Splunk Search

Community Activity

What does default to? Because of a typo we had the following in our query: earliest=-1@d Since Splunk query actually ran I assumed that s... by pm771 Communicator in Splunk Search 02-08-2023 0 5	0	5
How to achieve a field extraction where field differs in location per log row but still has structure? I have an OpenCanary which is using a webhook to deliver data into my Splunk instance. It works really well but my re... by LeeMoe Path Finder in Splunk Search 02-08-2023 0 3	0	3
Can't I use backslashes in Splunk searches? I have a Splunk query as below which pulls some events. index="windows_events" TargetFileName="startup" Now from t... by pavanae Builder in Splunk Search 02-08-2023 0 1	0	1
How do I write this search with a mvindex with a conditional? Hello, I have the below SPL with the two mvindex functions. mvindex position '6' in the array is supposed to apply ht... by user33 Path Finder in Splunk Search 02-08-2023 0 5	0	5
How to use field inside quoted search as a variable? Hi, I have the following joined Splunk query:index="myIndex" source="mySource1" \| fields _time, _raw \| rex "Naam van... by Bleepie Communicator in Splunk Search 02-08-2023 0 7	0	7
Can anyone direct me to a mechanism to export run data (success/failure) for HTTP checks via CSV? Without the ability to remove testing errors in uptime calculation when reporting monthly numbers, I spend a lot... by sflesch360 Engager in Splunk Search 02-08-2023 0 4	0	4
Calculate number of decimals for each record in field? Field = 1.123456789 Field = 14.123456 Field = 3.1234567 I need to run a query that will return the number of decimals... by DPOIRE Path Finder in Splunk Search 02-08-2023 0 2	0	2
How to stop searching when first result was found in each index in multisearch Hello I find it difficult to stop the search when I got first result in multisearch.I tried \|head 1 but it can't be ... by Raymond2T Path Finder in Splunk Search 02-08-2023 0 4	0	4
Can anyone tell me why Account ID and User Agent aren't displaying in my table? index=akamai "httpMessage.host"="" "httpMessage.path"="/auth/realms/user/login-actions/authenticate" "User-Agent:*"... by jhilton90 Path Finder in Splunk Search 02-08-2023 0 4	0	4
Should I use lookup or inputlookup in search? Hello Splunkers, Please if someone can help me with a Splunk query, I have a list of IPs I imported in lookup table, ... by mohsplunking Path Finder in Splunk Search 02-08-2023 0 4	0	4
Finding the correct scope of an IP address? Hi, I am struggling with following task. I have a lookup file containing all the configured dhcp scopes in the follow... by dersa Path Finder in Splunk Search 02-08-2023 0 2	0	2
Conditional search: How to use negative search in case command ? Hi, I got these datas URITXTParamAMy text and othersparam 1AMy text and othersparam 2AMy text param 3AMy textparam 4B... by mxh7777 Path Finder in Splunk Search 02-08-2023 0 2	0	2
Comparing two time frames with the same search? So I have a search I run for an alert which looks for a missing event, it's a simple tstats that shows stuff within t... by Orangebottle76 Engager in Splunk Search 02-08-2023 0 3	0	3
How to backup splunk-var data? Hello Splunkers , I wrote a python script that explores the splunk-var indexes and calculates their total size, and t... by power12 Communicator in Splunk Search 02-07-2023 0 6	0	6
How to find data which does not exist in index1 when compare to index2? I want to compare two index index1 and index2 and print values where index1 values does not exists in index2 fro ex:... by directtv999 Loves-to-Learn Lots in Splunk Search 02-07-2023 0 7	0	7
Using Eval to find the average response time with 10% additional buffer? Average response time with 10% additional buffer ( single number) by navarone0161 Explorer in Splunk Search 02-07-2023 0 2	0	2
Use a single field in a lookup table to search across multiple fields? I have a simple lookup table that contains a list of IPs. I'd like to take this list and search across all of my ind... by splunkzilla Explorer in Splunk Search 02-07-2023 0 1	0	1
How can I write this regex for rex to extract multiple matches? I'm trying to parse saved searches that contain a bunch of eval statements that do this sort of logic \| eval var=ca... by bowesmana SplunkTrust in Splunk Search 02-07-2023 0 6	0	6
How to get specific value from key/value array to form table? Hi All, I don't have much experience with Splunk. My JSON payload looks like as shown below. The msg.details array ca... by btsr Explorer in Splunk Search 02-07-2023 0 3	0	3
Combining Lookups to a Table? I have two looksups that have a lists of subnets and name of the subnets. One lookup (subnet1.csv) as a field called ... by atebysandwich Path Finder in Splunk Search 02-07-2023 0 1	0	1
How to Group field values into similar field values? I am trying to get network outage totals by domain. I have four domains: A, B, C, D. The problem is that sometimes th... by michaeler Communicator in Splunk Search 02-07-2023 0 3	0	3
Comparison of field values with a lookup? I have a field in my database datamodel called 'os.user'. And I have a lookup called 'userAccount'. 'userAccount' lo... by zacksoft_wf Contributor in Splunk Search 02-07-2023 0 2	0	2
Is there is a way to output the contents of a Lookup file but also show the Lookup file name as results? Hi Splunkers, I was wondering if there is a way to output the contents of a Lookup file but also show the Lookup file... by finchy Explorer in Splunk Search 02-07-2023 0 3	0	3
Can we get Bamboo build stats into Splunk? We have Jira Add-On which allow us run Jira API to get Jira stats on Splunk. Similarly is there any Add-on or custom ... by roopendra Engager in Splunk Search 02-07-2023 1 2	1	2
How to generate query from an event? Hi,I want to make a search out of events by AL3Z Builder in Splunk Search 02-07-2023 0 1	0	1