Splunk Search

Community Activity

	How to rename fields in a table without changing column order? Any suggestions on how to rename fields and keep those fields in their stated table order. I have a bunch of fields t... by bowesmana SplunkTrust in Splunk Search 01-17-2023 0 3	0	3
	How to normalize the IPs in lookup table which is in CIDR notation ? IPs in lookup table 3.124.56/32 64.37.99.0/24 55.63.24.7/16 How to edit my search to Exclude an IPs from outside t... by AL3Z Builder in Splunk Search 01-17-2023 0 4	0	4
	How to extract sourcetype as field in dashboard? Hi all, I have to extract sourcetype as field in Dashboard. There are multiple sourcetype like : oracle:audit:json, ... by shruti14 Explorer in Splunk Search 01-17-2023 0 5	0	5
	How to report or search for exchange logs? Just started to get logs for our 2019 exchange environment, I'm not a splunk admin and have been advised to use these... by chrodriguez Engager in Splunk Search 01-17-2023 0 1	0	1
	How to group by the to= values, so I can count the number of times they repeat, create charts, and other metrics? Hello!I have many events, and I have a search that returns only the events that contain the to field. index="my_i... by Stephcg Explorer in Splunk Search 01-17-2023 0 2	0	2
	How to get top 5 products for each day for 7 days? Hello,I am new to splunk. I need to get the top 5 products sold for each day, for the last 7 days. The products could... by nu_learner Explorer in Splunk Search 01-17-2023 0 2	0	2
	How to get top10 for each span in a time chart? Hello. I'm trying to create a bar chart visualization that shows the top10 eventId's by count for each day over the p... by cwinkler109 New Member in Splunk Search 01-17-2023 0 4	0	4
	Finding original URL where the request came from when http_referrer is not available Hello, When analyzing web traffic logs, at times the url field does not have a http_referrer field. We are intereste... by neerajs_81 Builder in Splunk Search 01-17-2023 0 3	0	3
	How to achieve hiding sensitive data? Hello, I have a log that look like this: Here each fields as its own field name, and viewed patient data in registrat... by poojithavasanth Explorer in Splunk Search 01-17-2023 0 4	0	4
	How to compare hosts in Splunk to CMDB export? I just came to the realization that this query shows "missing" when it's either missing in Splunk or exists in Splunk... by DennisVT Engager in Splunk Search 01-17-2023 0 4	0	4
	How to express multiple average windows in a table form? I am having trouble expressing multiple average windows in a table form. My table shows the same values for myval, f... by peiffer Path Finder in Splunk Search 01-16-2023 0 4	0	4
	How to calculate the number of days from a create date to the current date? index=servicenow assignment_group_name="security" status=* \| stats count by number,status,group_name,created_on ... by itsmevic70 Explorer in Splunk Search 01-16-2023 0 2	0	2
	How to search count of multiple logs? How can I write a query like following? index=my_app\| eval userError="Error while fetching User"\| eval addressError =... by vishal_pcap Explorer in Splunk Search 01-16-2023 0 10	0	10
	Matching fields from 3 different sources? Hi all, Could some please help me with this query. I have 3 different sources from which i want to match the fields. ... by pratibha0610 Explorer in Splunk Search 01-16-2023 0 1	0	1
	How can I search to filter? hai All, i have events like below from how can i filter events if for ex: 6th character in CE*M IS M want to filt... by sekhar463 Path Finder in Splunk Search 01-16-2023 0 6	0	6
	Why are we getting different results from "count eval if" and "count eval"? Seeing different results when performing similiar searches and not sure on the reason. base search is the same for b... by charlix Engager in Splunk Search 01-16-2023 0 2	0	2
	How to replace a specific character? Hi,I have the below output :1/16/2023 7:51:43 AM 1EE8 PACKET 000001D9C25E6180 UDP Rcv 10.8.64.132 646b Q [0001 D NOER... by quangtran Explorer in Splunk Search 01-15-2023 0 2	0	2
	Optimizing metrics based searches? Hello, I have the following query in one of the panels in my dashboard. \| mstats p95(prometheus.container_memor... by auzelevski Explorer in Splunk Search 01-15-2023 0 0	0	0
	How to imbed dbxquery in a splunk macro? I have a significant number of dashboards that use dbxquery to pull data from a significant number of servers running... by bwyn Observer in Splunk Search 01-14-2023 0 2	0	2
	Retrieve discarded values from the dedup command or other commands? I want to use the dedup command and see which values it removes from a field. Is this possible? by amorales_splunk Splunk Employee in Splunk Search 01-13-2023 0 2	0	2
	remove all text before certain words in events I have events like below-a3bcd: Info1234x:NullValue-a3bcd: Info1234x:NullValue-b3bcd: Info1234x:NullValue2-c3bcd: Inf... by trilocho Loves-to-Learn in Splunk Search 01-13-2023 0 2	0	2
	How to extract the value from the field using rex sed cmd? Hi, I looking for rex sed cmd to extract the value from the field.eg: input field1 = d:\AppDynamics\machineagent\ve... by Babuduraiswamy Engager in Splunk Search 01-13-2023 0 3	0	3
	How to match an ip address to cidr in lookup table? Hey there Splunk hero's, Story/Background: So, there is this variable called "src_ip" in my correlation search. The "... by commanman Explorer in Splunk Search 01-13-2023 0 8	0	8
	How to concatenate a string with a variable? I want to run this search but i have to concatenate the string with a variable and it doesn't work \| rest splun... by buttsurfer Path Finder in Splunk Search 01-13-2023 0 5	0	5
	How to search between two lines? Hello All, I have following lines in the log file - Server8 runiyal 2023-01-12 09:48:41,880 INFO Plugin.DOCUMENT By... by runiyal Path Finder in Splunk Search 01-12-2023 0 3	0	3