Splunk Search

Community Activity

	How to find out unused indexes in DMC? Could anyone please help to find out unused indexes in Splunk DMC by AbilashSe Explorer in Splunk Search 12-07-2022 0 6	0	6
	Can someone please give me an explanation as to what the below rex command is doing? Can someone please give me an explanation as to what the below rex command is doing. I do not understand the w+ s+ d+... by auzark Communicator in Splunk Search 12-07-2022 0 2	0	2
	Found useful trick to have field values as new fields with {field} Hello, we found useful trick to have field values as new fields, for example : \| eval {status}=status \| timecha... by splunkreal Influencer in Splunk Search 12-07-2022 0 1	0	1
	How to show fields conditionally in search? Dear Splunk Community: I have the following search query: <Basic_Search> \| chart count by path_template, http_status_... by djoobbani Path Finder in Splunk Search 12-07-2022 0 3	0	3
	How to only display columns where the duration is > 1 second? Dear Splunk Community : I have the following search query: <Basic_search> duration \| stats count, avg(duration), pe... by djoobbani Path Finder in Splunk Search 12-07-2022 0 4	0	4
	How to get only latest try of a job? I need to show only the results of the job. Job try multiple times in case of failure. So if the job passed on 3rd at... by splunkuser320 Path Finder in Splunk Search 12-07-2022 0 3	0	3
	How to search spath field and value pairs? I have a log file that is coming into splunk in json format. There appear to be two fields of interest, "key" and "v... by bt149 Path Finder in Splunk Search 12-07-2022 0 8	0	8
	How to look for two values that occur at the same time per host? Hello all, I am trying to figure out the following: 1. If an alert for rule_id1 occurs at the same time on the same h... by AssureSec Loves-to-Learn in Splunk Search 12-07-2022 0 3	0	3
	How to use multiple join commands in single search? Hi Friends, My current query: index = pg_idx_whse_prod_events host="*" sourcetype= PG_ST_PROBE_DATA source="/opt/redp... by Jagadeesh2022 Path Finder in Splunk Search 12-07-2022 0 5	0	5
	Search Job Investigation after search with no results shows "None"? Hello, the following search index=index1 message_type=query NOT ([\|inputlookup lookup1 \| fields ip_address \|re... by avoelk Communicator in Splunk Search 12-07-2022 0 2	0	2
	How to join two savedsearches based on a column and do a time comparison? I have two savedsearches savedsearch1: \| basesearch \| stats count by _time, LocationId savedsearch2: \| basesearch \| c... by Splunk_321 Path Finder in Splunk Search 12-07-2022 0 6	0	6
	How can I convert it to splunk time format? Hi, I have a field in the logs like below 2022-12-07T08:40:14.253180536 How can I convert it to splunk ti... by ajayrathore Loves-to-Learn in Splunk Search 12-07-2022 0 1	0	1
	Why does ITSI Service Analyzer not show anything? I get troubleshoot following splunk.doc but it s not working. Anyone have any solutions. by jacknguyen Path Finder in Splunk Search 12-07-2022 0 0	0	0
	How to achieve a field extraction from json events? Hi, Could you help in extracting the fields from this json events. sample json event1 {"type":"akamai_siem","format":... by balu1211 Path Finder in Splunk Search 12-06-2022 0 1	0	1
	Help with SPL for report generation? Hello Splunkers!! I need the results as per the below format. I have tried some SPL but not achieved with the expecte... by uagraw01 Motivator in Splunk Search 12-06-2022 0 0	0	0
	How to extract this field? Hi extract the field sample data : "tag":AKAMAI/WAF/ Thanks.. by balu1211 Path Finder in Splunk Search 12-06-2022 0 18	0	18
	How to achieve stats count eval chart? Dear Splunk community: I have the following search query: <BASIC_SEARCH> \| chart count by path_template, http_statu... by djoobbani Path Finder in Splunk Search 12-06-2022 0 2	0	2
	How to find a alert/dashboard running from a query in the jobs page? Hi all. I have a running query I see on the jobs page on Splunk but I cannot find the related alert/dashboard it's co... by NizanCohen Explorer in Splunk Search 12-06-2022 0 2	0	2
	What is the different between line exist in file and events of Splunk? Hi I've index a 12MB file in splunk but have different between line of file and event of splunk file = 114,475 ... by indeed_2000 Motivator in Splunk Search 12-06-2022 0 8	0	8
	How to make a field extraction with field with and without ':'? Hi, I am struggeling with field extractions. I have two fields that I want to extract. But the problem is sometimes... by Mike6960 Path Finder in Splunk Search 12-06-2022 0 4	0	4
	How to calculate difference between multiple fields? Hi Splunk experts - I have an unusual math problem on my hands and I'm not sure how to deal with it. We are trying to... by mistydennis Communicator in Splunk Search 12-06-2022 0 6	0	6
	Alerts that go on waiting status causes next alerts to not trigger? Hello, We have several alerts which occasionally go in status waiting (correponding jobs) and stay like that. Then t... by damucka Builder in Splunk Search 12-06-2022 0 0	0	0
	How to use "original" search value if map has no result? Hi Splunkers, I use many alerts where the result contains the username. Then a map search looks for this user, in the... by norbertt911 Communicator in Splunk Search 12-06-2022 0 3	0	3
	How to calculate through bin command ? Hi all,I would like to use bin command to make the demo data sets into 10 bins according to Exe_time and list Substag... by Jouman Path Finder in Splunk Search 12-06-2022 0 5	0	5
	Can I use lookup for whitelisting based on 2 columns? I have to whitelist fields based on 2 columns in a lookup, but the second column has multiple values.So we have to wh... by izzie123 Path Finder in Splunk Search 12-06-2022 0 1	0	1