Splunk Search

Community Activity

	How to use "original" search value if map has no result? Hi Splunkers, I use many alerts where the result contains the username. Then a map search looks for this user, in the... by norbertt911 Communicator in Splunk Search 12-06-2022 0 3	0	3
	How to calculate through bin command ? Hi all,I would like to use bin command to make the demo data sets into 10 bins according to Exe_time and list Substag... by Jouman Path Finder in Splunk Search 12-06-2022 0 5	0	5
	Can I use lookup for whitelisting based on 2 columns? I have to whitelist fields based on 2 columns in a lookup, but the second column has multiple values.So we have to wh... by izzie123 Path Finder in Splunk Search 12-06-2022 0 1	0	1
	Compatible issue with the app Whois- are there any alternatives? Hi, I am looking for alternative app like WHOIS app(excute a whois lookup on the given domain/given ip) from splunkba... by balu1211 Path Finder in Splunk Search 12-05-2022 0 0	0	0
	How to count hits per minutes? My search is not working. I want to get Hit per minutes like this But my search dont have any about that: by jacknguyen Path Finder in Splunk Search 12-05-2022 0 2	0	2
	Using wild card in table column formating I want to change the column cell background based on the value, but I also want to use a wild card.Example Field valu... by splunkuser320 Path Finder in Splunk Search 12-05-2022 0 3	0	3
	How to combine index queries from different field names? I have two indexes: IndexA has a `thisId` field. IndexB has fields `otherId` and `name`. I want to write a query whic... by cclva Explorer in Splunk Search 12-05-2022 0 3	0	3
	Why do match and like not working for some users? Hello Splunkers!!We have a dashboard which works on the loadjob. When users try accessing the dashboard, they are get... by Manasa_401 Communicator in Splunk Search 12-05-2022 0 4	0	4
	How to extract, kv pair from jvm_cmd value & print those in Splunk search? raw event {... "jvm_cmd":"bin/java -Dp -Dp1=v1-Dp2=v2 -Dq -Dp3=v3 ..."} How to extract, kv pair from jvm_cmd value & ... by pmittal Engager in Splunk Search 12-05-2022 0 13	0	13
	How to marry lookup table and index data? Hello Champs I've index data table change records errors B221205A1090B221205B14800B221205C33360B221205D25818 I also h... by splunklearner99 Engager in Splunk Search 12-05-2022 0 1	0	1
	How to send alert via nlp and bot? Hi Need to send alert like machine investigate something and after that send alert. I mean something like gptchat tal... by indeed_2000 Motivator in Splunk Search 12-05-2022 0 0	0	0
	How to fetch the list of errors and their details while running SPL which does not allow users to fetch data? Hi All,I need your help to determine the details of issues which affect users while running SPL.The details may inclu... by Taruchit Contributor in Splunk Search 12-05-2022 0 1	0	1
	How to extract same fields from different logs? Hi all, I need to extract some fields for authentication events from different log types, here below some example: LO... by marco_massari11 Communicator in Splunk Search 12-05-2022 0 3	0	3
	Why is search history retention inconsistent between search heads? I have two Splunk Enterprise environments, both at 9.0.2. For users in one environment, search history goes back only... by gregbo Communicator in Splunk Search 12-05-2022 0 2	0	2
	How to get max and average response time and their related fields in the same table? Hi all,I am working on calculating the response time (for max, PR99, and avg value) from Table 1.I would like to list... by Jouman Path Finder in Splunk Search 12-05-2022 0 5	0	5
	Can I assign a color to a column but not related to its value? Hi all,I would like to highlight each fields in the same column in blue.But I don't know how to configure it.Do any o... by Jouman Path Finder in Splunk Search 12-05-2022 0 0	0	0
	Need help writting a rex query Hello,For starter, I'm an amateur in regex query, so I use Field Extraction, but it's very clunky and cannot extract ... by phamxuantung Communicator in Splunk Search 12-05-2022 0 5	0	5
	Date getting null values on StrpTime? I've field name opened_at with the date value shown in the image. But, while taking value from it, it returns a null ... by iupreti Explorer in Splunk Search 12-04-2022 0 4	0	4
	How to extract bunch of UUIDs from a string using regex? Hi, I have a string in splunk logs something like below. msg.message="Matches Logs :: Logger{clientId='hFKfFkF-K7jlp5... by Splunk_321 Path Finder in Splunk Search 12-04-2022 0 4	0	4
	How to create a search where if results under "query" field matches anything under hostname, then alert or show results? Currently using splunkes' managed lookup table called hosts. There's a field too called hostname within the file.I'm ... by YangThomas New Member in Splunk Search 12-04-2022 0 1	0	1
	How to extract the field "alert" with the field name action? Hi, how to extract the field "alert" with the field name action. help with the regex.. Thanks. by balu1211 Path Finder in Splunk Search 12-03-2022 0 24	0	24
	Why does stats count(eval always returns zero when partial non-existant values exist? My query: index=primary eventType=ConnectionTest msg="network check results" \| spath output=connectError details.erro... by ChadW Explorer in Splunk Search 12-02-2022 0 3	0	3
	How do I fix DMC KVstore "Collection Metrics" error I recently added a new SH to our SHC. Show shcluster-status is good, show kvstore-status is good. I created some kv... by coreyCLI Communicator in Splunk Search 12-02-2022 0 1	0	1
	How can I break out streamstats into multiple groups? I'm wanting to group streamstats results by either one or two fields. Grouping by sourcetype would be sufficient. Gro... by bandit Motivator in Splunk Search 12-02-2022 0 2	0	2
	How to import event logs from another system to scan on my local instance of Splunk? Hello all! I am brand new to Splunk and have learned quite a bit so far from this forum, so thank you! With that bein... by BabySplunk Explorer in Splunk Search 12-02-2022 0 15	0	15