Splunk Search

Community Activity

	How can I join values of a 'single field name' to two lookups and get the corresponding values from each lookup Hi,I have search which has S_host name values of different DB instances say MSSQL and Oracle in a single field.eg: S_... by Woodpecker Path Finder in Splunk Search 02-14-2023 0 2	0	2
	How to filter out events to make a search out of it? Hi,I want to create a search out of the below event, to raise an alert if the particular system having the label lost... by AL3Z Builder in Splunk Search 02-14-2023 0 10	0	10
	How to extract JSON arrays in Splunk? Here is the query i have and need to extract the "sts:ExternalId" requestParameters: { [-]policyDocument: {<!-- -->"Version... by sahilmits Engager in Splunk Search 02-14-2023 0 7	0	7
	How to chart job ending time - Time on Y Axis / Day on X Axis ? If I am starting with this query:index=anIndex sourcetype=aSourcetype ( aJobName AND "COMPLETED OK" )The job im inter... by sjringo Contributor in Splunk Search 02-14-2023 0 1	0	1
	How to filter small table results by large table results? I have two searches that will return orderNumbers 1.index=main "Failed insert" \| table orderNumber//returns small lis... by queriousGeorge Engager in Splunk Search 02-14-2023 0 3	0	3
	How to categorize a particular values and do a percentage of it? Hello Splunkers,I have a field called state_sinfo which have values like (up,up*,up$,up^,continue,continue$,continued... by power12 Communicator in Splunk Search 02-14-2023 0 1	0	1
	How to search for Entries Between DateTime field value? I am trying to find entries between a date-time range based on a field in the event 'Date'. It date-time value of the... by akpuvvada Engager in Splunk Search 02-14-2023 0 1	0	1
	Charting completion time on daily basis Hi, I'm trying to build a line graph that would show me the completion time of an event on a daily basis. The complet... by nomad1981 Explorer in Splunk Search 02-14-2023 0 3	0	3
	Which type of host is talking to which type of host on which port Hey everyone,I want to create a search that gives me the following information in a structured way: Which type of hos... by erikschubert Engager in Splunk Search 02-14-2023 0 3	0	3
	Any ideas on Auditing Content Library? I need to provide audit details on our ES Content Library. Using rest, I can identify searches that have been updated... by gazoscreek Path Finder in Splunk Search 02-14-2023 0 1	0	1
	Is there a way to choose the smaller subnet that contains the src_ip? Hi, I have a lookup definition that look like that: When I'm running this search with looking up in this lookup difi... by joock3r Explorer in Splunk Search 02-14-2023 0 1	0	1
	How to write a rex to extract values in a field that are delimited by comma? I want to write a rex to extract values in a field that are delimited by comma. index=group sourcetype="ext:user_acco... by zacksoft_wf Contributor in Splunk Search 02-14-2023 0 4	0	4
	How to filter out value based from another another column? HiGreatly appreciate your help, would like to know if there is any way i could filter out a value based from another ... by villnooB Explorer in Splunk Search 02-14-2023 0 1	0	1
	How can I apply split and regex TSV at the same time? Hi,I have logs separated by a tab. I have defined FIELD_DELIMITER=tab, INDEXED_EXTRACTIONS=tsv FIELD_NAMES etc in pro... by max8006 Explorer in Splunk Search 02-14-2023 0 1	0	1
	How to Extract Event Logs from SignalFX via API? Hi, I'm trying to extract logs via API using /v2/event/find Found here: Retrieve Events V2 \| API Reference \| Splunk D... by rvillaflores Loves-to-Learn in Splunk Search 02-14-2023 0 0	0	0
	How to select only one event? My query is this. index=log AND 1378 There are two event 20230112, 1378, error A/B/C, duration 100 20230112, 13... by disasters Explorer in Splunk Search 02-13-2023 0 7	0	7
	How to track impossible travel events for users who are logging in to applications using Duo 2fa? Good afternoon, I'm looking for a way to track impossible travel events for users who are logging in to applications ... by drathbo New Member in Splunk Search 02-13-2023 0 3	0	3
	Is it possible to use map search twice? Not sure if this is possible through Splunk query but what i am trying to do is basically retrieve field value from o... by ak9092 Path Finder in Splunk Search 02-13-2023 0 1	0	1
	Extract any character when dot is present? Hi, I have different mails in my logs and I need to filter them in order to distinguish real users from technical use... by marco_massari11 Communicator in Splunk Search 02-13-2023 0 1	0	1
	How to create over lapping dashboard? I am new to slunk, I have to create one dashboard and compare current day with same day of last week based on request... by ssharma Loves-to-Learn Lots in Splunk Search 02-13-2023 0 5	0	5
	Why is dashboard report search unable to read from time picker? Hi All, My Dashboard panel which calls a report search is showing "Search did not return any events." When i click on... by neerajs_81 Builder in Splunk Search 02-13-2023 0 4	0	4
	How to Sort data by using the value of Variable Name I have a query and at the end I want to sort the data by specific column But column is dynamically generated. i can g... by sukansingh Explorer in Splunk Search 02-13-2023 0 5	0	5
	Error in 'search' command: Unable to parse the search: Right hand side of IN must be a collection of literals? index=index1 type=1 feature IN ([search index=index1 type=type2 application=weather_app \| dedup feature \| f... by buttsurfer Path Finder in Splunk Search 02-12-2023 0 2	0	2
	How to extract some fields from an existing field which has backslashes? I have a field called folder_path which gives the values as follows. folder_path\Device\XYZ\Users\user_A\AppData\prog... by pavanae Builder in Splunk Search 02-12-2023 0 3	0	3
	Is it possible to use stats inside a join command? I have a user table which shows which department each user belongs to. I want to join this with another table on User... by buttsurfer Path Finder in Splunk Search 02-12-2023 0 3	0	3