organization, and am coming across situations I am ... by mjuestel2 Path Finder in Splunk Search 02-22-2023 0 4	0	4
How to check if a value exists in a list of values? Hi,I'm filtering a search to get a result for a specific values by checking it manually this way:.... \| stats sum(val... by sdhiaeddine Explorer in Splunk Search 02-22-2023 0 2	0	2
How to compare data from data model with data from data set? Hello, I have a data model named firewall_logs with firewall data in which the interesting fields are: file_hash, url... by danutmatei Explorer in Splunk Search 02-22-2023 0 0	0	0
Why doesn't my rex code work? Very strange scenario. I'll use a rex statement to retrieve data and it works perfectly. If I copy and paste the rex ... by JBlackberg Engager in Splunk Search 02-22-2023 0 5	0	5
How to join and read input from csv? I've a query index="main" app="student-api" "tags.path"=/enroll "response"=succcess which also gives a trace_id a... by GhanaRusk Engager in Splunk Search 02-22-2023 0 11	0	11
How to create a correlation search that would trigger an alert for a search? I need to create a correlation search that would trigger an alert if it found a match from IPs from: \| inputlookup ip... by Kitag345 Explorer in Splunk Search 02-21-2023 0 1	0	1
How to compare field from one index to multiple field in other index? Good day,I have a usecase explained below -Index A has Reporting_Host (mix of IP address, hostname, FQDN) and Index C... by Navanitha Path Finder in Splunk Search 02-21-2023 0 5	0	5
How to do the opposite of match()? I'm trying to do a DOES NOT match() instead of a match(). http://docs.splunk.com/Documentation/Splunk/6.1/SearchRefer... by thisissplunk Builder in Splunk Search 02-21-2023 1 4	1	4
How to add and divide field results for percentage? I'm trying to figure out the percent of successful authentications from out vulnerability scans. There is a field nam... by atebysandwich Path Finder in Splunk Search 02-21-2023 0 3	0	3
Field Alias Applied to Hostname - Events Matched But No Results? Hi,I am new to Splunk so please forgive me.I had created a field field, where if the hostname contains "-us" then r... by kbarton New Member in Splunk Search 02-21-2023 0 3	0	3
Why are results showing when there are none? Hi,I have an index= random_index which contains JSON data of a URL HTTP status code like {'availability':200,applicat... by lostcauz3 Path Finder in Splunk Search 02-21-2023 0 1	0	1
Do you have to use the props.conf method or GUI for a field extraction in a clustered environment? Hi, For field extractions in a clustered environment do you have to use the props.conf method or can you use the fiel... by joe06031990 Communicator in Splunk Search 02-21-2023 0 1	0	1
How to extract fields from json attributes? I am sending some traces from my service to Splunk using the OpenTelemetry Collector and the Splunk HEC exporter. My ... by sergimola Explorer in Splunk Search 02-21-2023 0 5	0	5
Parse a value and then use that as new query to search? Hi, I have an unusual scenario for the data I am working with and would like to see if it's even possible to extract ... by zakirhere New Member in Splunk Search 02-21-2023 0 2	0	2
Why is there alerting slowness issues after upgrade? Hi All, After splunk upgrade from 8.0 to 9.0.2 , i am facing the slowness in alerting to create ticket . Can anyone h... by AKBBB Explorer in Splunk Search 02-21-2023 0 0	0	0
How to parse these events? Hi Experts,I have below eventsEvent 1 : TRANEND TRANS ABENDS TRN1 ABN1 blah blahEvent 2 : TRANEND CICS_TRAN_Abends CI... by ravikumar_sri20 Engager in Splunk Search 02-21-2023 0 3	0	3
How to combine two search results? Hello  I need your help for a subject. I want to combine two search results and I need you help beacause I have a p... by anissabnk Path Finder in Splunk Search 02-21-2023 0 7	0	7
How to prevent DNS resolution? Hey all, Our raw syslogs are showing IP addresses of sourced events, but the results in Splunk is changing the IP add... by willspk Engager in Splunk Search 02-21-2023 0 3	0	3
How to enable search for specific index? I decided to make a search with following situation. However, I would like to enhance the performance that when user... by Raymond2T Path Finder in Splunk Search 02-21-2023 0 7	0	7
How to append multiple columns to get result I am looking to get the data in year, month, day, hour, minute and second basissearch criteria is index="abc" rex fie... by aaa2324 Explorer in Splunk Search 02-21-2023 0 2	0	2