Splunk Search

Community Activity

	Is it possible to get data in via python script or read file? Hello Splunk Community I have a python script that checks a certain family of cisco devices that tells me if the ... by eholz1 Builder in Splunk Search 11-28-2022 0 8	0	8
	Timechart, how to display value of field without function? index="redis" sourcetype="csv" total_commands_processed="*" \| timechart span=5m total_commands_processed In the searc... by Chaser Explorer in Splunk Search 11-28-2022 0 2	0	2
	Dynamically sort field by specific order? Hi Splunk community,I have an excel file that sorts a field at certain order and possibly changes over timeThe excel ... by boxmetal Path Finder in Splunk Search 11-28-2022 0 1	0	1
	How to find differences between two saved searches based on a common field? I have two saved searches 1) Metrics-Location-Client -- Gives LocationId, Client_Name as output 2) Matched-Locations... by Splunk_321 Path Finder in Splunk Search 11-27-2022 0 1	0	1
	How to achieve sum of two fields excluding null fields? Hi, can any one help me how to get splunk query for below requirement. index="abc"\| search "message"="Exit" \| search ... by monicateja Explorer in Splunk Search 11-27-2022 0 3	0	3
	How to parse and extract field from my raw data? I Have a log like this, how do I Parse it into fields?? Is there a way to use Splunk to parse this and extract one ... by imam28 Engager in Splunk Search 11-27-2022 0 10	0	10
	How to convert msDS-UserPasswordExpiryTimeComputed in date? Hi, From splunk search how to convert "msDS-UserPasswordExpiryTimeComputed" value recover from AD in date ? I wish to... by Stitif Observer in Splunk Search 11-27-2022 0 5	0	5
	What is the quickest way to find 100 max values of "Q" on huge log file? Hi What is the quickest way to find 100 max values of "Q" on huge log file? here is my query: index="myindex" \| re... by indeed_2000 Motivator in Splunk Search 11-27-2022 0 8	0	8
	Does rex have an impact on my search performance? Hi I have couple of rex on my search query that not use anywhere. now question is does it have negative impact on my ... by indeed_2000 Motivator in Splunk Search 11-27-2022 0 1	0	1
	Increasing UI timeout in LDAP Group configuration I am trying to increase the "Network Socket timeout" in the LDAP group configuration. I tried modifying parameters as... by sdkp03 Communicator in Splunk Search 11-26-2022 0 0	0	0
	Rest API - Returning 401 Unauthorized I'm getting a 401 Unauthorized error no matter what I try, when trying to access the REST API. I've tried with curl a... by scriv Explorer in Splunk Search 11-26-2022 0 17	0	17
	Is it possible to make the data source used by the dashboard conditional on the dropdown choice? I know with Splunk Dashboard Studio, conditional dashboard on dropdown choice aren't a possibility anymore, but is it... by MPJ44 Loves-to-Learn Everything in Splunk Search 11-26-2022 0 2	0	2
	How to efficiently expand json array entries? I have a scenario where i want to expand the field and show as individual events. Below is my query, which works fine... by Splunk_321 Path Finder in Splunk Search 11-25-2022 0 1	0	1
	How to create new columns from results? I'm trying to create table with the top 5 results split into columns, so that I can have multiple results per line, g... by CyberMage Engager in Splunk Search 11-25-2022 0 1	0	1
	Help with Search != litsearch --- In 'litsearch' there are extra unwanted key=value statements We are spending a tremendous amount of time tuning our search structures lately. One thing we have run across in our ... by dural_yyz Motivator in Splunk Search 11-25-2022 0 2	0	2
	Splunk DS deletes props.conf on universal forwarder Hello,I use Splunk as Indexer and deployment server und I have one universal forwarder installed. I'm getting an erro... by alpeen_splunk Explorer in Splunk Search 11-25-2022 0 3	0	3
	How to create search for date field? Hello splunk lovers!i want help with date field and i want fast. i have field, format example: data_started 01.01.20... by splunk_enjoyer Explorer in Splunk Search 11-25-2022 0 1	0	1
	What regex to use to remove \\ form the hostname fields? Hi All, I have a hostname stating \\sent134 I need to remove this \\ using regex and it should be like this: sent134... by SabariRajanT Path Finder in Splunk Search 11-25-2022 0 2	0	2
	How to group results and list common occurrences by time? I have the following data: { "remote_addr": "1.2.3.4", "remote_user": "-", "time_local": "24/Nov/2022:09:55... by guywood13 Path Finder in Splunk Search 11-25-2022 0 3	0	3
	How to replace join by stats to merge SPL based on common field? Hi,My datasets are much larger but these represent the crux of my hurdle... Sourcetype= transaction fields= trans... by innoce Path Finder in Splunk Search 11-24-2022 0 1	0	1
	How to visualize all the search I put using the search command? HI All, I would like to visualize all the search fields/content I mentioned using the command search: index=* \| sear... by matcad81 New Member in Splunk Search 11-24-2022 0 2	0	2
	How do I build this Sysmon log search without having required fields? I want to implement this correlation search: `sysmon` EventCode=10 TargetImage=lsass.exe CallTrace=dbgcore.dll* O... by Ash Engager in Splunk Search 11-24-2022 0 1	0	1
	Nested SubQuery With NOT IN Clause Hello,I am looking for the equivalent of performing SQL like such:SELECT transaction_id, vendorFROM ordersWHERE trans... by ayu2375 Engager in Splunk Search 11-24-2022 0 2	0	2
	How to use SED to remove optional fields? We have api requests that I want to create statistics by the request but to do this I need to remove variable identif... by singlinet Engager in Splunk Search 11-24-2022 0 2	0	2
	How do I rename a nested field? I have an eval query. The details object returned looks like this: {<!-- --> status: 404, code: ERROR } "details... by stong2351 New Member in Splunk Search 11-24-2022 0 2	0	2