Splunk Search

Community Activity

How to group by multiple fields? Hi everyone, I'm kinda new to splunk. I have two indizes: Stores events (relevant fields: hostname, destPort) ... by erikschubert Engager in Splunk Search 01-30-2023 0 3	0	3
How to inner join with field subtraction on two fields part of different searches? Hi, I am using inner join to form a table between 2 search, search is working fine but i want to subtract 2 fields in... by batham Explorer in Splunk Search 01-30-2023 0 2	0	2
Why error in parsing pass4SymmKey under shclustering stanza? While pushing the application from deployment server to search head1 it gives me this error after entering the below ... by vibh458 New Member in Splunk Search 01-30-2023 0 5	0	5
Error in 'eval' command: unexpected character at 86400 Hi All, On the internal logs i see this eval command error - ERROR EvalCommand - Error in 'eval' command: The express... by inventsekar SplunkTrust in Splunk Search 01-30-2023 0 6	0	6
Combine 2 or more strings based on a comman field Hi I am tracking service requests and responses and trying to create a table that contains both requests and response... by batham Explorer in Splunk Search 01-30-2023 0 2	0	2
How to filter IIS Logs with 80 and 443? Hi Team, We have a requirement to filter out the events from the IIS logs if the event contains ""GET / - 80 -" OR "G... by anandhalagaras1 Contributor in Splunk Search 01-30-2023 0 11	0	11
Adding SLA compliance percentage Hi All, Need some guidance for calculating SLA Achieved percentage column. This is how my results look like after ru... by neerajs_81 Builder in Splunk Search 01-30-2023 0 5	0	5
How to filter for total number of users on an appliance? For Cisco I used the filter below, I will need to add filters for whatever view I am looking for. I want to look up t... by Anthony3rd Explorer in Splunk Search 01-30-2023 0 6	0	6
How to find last value of multivalue field (Split and mvindex)? I have a URL field and need to find the last word (split by "/") Ex: URL 1: xxx/yyy/ServiceNameURL 2 : aaa/bbb/ccc/dd... by Krishna_Sridhar New Member in Splunk Search 01-30-2023 0 4	0	4
How to calculate time difference using ctime? Hi All, I have a very simple use case and that is to display the time difference between 2 fields that already have t... by neerajs_81 Builder in Splunk Search 01-30-2023 0 5	0	5
How to get last login from multiple date ? please help,i used _time from date log, and i using time from windowstime, but i tried substraction bot of them not r... by riposan Explorer in Splunk Search 01-30-2023 0 3	0	3
How to display only subsets of data from correlated sendmail log transactions? The sender and recipient information I need from Unix/Linux "sendmail" logs is contained in separate lines in the se... by mailwimp Engager in Splunk Search 01-29-2023 0 4	0	4
How to use regex to send events to NullQueue? Hi, How to use regex to send all events related to fw_rule=0 and from a sensor sensor=abcd-f01 to null queue? samp... by kiran331 Builder in Splunk Search 01-29-2023 0 10	0	10
Is there any configuration/way to merge two or more events into one ? I was trying to send data through Splunk HEC (Http event Collector).curl http://ip:8088/services/collector -H "Author... by neelpatel02 New Member in Splunk Search 01-29-2023 0 1	0	1
Not receiving data from particular source Hi My sources:1. /app/splunkser/ShiftNonMinJMC/ShiftNonMinJMC.log2. /app/splunkser/ShiftNonMinJMC/ShiftNonMinJMC-sh... by Harish2 Path Finder in Splunk Search 01-29-2023 0 5	0	5
How to add value in two fields based on their name? Hi, I would like to add value in two fields based on their name. I want the output as sum of traffic_in#fw1+traffic_... by phularah Communicator in Splunk Search 01-29-2023 0 5	0	5
Why won't Walklex timespan follow time specifications? When I use walklex on my indexes, it doesn't appear to be following the time specifications very well. Does anybody k... by Derson Explorer in Splunk Search 01-29-2023 0 0	0	0
How to extract a timestamp from line 2 of a CSV and apply it to each line of data in the remainder of file? We have a particular file of the format: Field1, Field2, Timestamp field, Field4, Field5, Number of records, Field7 ... by andyfromoz Explorer in Splunk Search 01-28-2023 1 4	1	4
How to use tstats in search? Hi allwhen i run my original query i am getting one result and when i execute the same query using tstats i am gettin... by Vani_26 Path Finder in Splunk Search 01-28-2023 0 3	0	3
How to load all artifact_offsets in loadjob? Hey all! I have a saved search that runs on a schedule and generates those "artifacts", I know I can access a specifi... by axelmunoz New Member in Splunk Search 01-28-2023 0 3	0	3
Has anyone come across this warning below in Splunk Web? Hi,I recently came across this warning on Splunk web and was just wondering if anyone else has encountered this befor... by mohdmikhael Explorer in Splunk Search 01-27-2023 0 3	0	3
Why won't strptime work for the below format? Hi, My Strptime function is not working for the below format. date format: 1/13/23 11:44:11.543 AM eval time_epoc= s... by batham Explorer in Splunk Search 01-27-2023 0 1	0	1
How to compare contents of one lookup to another? Currently I have an inputlookup csv that contains a list of IP addresses and lookup csv that has a list of subnets. I... by atebysandwich Path Finder in Splunk Search 01-27-2023 0 1	0	1
How to change each instance of a field search result? I'm doing a search for server names and will eventually extract to to a csv. However, each result comes out as one of... by atebysandwich Path Finder in Splunk Search 01-27-2023 0 4	0	4
How to filter events with regex? I'm trying to filter out events like the ones below using the regex expression regex _raw!="^[A-Za-z0-9]{4}:.*$" bu... by pjanssen007 Explorer in Splunk Search 01-27-2023 0 6	0	6