Splunk Search

Community Activity

Why does makeresults returns "1" instead of "0"? My search: \| makeresults earliest=-2h \| timechart count as aantal span=1m returns a list of zero's but for th... by rrovers Contributor in Splunk Search 02-06-2023 0 2	0	2
How to get the start and end time based on key words in logs? Hi folks looking for some expert opinion. my logs contains many diff files. I want to capture the start and end time ... by merc14 Explorer in Splunk Search 02-06-2023 0 3	0	3
How to find duplicates on multiple fields? I have logs with the following three fields: -category -price -requestID (unique per entry) I want to find all requ... by sejiweji New Member in Splunk Search 02-06-2023 0 3	0	3
Using split function for two conditions? So I have a field named "domain" that has values of single domains (A, B, C) and combinations of domains with two dif... by michaeler Communicator in Splunk Search 02-06-2023 0 3	0	3
Help with Timechart function. Hi Community, I am trying to generate a timechart by month with the following query: index=xyz Question="zzz" NOT "Co... by edsanchez07 New Member in Splunk Search 02-06-2023 0 2	0	2
How to narrow down data with time? Hello, i am looking to narrow down my search field, i only want to search for events that happen outside of a speci... by Chris231289 Loves-to-Learn Lots in Splunk Search 02-06-2023 0 3	0	3
How to remove everything until the date but include it using SED (before indexing)? Hi All, Im struggeling to remove everything before the date using SED Example \|makeresults\|eval_raw="Feb 2 14:27:5... by newsplunker1 Path Finder in Splunk Search 02-06-2023 0 3	0	3
How to list element by a specific value? Hi,I have this table of data: NameAgeAddressMark211 st xxxxxElisabeth212 st xxxxxJane223 st xxxxxBryan244 st xxxxx ... by sdhiaeddine Explorer in Splunk Search 02-06-2023 0 3	0	3
How to Set field to value of another with a where clause? Hi Splunk Community, I am trying to work with over writing fields using an if clause. The data I have is like what is... by jpfrancetic Path Finder in Splunk Search 02-06-2023 0 1	0	1
How to include data filter so as to select particular date time records in splunk dashboard? hi team, i am using below splunk search in dashboards query index=BigIt log_severity=INFO or WARN app_name= test... by Aryc090908 Explorer in Splunk Search 02-06-2023 0 1	0	1
Can't find the count of individual values in multi-value field? Hello \| index=fruits \| transaction fruit_id \| rex max_match=0 “using rex to get the Type” \| eval TypeList=mvdedup(T... by dinesh16 Engager in Splunk Search 02-06-2023 0 3	0	3
Need help on Dashboard related issue I have a dashboard in which there is a Pie chart like below I need help in this way that it has to show a label of ev... by Renunaren Loves-to-Learn Everything in Splunk Search 02-06-2023 0 3	0	3
How do I rename a Rex field? Hi , I want to rename to Required Parameters Longitude and Latitude are missing or invalid to a new value Required P... by sid_1435 Explorer in Splunk Search 02-05-2023 0 5	0	5
How to use regex in calculated fields? Hi, I've been told, that using field extractions on json is not best practis and that I should use calculated fields ... by bitnapper Path Finder in Splunk Search 02-05-2023 0 4	0	4
How to extract all the multi-values in excel? One of my field in raw data is multivalue(like array) .I can see those values in a column in Splunk , but when I try ... by kasis152 Explorer in Splunk Search 02-05-2023 0 3	0	3
Windows Event Log of Account Creation Search? Hi,I'm create search query to monitor when 3 users create accounts in an hour: index=* sourcetype="WinEventLog:Securi... by s4md0ry New Member in Splunk Search 02-05-2023 0 0	0	0
How to insert dummy data into the first few entries of a field? Here is the original table here, but I need to put some dummy data into Field_B TimeFiled_AField_B110Tom220Smith330W... by splunker-0625 Splunk Employee in Splunk Search 02-05-2023 0 3	0	3
How to get distinct count for which if condition satisfies? My Aim :This below query gives me count of success, failure by b_key, c_key. I want to get the distinct count of b_ke... by arugupta New Member in Splunk Search 02-05-2023 0 3	0	3
Calculate the difference between two fields? Dears, We have two fields in the one index, we need to compare two fields then create a new field to show only on it ... by Abdullah Explorer in Splunk Search 02-05-2023 0 12	0	12
How to convert large bytes to human readable units (e.g. Kib, MiB, GiB) Numeral system macros for Splunk v1.1.1Bytes to printing Human readable size (e.g. 4KiB, 1023.4MiB, 23.4GiB, 345,67Ti... by tfujita_splunk Splunk Employee in Splunk Search 02-04-2023 2 0	2	0
How to host regex from file input? Hey All, I'm really struggling here. I'm trying to get a universal forwarder to pull in txt logs, and edit the "h... by icewolf69 Loves-to-Learn Everything in Splunk Search 02-04-2023 0 4	0	4
How can I write a search that will list all the saved reports in my splunk environment? I need to write search queries to list all the dashboards and reports saved in my splunk environment. I was able to l... by saikatr Path Finder in Splunk Search 02-04-2023 1 5	1	5
Can you remove multiple entries from a lookup table using a search? Hi,I have a lookup table that contains a list of sessions with permitted time frames (start day & time / end day & ti... by mark_cet Path Finder in Splunk Search 02-04-2023 0 2	0	2
How to convert kb to GB? How do I convert this query to display the results in GB instead of kb? index="_internal" source="*metrics.log" per_s... by peasead Path Finder in Splunk Search 02-04-2023 0 4	0	4
Converting units in my classification breaks my alert? Hi, I had a good base search for a calculation and alerting when an upload/download happens, but now I tried to tidy... by klaudiac Path Finder in Splunk Search 02-04-2023 0 4	0	4