Splunk Search

Community Activity

How to stop searching when first result was found in each index in multisearch Hello I find it difficult to stop the search when I got first result in multisearch.I tried \|head 1 but it can't be ... by Raymond2T Path Finder in Splunk Search 02-08-2023 0 4	0	4
Can anyone tell me why Account ID and User Agent aren't displaying in my table? index=akamai "httpMessage.host"="" "httpMessage.path"="/auth/realms/user/login-actions/authenticate" "User-Agent:*"... by jhilton90 Path Finder in Splunk Search 02-08-2023 0 4	0	4
Should I use lookup or inputlookup in search? Hello Splunkers, Please if someone can help me with a Splunk query, I have a list of IPs I imported in lookup table, ... by mohsplunking Path Finder in Splunk Search 02-08-2023 0 4	0	4
Finding the correct scope of an IP address? Hi, I am struggling with following task. I have a lookup file containing all the configured dhcp scopes in the follow... by dersa Path Finder in Splunk Search 02-08-2023 0 2	0	2
Conditional search: How to use negative search in case command ? Hi, I got these datas URITXTParamAMy text and othersparam 1AMy text and othersparam 2AMy text param 3AMy textparam 4B... by mxh7777 Path Finder in Splunk Search 02-08-2023 0 2	0	2
Comparing two time frames with the same search? So I have a search I run for an alert which looks for a missing event, it's a simple tstats that shows stuff within t... by Orangebottle76 Engager in Splunk Search 02-08-2023 0 3	0	3
How to backup splunk-var data? Hello Splunkers , I wrote a python script that explores the splunk-var indexes and calculates their total size, and t... by power12 Communicator in Splunk Search 02-07-2023 0 6	0	6
How to find data which does not exist in index1 when compare to index2? I want to compare two index index1 and index2 and print values where index1 values does not exists in index2 fro ex:... by directtv999 Loves-to-Learn Lots in Splunk Search 02-07-2023 0 7	0	7
Using Eval to find the average response time with 10% additional buffer? Average response time with 10% additional buffer ( single number) by navarone0161 Explorer in Splunk Search 02-07-2023 0 2	0	2
Use a single field in a lookup table to search across multiple fields? I have a simple lookup table that contains a list of IPs. I'd like to take this list and search across all of my ind... by splunkzilla Explorer in Splunk Search 02-07-2023 0 1	0	1
How can I write this regex for rex to extract multiple matches? I'm trying to parse saved searches that contain a bunch of eval statements that do this sort of logic \| eval var=ca... by bowesmana SplunkTrust in Splunk Search 02-07-2023 0 6	0	6
How to get specific value from key/value array to form table? Hi All, I don't have much experience with Splunk. My JSON payload looks like as shown below. The msg.details array ca... by btsr Explorer in Splunk Search 02-07-2023 0 3	0	3
Combining Lookups to a Table? I have two looksups that have a lists of subnets and name of the subnets. One lookup (subnet1.csv) as a field called ... by atebysandwich Path Finder in Splunk Search 02-07-2023 0 1	0	1
How to Group field values into similar field values? I am trying to get network outage totals by domain. I have four domains: A, B, C, D. The problem is that sometimes th... by michaeler Communicator in Splunk Search 02-07-2023 0 3	0	3
Comparison of field values with a lookup? I have a field in my database datamodel called 'os.user'. And I have a lookup called 'userAccount'. 'userAccount' lo... by zacksoft_wf Contributor in Splunk Search 02-07-2023 0 2	0	2
Is there is a way to output the contents of a Lookup file but also show the Lookup file name as results? Hi Splunkers, I was wondering if there is a way to output the contents of a Lookup file but also show the Lookup file... by finchy Explorer in Splunk Search 02-07-2023 0 3	0	3
Can we get Bamboo build stats into Splunk? We have Jira Add-On which allow us run Jira API to get Jira stats on Splunk. Similarly is there any Add-on or custom ... by roopendra Engager in Splunk Search 02-07-2023 1 2	1	2
How to generate query from an event? Hi,I want to make a search out of events by Raj Builder in Splunk Search 02-07-2023 0 1	0	1
How to compare products sold today vs last week same day? Today : index=sold Product=Acer , Product=iphone last week : index=sold Product=Samsung , Product=iphoneQuery Used :... by Prathyusha891 Explorer in Splunk Search 02-06-2023 0 3	0	3
How can I use props and transforms to extract multiline muntivalue event? Hi experts there, Trying to extract multivalue output from a multiline json field through props and transforms. How b... by nareshinsvu Builder in Splunk Search 02-06-2023 0 3	0	3
Why does makeresults returns "1" instead of "0"? My search: \| makeresults earliest=-2h \| timechart count as aantal span=1m returns a list of zero's but for th... by rrovers Contributor in Splunk Search 02-06-2023 0 2	0	2
How to get the start and end time based on key words in logs? Hi folks looking for some expert opinion. my logs contains many diff files. I want to capture the start and end time ... by merc14 Explorer in Splunk Search 02-06-2023 0 3	0	3
How to find duplicates on multiple fields? I have logs with the following three fields: -category -price -requestID (unique per entry) I want to find all requ... by sejiweji New Member in Splunk Search 02-06-2023 0 3	0	3
Using split function for two conditions? So I have a field named "domain" that has values of single domains (A, B, C) and combinations of domains with two dif... by michaeler Communicator in Splunk Search 02-06-2023 0 3	0	3
Help with Timechart function. Hi Community, I am trying to generate a timechart by month with the following query: index=xyz Question="zzz" NOT "Co... by edsanchez07 New Member in Splunk Search 02-06-2023 0 2	0	2