Splunk Search

Community Activity

	How to format when fields match between multiple sources and loop through items? Hi All, Below is the sample data looks like. sourcetype_1 s1_field1: 123 s1_field2: {<!-- --> {<!-- --> ID: 2 Name: ABC }, {<!-- --> ID: 1 Na... by M28 Explorer in Splunk Search 12-15-2022 0 15	0	15
	How to get standard deviation of daily maximum over x days per event criteria? Gudde Muergen!I'm quite new to Splunk, so I'm having difficulties figuring out how to do this search properly. Here's... by duncan Observer in Splunk Search 12-15-2022 0 0	0	0
	Help with below query 100 * sum([x]) / sum([y] - [z]) by chandankr Path Finder in Splunk Search 12-15-2022 0 2	0	2
	Is there any advice or suggestions for a project that focuses on setting up a NOC for a network of operators? Salut vous allez bien j esper alors j'aimerai avoir des conseils ou des uggestion pour un projet qui porte sur la mis... by SENG10 New Member in Splunk Search 12-14-2022 0 1	0	1
	How to get average value of fields? hi all,i have some events with a field called RUNTIME for each job.how can i get the average value of RUNTIME for eac... by sekhar463 Path Finder in Splunk Search 12-14-2022 0 3	0	3
	Events coming along with user when using top, rare? Hi When i'm searching the top users who logged into a host, I'm getting event data along with the user when i'm usin... by jahziah952 Engager in Splunk Search 12-14-2022 0 1	0	1
	How to implement whois lookup for ips hitting fw? Hi.. I have to find the ip address hitting fw for that i have to implement the whois lookup for the hitting ips but n... by balu1211 Path Finder in Splunk Search 12-14-2022 0 1	0	1
	Splunk search command time modifiers not working I want to strip certain results by time from my search. I eventually plen to place a dedup command between the first ... by matthewg Explorer in Splunk Search 12-14-2022 0 3	0	3
	What is the issue with my SPL? Hi, I am a new Splunk user and this is my first post on the community forum. If I am not following guidelines please... by ACyber Engager in Splunk Search 12-14-2022 0 1	0	1
	How can I make interpolation between given two points in Splunk, where time variable is not involved? Hi Team, Considering the image shared below:- x1 is my x-axis and y1 is my y-axis. I would like to interpolate va... by SSwaminathan90 Explorer in Splunk Search 12-14-2022 0 6	0	6
	How to search multiple lines and create an alert when certain values match? Hi, I am a beginner here in Splunk. I am trying to search multiple lines in the log and generate an alert if certain... by junster Explorer in Splunk Search 12-14-2022 0 2	0	2
	Splunk oneshot returns empty results sometimes I am using Python SDK to run Splunk queries at 10 minute interval to collect data for my application. I have nearly 3... by ShaneReddy New Member in Splunk Search 12-14-2022 0 0	0	0
	Help with deduping similar values Hi Everyone,I have a field called "User" that contains similar values and I was wondering how to remove or merge simi... by tomapatan Contributor in Splunk Search 12-14-2022 0 2	0	2
	How to extract same set of values from different log format? EventAgentLogin ================== 2022-12-14 06:39:03.875 TRACE 12632 --- [New I/O client worker #1-6] c.i.e.g.wor... by ravir_jbp Explorer in Splunk Search 12-14-2022 0 1	0	1
	How can I write the rex for the following regex? I want to write the rex command for the following regex and give it a new field where the findings will be dumped int... by leagawa New Member in Splunk Search 12-14-2022 0 1	0	1
	How to trace and span in Splunk Enterprise? Hi Is it possible to feed opentelemetry log to "splunk enterprise" and draw trace and span without use Splunk APM? ... by indeed_2000 Motivator in Splunk Search 12-14-2022 0 4	0	4
	How to get first logout after login? I have daily user login/logout data like this: date,user,action2020-04-14 01:00:00,user1,login2020-04-14 01:05:00,use... by alissan Explorer in Splunk Search 12-14-2022 0 4	0	4
	Splunk custom script with python and pip library \| Integrity check of installed files failed Hello Splunkers,I recently created a custom alerts on my Search Head, and for this alert to run I needed to install a... by GaetanVP Contributor in Splunk Search 12-14-2022 0 3	0	3
	How to change chart marker size for each fields in splunk? Hi Team, Current i have fields and with this query below, was able to get all fields are in same size.<option name="c... by SSwaminathan90 Explorer in Splunk Search 12-14-2022 0 0	0	0
	Why are my correlation search fields missing from the notable events? I have a correlation search in Splunk ES that does some statistics, and return a table with the events; "src_ip", "de... by hettervik_new Explorer in Splunk Search 12-14-2022 0 0	0	0
	Notable Event Custom Fields I'm working on creating multiple custom correlation rules such as failed logins from one IP, failed logins from multi... by ericl42 Path Finder in Splunk Search 12-14-2022 0 1	0	1
	How to extract 3 characters after a given string in Splunk? I want to extract the two characters 78 from the barvalue and have it in a separate column in my table:- deltavalue... by avneet26 Engager in Splunk Search 12-14-2022 0 5	0	5
	How to filter by if a field exist? My sample events look like this , API logs { location: Southeast Asia, properties: { backendMethod: G... by YatMan Explorer in Splunk Search 12-13-2022 0 2	0	2
	How to fix Error when adding trusted domain lists to Splunk? Hi all, I have created a dashboard incorporating few external domains I am receiving the error message like the dash... by balu1211 Path Finder in Splunk Search 12-13-2022 0 2	0	2
	How to create alternative for subsearch? I have a search with a subsearch. I run into the limitations of the maximum results (50.000) Now Ia m trying to figur... by Mike6960 Path Finder in Splunk Search 12-13-2022 0 6	0	6