Splunk Search

Community Activity

Is there a way to match this and produce result with both uri_path and api_name? My Access logs: server - - [date& time] "GET /google/page1/page1a/633243463476/googlep1 HTTP/1.1" 200 350 85rex query... by mikeyty07 Communicator in Splunk Search 12-18-2022 0 3	0	3
How to change timechart default Y axis default scale? Hi，Splunkers, I have a timechart, which have value for count by VQ less than 10, but default y axis scale is 10... by wangkevin1029 Communicator in Splunk Search 12-18-2022 0 6	0	6
How to refer a eval reference in rex to change the group name dynamically? How to use eval reference in rex command. Here is what I have tried so far: MyMacro: myrextest(1) \| eval test= "Hel... by bhanusaketi Loves-to-Learn in Splunk Search 12-18-2022 0 5	0	5
How to use rex to create a field and using lookup to inject the data in the same field? I am using rex field to extract the field name and then inject the data so I can get only the desired fields but not ... by mikeyty07 Communicator in Splunk Search 12-17-2022 0 3	0	3
How to group two field and count content? Hi, I have table below then I need to grouping field and need to eval (+ )the value become below table Help please.... by b1211ry Explorer in Splunk Search 12-17-2022 0 3	0	3
Why am I having this issue Parsing Vulnerability Data? Community, I am attempting to retrieve events in Splunk regarding Tenable vulnerability data. The goals are as follo... by qcjacobo2577 Path Finder in Splunk Search 12-16-2022 0 4	0	4
How to convert tabular data to a specific format? Hello,I've the following tabular formatted data: How can I achieve the following: Thanks in advance for your help.@... by mnj1809 Path Finder in Splunk Search 12-16-2022 0 2	0	2
How to create a timechart to show only when values change for a particular field? Hello Splunkers , I want to know if we can create a timechart that will show only values when they change ..If the... by vrmandadi Builder in Splunk Search 12-16-2022 0 2	0	2
How to align events returned by two separate searches in a table? Reference post https://community.splunk.com/t5/Splunk-Search/How-to-align-events-returned-by-two-separate-searches-i... by vinit_masaun Explorer in Splunk Search 12-16-2022 0 2	0	2
How to use lookup table to make a filter? hello, i would like to make a filter with an index field named "host", that means this field has to be different of a... by chuckfefer New Member in Splunk Search 12-16-2022 0 6	0	6
How to export events as JSON format? Hi All, I am trying to export events in JSON format, and I am able to do it, and getting events like the one below. ... by sutom Path Finder in Splunk Search 12-16-2022 0 3	0	3
How to perform chart command with two multifield columns in the table? I performing the chart command for the below kind of table. Command : [\|Chart values(course) as course over ID b... by Ashwini_5 Explorer in Splunk Search 12-16-2022 0 2	0	2
How to get eval command to display results with X days before current date? Hi All, i have a field "last_seen" which shows date in the below format . My requirement is to compare today's dat... by neerajs_81 Builder in Splunk Search 12-16-2022 0 4	0	4
How to pick the specific log time? Hi all, My lead give some task .To create a table, we have lot of source type ... source type have the different stat... by surens Explorer in Splunk Search 12-15-2022 0 3	0	3
How to create a regex for a log file which contains multiple values throughout the log which required same field name? Hello Team,This is the first time I am posting a question and hope that I have explained it thoroughly. I am trying t... by mssoni Loves-to-Learn in Splunk Search 12-15-2022 0 5	0	5
Is there a way to use rex to divide api name? I have an access logs which prints like thisserver - - [date& time] "GET /google/page1/page1a/633243463476/googlep1?s... by mikeyty07 Communicator in Splunk Search 12-15-2022 0 4	0	4
Is there a dedup command to remove events that have same timestamp? hello guys, Is there any way that I could remove duplicate events that have same timestamp using this below search st... by mlm Explorer in Splunk Search 12-15-2022 0 6	0	6
mvfind can't see spaces and parenthesis I'm trying to use where(isnotnull(mvfind(mvfield,field))) to search to see which records are part of a list. The fiel... by LHAYNES020 Explorer in Splunk Search 12-15-2022 0 3	0	3
Is there an existing grammar of the SPL language that can be used with ANTLR4? Hi Splunk Community,I am interested in parsing Splunk searches and I am hoping that somebody here can point me to an ... by inesani Engager in Splunk Search 12-15-2022 1 0	1	0
Why can't values of fields from field extractions be searched as expected? Hi there,I created multiple field extractions, extracting values from different sourcetypes into the same field:sourc... by bitnapper Path Finder in Splunk Search 12-15-2022 0 6	0	6
How to format when fields match between multiple sources and loop through items? Hi All, Below is the sample data looks like. sourcetype_1 s1_field1: 123 s1_field2: {<!-- --> {<!-- --> ID: 2 Name: ABC }, {<!-- --> ID: 1 Na... by M28 Explorer in Splunk Search 12-15-2022 0 15	0	15
How to get standard deviation of daily maximum over x days per event criteria? Gudde Muergen!I'm quite new to Splunk, so I'm having difficulties figuring out how to do this search properly. Here's... by duncan Observer in Splunk Search 12-15-2022 0 0	0	0
Help with below query 100 * sum([x]) / sum([y] - [z]) by chandankr Path Finder in Splunk Search 12-15-2022 0 2	0	2
Is there any advice or suggestions for a project that focuses on setting up a NOC for a network of operators? Salut vous allez bien j esper alors j'aimerai avoir des conseils ou des uggestion pour un projet qui porte sur la mis... by SENG10 New Member in Splunk Search 12-14-2022 0 1	0	1
How to get average value of fields? hi all,i have some events with a field called RUNTIME for each job.how can i get the average value of RUNTIME for eac... by sekhar463 Path Finder in Splunk Search 12-14-2022 0 3	0	3