Splunk Search

Community Activity

How to search field output? I am VERY new to splunk so please bear with me. I have a search, index=vulnerability "list of packages installed on ... by David_M Explorer in Splunk Search 11-18-2022 0 2	0	2
How do you combine a pair of 2 fields into a column? I need to create a Dashboard with below columns from below event data. I couldn't able to get "Status" column valu... by anu41 Explorer in Splunk Search 11-18-2022 0 6	0	6
Can someone help me with stats dc with subsearch? Let's say we have couple of fields in our dataset (called my_dataset) : event_time, event_type, user, field1 and fiel... by cbrbkrm Loves-to-Learn in Splunk Search 11-18-2022 0 1	0	1
Why doesn't my post process search work when using timechart command? hello Why doesn't my post process search work when using timechart command? <search id="cap"> <query> `... by jip31 Motivator in Splunk Search 11-17-2022 0 17	0	17
How to search string abc/efg in log using multiselect field? Hi, Splunkers, I want to search string like abc/efg in my log using multiselect field. I directly defined this ... by wangkevin1029 Communicator in Splunk Search 11-17-2022 0 2	0	2
How to test if a lookup does exist? Hi Splunkers, I want to create a macro that will be looking inside a lookup file, but in a way that will not break th... by vagnet Explorer in Splunk Search 11-17-2022 0 4	0	4
How to to add a field to a search using a lookup table? I am trying to add a field to a search using a lookup table. However, my key field is sometimes blank and I get an e... by adent Explorer in Splunk Search 11-17-2022 0 1	0	1
Is there any way to set the semi-permanent variables exists to 0 until a specific event comes up? Hello!I currently have this eval in a search of mine: \| eval exists=if(like(_raw, "%xa recovery%"), 0, 1) Is ther... by hermitfeather Loves-to-Learn in Splunk Search 11-17-2022 0 2	0	2
How do I list value in the table as I want order to be? I want to be the order I list below?Very High High MediumLowVery Low Info by karu0711 Communicator in Splunk Search 11-17-2022 0 2	0	2
How to link dynamically the range time picker with a relative time? hi as you can see I use a relative time in my search in order to filter events on today between 7h and 19h earliest... by jip31 Motivator in Splunk Search 11-17-2022 0 3	0	3
Why is Splunk ignoring timestamp in message? Good afternoon, I have already raised a similar topic. The last time I was cleared up the situation, but the problem ... by metylkinandrey Communicator in Splunk Search 11-17-2022 0 9	0	9
How to consolidate two columns into a single column without losing data? We have a data source which contains two columns, both of which contain valuable information. In any event, either on... by msarro Builder in Splunk Search 11-17-2022 1 8	1	8
How to move all of the different searches to a single/couple of base searches and then post processing? hiI am trying to get my dashboard better and move all of the different searches to a single/couple of base searches a... by noammeir Explorer in Splunk Search 11-17-2022 0 3	0	3
How to extract dynamic key from nested json? sample json: Hosts: { [-] Nodepool1: { [-] Cluster: xyz1 Accountid: idxyz Nodepool3: { [-] Clust... by directtv999 Loves-to-Learn Lots in Splunk Search 11-17-2022 0 7	0	7
How to create custom field on Splunk cloud? i am trying to create a custom field like host and source by making changes in atteched photos of entrypoint.sh and ... by sc_admin11 Explorer in Splunk Search 11-16-2022 0 0	0	0
How to use "where" and "not in" and "like" in one query? I have the following query :sourcetype="docker" AppDomain=Eos Level=INFO Message="Eos request calculated" \| eval Val_... by JyotiP Path Finder in Splunk Search 11-16-2022 0 3	0	3
Why doesn't replace work on a nested field? Sample event { durationMs: 83 properties: { url: https://mywebsite/v1/organization/41547/bui... by YatMan Explorer in Splunk Search 11-16-2022 0 3	0	3
How to create regex that will pick up on a value contained in [ ] brackets? Hi all, I'm attempting to develop a regex that will pick up on a value contained in [ ] brackets (see below): Log val... by Splunky21 Explorer in Splunk Search 11-16-2022 0 2	0	2
Trouble extracting GUIDS and how to make a new field with rex? Trying to get these UUID/GUIDs to extract from the message field. Hoping to create a rex to extract everything after ... by judges88 Explorer in Splunk Search 11-16-2022 0 5	0	5
Merge all values in two fields in a new one? I have read all the posts about "merging fields" and none of the options work for me. I have events where the same va... by JohnnyMnemonic Explorer in Splunk Search 11-16-2022 0 3	0	3
How to apply alert based on search in Splunk? Hi All, these are the logger info counts which are generated in splunk Total numner where inds-a 20Total numner wher... by Splunkstart Explorer in Splunk Search 11-16-2022 0 4	0	4
How to not display the weekend in a chart? hi I want to not display the week end in my chart for example, if i use a time picler range of 7 days, I just want to... by jip31 Motivator in Splunk Search 11-16-2022 0 11	0	11
Issue in combined field values? I am having issue with "Status" values as below and screenshot, please find below json and search query. Please advis... by anu41 Explorer in Splunk Search 11-16-2022 0 2	0	2
Sometimes if we are doing base search, if not handled properly, you will see page loading, how do you handle it? Hi,Sometimes if we are doing base search, if not handled properly, you will see page loading, how do you handle it?Re... by SumanPalisetty Path Finder in Splunk Search 11-16-2022 0 1	0	1
Convert normal search to tstats? Dears, We need your support to convert below search to tstats search. (index=os_windows OR index=workstation*) tag=... by Abdullah Explorer in Splunk Search 11-16-2022 0 3	0	3