Splunk Search

Community Activity

	How to extract the value from the field using rex sed cmd? Hi, I looking for rex sed cmd to extract the value from the field.eg: input field1 = d:\AppDynamics\machineagent\ve... by Babuduraiswamy Engager in Splunk Search 01-13-2023 0 3	0	3
	How to match an ip address to cidr in lookup table? Hey there Splunk hero's, Story/Background: So, there is this variable called "src_ip" in my correlation search. The "... by commanman Explorer in Splunk Search 01-13-2023 0 8	0	8
	How to concatenate a string with a variable? I want to run this search but i have to concatenate the string with a variable and it doesn't work \| rest splun... by buttsurfer Path Finder in Splunk Search 01-13-2023 0 5	0	5
	How to search between two lines? Hello All, I have following lines in the log file - Server8 runiyal 2023-01-12 09:48:41,880 INFO Plugin.DOCUMENT By... by runiyal Path Finder in Splunk Search 01-12-2023 0 3	0	3
	How to create a pie chart after applying math on column values extracted? Hey people, my requirement is as such I have extracted these columns from my data using the query my query \| rex "fil... by sjs Path Finder in Splunk Search 01-12-2023 0 4	0	4
	How to search user concurrent logins on unique hosts? I'm hoping to get some help or direction. I have seen a few different forum posts where the search pulled how many co... by jayygee3 Engager in Splunk Search 01-12-2023 0 2	0	2
	How to calculate days between 2 dates? Hi, Not sure what the issue is. I got the solution from the other answers, but it's not working for me.I am getting d... by splunkuser320 Path Finder in Splunk Search 01-12-2023 0 1	0	1
	How to create an alert if index have no data in the last 24 hours? I want to create alert to check on all indexes event count and alert the list of all indexes that have no events in t... by Neonbeeflash Explorer in Splunk Search 01-12-2023 0 4	0	4
	How to create new field with values from a search that uses values of current field? I have a search that outputs a table like below user \| host \| app------------------------------------- ... by buttsurfer Path Finder in Splunk Search 01-12-2023 0 3	0	3
	Help with Regex extraction 2023-01-09T16:46:00.780076351Z app_name=default-java environment=e3 ns=one pod_container=default-java pod_name=defaul... by siksaw33 Path Finder in Splunk Search 01-12-2023 0 4	0	4
	How to append the result of a search to values of a multivalued field? I have a SPL search that returns a field with multiple values (names of lookups). I want to concat the lookup name a... by buttsurfer Path Finder in Splunk Search 01-12-2023 0 2	0	2
	How to use fit command together with foreach? I would like to fit an ARIMA model to my data with a search something like this: <base search>\| timechart span=5m avg... by Wonjon Observer in Splunk Search 01-12-2023 0 0	0	0
	Can I resolve this splunk dashboard index auto refresh / resync issue? hi all, we are creating one dashboard having two tables , in that we have set different folder locations for monitor... by pp3295 Explorer in Splunk Search 01-12-2023 0 6	0	6
	Using 'like' to find lookup fields which contain the current day of the week (%A) Hey all, I'm attempting to compare a variable (we'll call it cDOW), which is set to (strftime(now(), "%A")), to a DO... by TBH0 Explorer in Splunk Search 01-11-2023 0 5	0	5
	How to organize search substrings into LookUp tables? HelloI have a Splunk query that looks like following: index=something "abc" OR "def" OR "hig" These substrings... by pm771 Communicator in Splunk Search 01-11-2023 0 2	0	2
	Converting UTC to PST time on events? Some of my events are displaying UTC time while others display PST time, as they should since I have my preferences s... by dionrivera Communicator in Splunk Search 01-11-2023 0 3	0	3
	When do breaker characters apply? I have read the documentation about breaker characters, but within our organization there is disagreement about when ... by mv10 Path Finder in Splunk Search 01-11-2023 0 3	0	3
	How to dedup non-overlapping fields in separate sources? I have two different sources with different fields. Let's call them sourcetypeA and sourcetypeB. Some fields that I... by yuanliu SplunkTrust in Splunk Search 01-11-2023 0 1	0	1
	How to iterate over the values of a complex field? The event has a field: { ... some_field: { key1: value1 key2: value2 } ... } How to iterate over the values of "s... by Evgenii Engager in Splunk Search 01-11-2023 0 3	0	3
	Not able to use JSON fields in search This is my sample eventonlinequoteinguser 2023-01-11T10:27:13,843 INFO DigitalPortal.xxxeSubmissionUtil{"hostName": "... by sabari80 Explorer in Splunk Search 01-11-2023 0 2	0	2
	Why am I receiving error trend stats with multiple error codes from each event? Hi All, I am trying to tabulate the error ratio based on the following scenarios from the unique log event but furth... by kumar497 Path Finder in Splunk Search 01-11-2023 0 13	0	13
	How to remove Search Results from lookup file? Hi All, I have a search with a subsearch that references a lookup file test.csv with a single field. "Account_Name". ... by Splunkadmin1876 Engager in Splunk Search 01-11-2023 0 2	0	2
	Take latest unique values from multivalue field and the corresponding values from another multivalue field? Hi, suppose I have a multi-value field which represents names, which can have different values in each event. for exa... by TalNiv New Member in Splunk Search 01-11-2023 0 3	0	3
	How to search JSON data for specific values? I have a JSON file I am trying to search for a specific value - EventType=GoodMail - and then pull the values from an... by jwalzerpitt Influencer in Splunk Search 01-11-2023 0 10	0	10
	Regex to match string between 2 strings? Hi, I have below splunk command: \| makeresults \| eval _raw="The first value is 0.00 and The second value is 0\",\"ori... by sasank Explorer in Splunk Search 01-11-2023 0 3	0	3