Splunk Search

Community Activity

Finding a match in lookup multivalue field? Hi Splunk community, I have a lookup containing a list of allowed departments as the following vendorallowed_departme... by boxmetal Path Finder in Splunk Search 12-27-2022 0 3	0	3
How to avoid duplicate values in search? Hi all, I am very new to Splunk and trying to learn it. Following is my JSON: {<!-- --> TrainID=AA11 TrainDat... by chetanN Loves-to-Learn Lots in Splunk Search 12-27-2022 0 2	0	2
Like function not working with where condition? Hi all, I am trying to run a basic search where I am trying to print table based on where and like() condition. But i... by chetanN Loves-to-Learn Lots in Splunk Search 12-27-2022 0 5	0	5
How to update a lookup file in Splunk from Phantom? How to update a lookup file in splunk from Phantom? by yadavameeth Engager in Splunk Search 12-27-2022 1 5	1	5
How to get only matching block values from nested json? Hi all, To give a problem background, I am trying to run a map command inside a search to get some values. THE JSON I... by chetanN Loves-to-Learn Lots in Splunk Search 12-27-2022 0 1	0	1
How to group same values into one value? Good day, how to group results of a same filed value into one fileld value from below table i have a field box-name... by sekhar463 Path Finder in Splunk Search 12-27-2022 0 4	0	4
How to remove null entries from search results? i have been using this query but couldn't be able to remove null rows, please help me index=Window_wash \| rex field=... by Aj01 Path Finder in Splunk Search 12-26-2022 0 4	0	4
Rendering of JSON data in Splunk Web Hi,I need the JSON array in Splunk `List` view to be expanded by default instead of showing the Plus icon.I have a Sp... by sasank Explorer in Splunk Search 12-25-2022 0 3	0	3
How to include no event as 0 in avg calculation? Hi,i'm struggling in calculating hourly or daily average and displaying the results if there's no events at all, whic... by Dantuzzo Loves-to-Learn Lots in Splunk Search 12-25-2022 0 2	0	2
Search for splunk event which has greater than symbol Hi,I have a Splunk event "Application -> start of the log".When I try to search for this log using the exact text the... by sasank Explorer in Splunk Search 12-25-2022 0 2	0	2
Search to get all domain user account modifications/additions/removals? Hello, new to using splunk across a domain and I am attempting to get a query that details any domain user account ch... by informatika Loves-to-Learn in Splunk Search 12-24-2022 0 3	0	3
how to get 90% of max execution time I have a requirement to pull 90% of max execution time. Ex: I have 10 requests for an hour and it's execution times a... by avadhutha Explorer in Splunk Search 12-24-2022 0 1	0	1
Ignoring alerts when user has been removed and added back into AD group within an hour? We currently have an report every morning that shows which users have been removed from a particular AD group from th... by st1 Path Finder in Splunk Search 12-24-2022 0 3	0	3
Can you have 3 fields within a chart Hi Splunk Community,I was wondering if it was possible to have a chart that was made up from 3 fields.... I have alre... by zoebanning Path Finder in Splunk Search 12-24-2022 0 2	0	2
multivalue field not ordered properly Hi,i'm trying to calculate the average events weekly by their severity and comparing the daily amount with the weekly... by Dantuzzo Loves-to-Learn Lots in Splunk Search 12-23-2022 0 1	0	1
How to achieve field extraction txt delimiting by space? Hello, I am trying to extract the below 201 text highlighted in red below as one separate field from two separate eve... by user33 Path Finder in Splunk Search 12-23-2022 0 4	0	4
Why doesn't "Wrap results" fit to the screen (or is there a way?) After I perform a search and click the "Format" Icon above the search results, there is an option for "Wrap Results".... by sasank Explorer in Splunk Search 12-23-2022 1 0	1	0
Search Search query for including non-business hours and weekends ie exclude Monday to Friday 9am to 5pm by Anu189 New Member in Splunk Search 12-23-2022 0 1	0	1
Set Scheduled Search I want to set a Schedule for my search to find the data sent by user in our system . This is my search to catch each ... by abazgwa21cz Explorer in Splunk Search 12-23-2022 0 3	0	3
Can we pass main search result value into subsearch as search command? mainsearch\| stats count(_raw) as Cou by hour\|join hour [ subsearch\| head -$Cou$ ] Above mentioned command is not w... by avadhutha Explorer in Splunk Search 12-23-2022 0 2	0	2
Field extraction regex issues Having some issue with extraction.source:SESSION: Session closedClient address: 123.CCCCCCCClient name: CC222C22[123.... by svarendorff Explorer in Splunk Search 12-22-2022 0 5	0	5
How to spath or rename commands not extracting field / values? I have a field called properties.requestbody. I would like to have this field broken out based on the field and valu... by bt149 Path Finder in Splunk Search 12-22-2022 0 9	0	9
Converting regular query to tstats? I want to convert this query to tstats for faster searching can you help me convert it index=win-security host=srv001... by leagawa New Member in Splunk Search 12-22-2022 0 1	0	1
How to find results present in index and not in lookup table? Hi All,I have enquired this problem earlier in older threads, however, could not get a working answer, thus, created ... by Taruchit Contributor in Splunk Search 12-22-2022 0 5	0	5
How can I format field with relative fieldname ? My task is format field "app" with relative fieldnameHow can I use format command to format as example: (app=app1 O... by Chaser Explorer in Splunk Search 12-22-2022 0 8	0	8