Splunk Search

Community Activity

	How to parse XML and props.conf? This is very similar to a lot of XML parsing questions, however I have read through ~20 topics and am still unable to... by poojithavasanth Explorer in Splunk Search 02-09-2023 0 7	0	7
	How to search with cidrmatch with multiple subnets? Hello everyone, I got such table after search ipsubnets10.0.0.2 10.0.0.0/24 10.0.0.3 10.0.0.0/24 172.24.23.23/24 ... by bosseres Contributor in Splunk Search 02-09-2023 0 6	0	6
	Why does REST API return nested json as string not json? Hi,I am using the REST API to pull data from splunk, using the output_mode=json.The data that is returned is a mix of... by bdunstan Path Finder in Splunk Search 02-09-2023 0 3	0	3
	How to match string which include random numbers with a lookup? Hello Team,i have the following problem.Inside my data i have a String like:Error in Data \| 5432323 from endpoint 543... by klischatb Path Finder in Splunk Search 02-09-2023 0 3	0	3
	Why is UF not reporting to DS? Hi, I have 10 hosts, from this only 3 hosts are reporting to DS and 7 are not reporting.when i searched with _interna... by Vani_26 Path Finder in Splunk Search 02-09-2023 0 2	0	2
	How to group events based on a fields with predefined values? I need to group by a field where all possible values should be shown in the result.For example, the below snippet gro... by ChrisPatin New Member in Splunk Search 02-08-2023 0 1	0	1
	How to fill count number of previous month when there is no data? Hi Splunk community, I have a chart display the number of users in each month. There was no data coming in in October... by boxmetal Path Finder in Splunk Search 02-08-2023 0 3	0	3
	What does default to? Because of a typo we had the following in our query: earliest=-1@d Since Splunk query actually ran I assumed that s... by pm771 Communicator in Splunk Search 02-08-2023 0 5	0	5
	How to achieve a field extraction where field differs in location per log row but still has structure? I have an OpenCanary which is using a webhook to deliver data into my Splunk instance. It works really well but my re... by LeeMoe Path Finder in Splunk Search 02-08-2023 0 3	0	3
	Can't I use backslashes in Splunk searches? I have a Splunk query as below which pulls some events. index="windows_events" TargetFileName="startup" Now from t... by pavanae Builder in Splunk Search 02-08-2023 0 1	0	1
	How do I write this search with a mvindex with a conditional? Hello, I have the below SPL with the two mvindex functions. mvindex position '6' in the array is supposed to apply ht... by user33 Path Finder in Splunk Search 02-08-2023 0 5	0	5
	How to use field inside quoted search as a variable? Hi, I have the following joined Splunk query:index="myIndex" source="mySource1" \| fields _time, _raw \| rex "Naam van... by Bleepie Communicator in Splunk Search 02-08-2023 0 7	0	7
	Can anyone direct me to a mechanism to export run data (success/failure) for HTTP checks via CSV? Without the ability to remove testing errors in uptime calculation when reporting monthly numbers, I spend a lot... by sflesch360 Engager in Splunk Search 02-08-2023 0 4	0	4
	Calculate number of decimals for each record in field? Field = 1.123456789 Field = 14.123456 Field = 3.1234567 I need to run a query that will return the number of decimals... by DPOIRE Path Finder in Splunk Search 02-08-2023 0 2	0	2
	How to stop searching when first result was found in each index in multisearch Hello I find it difficult to stop the search when I got first result in multisearch.I tried \|head 1 but it can't be ... by Raymond2T Path Finder in Splunk Search 02-08-2023 0 4	0	4
	Can anyone tell me why Account ID and User Agent aren't displaying in my table? index=akamai "httpMessage.host"="" "httpMessage.path"="/auth/realms/user/login-actions/authenticate" "User-Agent:*"... by jhilton90 Path Finder in Splunk Search 02-08-2023 0 4	0	4
	Should I use lookup or inputlookup in search? Hello Splunkers, Please if someone can help me with a Splunk query, I have a list of IPs I imported in lookup table, ... by mohsplunking Path Finder in Splunk Search 02-08-2023 0 4	0	4
	Finding the correct scope of an IP address? Hi, I am struggling with following task. I have a lookup file containing all the configured dhcp scopes in the follow... by dersa Path Finder in Splunk Search 02-08-2023 0 2	0	2
	Conditional search: How to use negative search in case command ? Hi, I got these datas URITXTParamAMy text and othersparam 1AMy text and othersparam 2AMy text param 3AMy textparam 4B... by mxh7777 Path Finder in Splunk Search 02-08-2023 0 2	0	2
	Comparing two time frames with the same search? So I have a search I run for an alert which looks for a missing event, it's a simple tstats that shows stuff within t... by Orangebottle76 Engager in Splunk Search 02-08-2023 0 3	0	3
	How to backup splunk-var data? Hello Splunkers , I wrote a python script that explores the splunk-var indexes and calculates their total size, and t... by power12 Communicator in Splunk Search 02-07-2023 0 6	0	6
	How to find data which does not exist in index1 when compare to index2? I want to compare two index index1 and index2 and print values where index1 values does not exists in index2 fro ex:... by directtv999 Loves-to-Learn Lots in Splunk Search 02-07-2023 0 7	0	7
	Using Eval to find the average response time with 10% additional buffer? Average response time with 10% additional buffer ( single number) by navarone0161 Explorer in Splunk Search 02-07-2023 0 2	0	2
	Use a single field in a lookup table to search across multiple fields? I have a simple lookup table that contains a list of IPs. I'd like to take this list and search across all of my ind... by splunkzilla Explorer in Splunk Search 02-07-2023 0 1	0	1
	How can I write this regex for rex to extract multiple matches? I'm trying to parse saved searches that contain a bunch of eval statements that do this sort of logic \| eval var=ca... by bowesmana SplunkTrust in Splunk Search 02-07-2023 0 6	0	6