Splunk Search

Community Activity

What are Splunk search rules for hit by count? In the below search I am looking for rules hit by count, but how or where would I add a NOT or !, if I wanted to know... by bam22 Engager in Splunk Search 01-24-2023 0 1	0	1
How to display all eventtypes in a timechart, including the all zero count eventtypes? I have six eventtype's that each check Juniper router logs for an Interface bounce (an up/down event). These are work... by rprior Explorer in Splunk Search 01-24-2023 0 3	0	3
Why is there error when trying to get data from REST API using Python script? I'm trying to get data by registering it as a Splunk script using Python code. But the problem only occurs when I run... by munang Path Finder in Splunk Search 01-24-2023 0 2	0	2
How to use multiple numbers in search? Hello Guys, I'd like to create a search based on business hours, and like to use a field with value like this: "2023/... by ipteam Engager in Splunk Search 01-23-2023 0 5	0	5
How to create a search for group by and filter query? My data looks like the following student_idbrowser_idguiddatetimex_id12_aChrome_211221/9/23 14:45788a13_aChrome_4121... by anrak33 Explorer in Splunk Search 01-23-2023 0 7	0	7
How to group by and concat column values? Given the below scenario: base search\| table service_name,status,count Service_name Status Count serviceA 500_IN... by spl_1991 Engager in Splunk Search 01-23-2023 0 2	0	2
How to pass a value to a non existent field/null? Is it possible to assign a value to a different fields. I am trying to combine two different events but the same inde... by villnooB Explorer in Splunk Search 01-23-2023 0 4	0	4
How accelerate only one root dataset from datamodel with multiple datasets? Hi! I try to accelerate only one dataset in datamodel with multiple datasets. How i can do it through datamodel.conf ... by kyokkygo Engager in Splunk Search 01-23-2023 0 2	0	2
How to remove a word with Regex using Capturing group? Hello, I have a Regex for splitting a Person full name into Person lastname, firstname and middlename. Regex used: (?... by poojithavasanth Explorer in Splunk Search 01-23-2023 0 5	0	5
How to extract data from .conf file? I need to extract ITSI app version from app.conf fileTo display the data on a dashoboard I found a way sing the confi... by sjaitly Engager in Splunk Search 01-23-2023 0 3	0	3
How to get total number of hours elapsed from last event raised till now()? Hey people, I want to find out the total number of hours that elapsed from the last event raised. This is what I wa... by sjs Path Finder in Splunk Search 01-22-2023 0 1	0	1
How can a regex query be written to extract source IP address? The position of IP address is getting changed(appearing before or after https) in the logs, in such scenario how rege... by Daksesh Explorer in Splunk Search 01-22-2023 0 5	0	5
How to group records and find the max/min per group? Hello!Can I ask something very basic as it will help me get started quickly?How can I structure a query to:1) group r... by splunkos New Member in Splunk Search 01-22-2023 0 1	0	1
How to get only active hosts? I have an application that have some instances/hosts. Because of change of throughput or instability new instances/ho... by Stephcg Explorer in Splunk Search 01-21-2023 0 2	0	2
Is there a tools for Splunk to view messages in a cleaner format? Hello, We have migrated from an app called Mirth to Splunk. With Mirth we used a tool called Interface Explorer for H... by nikonjd New Member in Splunk Search 01-20-2023 0 1	0	1
インデックスデータの削除方法について間違ったデータがインデックスされてしまいましたが、どのようにインデックス内のデータを削除すれば良いでしょうか？ by cwl Contributor in Splunk Search 01-20-2023 3 3	3	3
How to bold specific column headers in a table? I have a dashboard with a table with 6 headers. I would like to bold the text of the second, fourth, and fifth colum... by DEADBEEF Path Finder in Splunk Search 01-20-2023 0 15	0	15
Realtime search with a sliding window that doesn't snap to the hour? Hi folks, I have a realtime search that looks at failed windows logins, producing a "single value" timechart visualiz... by ravida Explorer in Splunk Search 01-20-2023 0 1	0	1
3rd Token handler doesn't work with 1st and 2nd token handler together? Hi, Splunkers, I have the following token handler, if input "Gucid_token_with3handlers" is 2 digits number, it will... by wangkevin1029 Communicator in Splunk Search 01-20-2023 0 2	0	2
How to add two field values into new field? I have a field A which has percentage values. Also, I have a field B which has percentage values in it. Both are diff... by vinothkumark Path Finder in Splunk Search 01-20-2023 0 3	0	3
How to join query with condition and comparison? Hi, I need to show error messages for one particular service. But the challenge here is that for example , I need to ... by Dharani Path Finder in Splunk Search 01-20-2023 0 2	0	2
How to configure pie-chart to display count within the chart? I were able to append the count of each slice in the pie-chart to the back of each slice info. But I really want to d... by tamduong16 Contributor in Splunk Search 01-20-2023 0 3	0	3
Why are fields getting trimmed while fetching? I have some error logs like below: TYPE=ERROR, DATE_TIME=2022-12-31 03:30:27,281, CLASS_NAME=myClass, METHOD_NAME... by Nidd Path Finder in Splunk Search 01-20-2023 0 1	0	1
How can we limit the tstats record? I am using tstats command from a while, right now we want to make tstats command to limit record as we are using in k... by sumitnagal Path Finder in Splunk Search 01-20-2023 0 6	0	6
How to get the exact row from a results table to use for other panel searches in the same dashboard? Hello! I want to make an error monitoring dashboard. I want to have a table with (operation\| okOperations/allOperat... by belladonna New Member in Splunk Search 01-20-2023 0 3	0	3