Splunk Search

Community Activity

	How to join two consecutive events and their _time fields? I have a log file with events that indicate activities in a server. I am interested in the Login and Logout activiti... by PrisonMike Explorer in Splunk Search 11-21-2022 0 7	0	7
	How to see a difference between previous month to this month? I have a simple search which is satisfaction_date=0 OR close_date=0 AND status=8 in the previous month. I now have a ... by vishalduttauk Communicator in Splunk Search 11-21-2022 0 2	0	2
	Set attribute for all elements having a certain ID when 2 values are availabe witin the elements having this id Hi everyone,I try to set an attribute to true for all elements having a certain ID, when 2 defined activities are ava... by lukas1 Explorer in Splunk Search 11-21-2022 0 2	0	2
	How to extract specific field based on another field in a nested json array? I have below json data: {<!-- -->"source": "Mule","sourcetype": "_json","index": "metrics","event": [{<!-- -->"date": "2022-11-19T13... by ashish_boss Explorer in Splunk Search 11-21-2022 0 10	0	10
	How to extract specific data from a value? Hello, I would like to extract specific values from a log and display it in my Dashboard. For example, the value is: ... by msarkaus Path Finder in Splunk Search 11-21-2022 0 3	0	3
	Rex removing a sub string is not working? Hi, Been banging my head on this brick wall for a while so reaching out for some of expertise. Seems pretty straightf... by johnnybillyd Explorer in Splunk Search 11-21-2022 0 4	0	4
	How to convert SHA1 value to integer with base 16? Hi ,, i am looking for the way if i could convert sha1 value to integer with base 16 to do the further arithmetic ope... by aps New Member in Splunk Search 11-21-2022 0 3	0	3
	How to perform mathematical operations on two saved search results I have two saved search reports with below outputs.saved search 1 (totalCountByClient) giving client_name, totalCount... by Splunk_321 Path Finder in Splunk Search 11-21-2022 0 1	0	1
	Why is collect command not writing correct results to summary index? Hi Everyone, I am using the collect command to write data in summary index and it is giving the values properly when ... by Splunk4 Explorer in Splunk Search 11-20-2022 0 4	0	4
	How to split a time period into hourly intervals? index="dummy" url="https://www.dummy.com" status="200 OK" \| stats count by id \| where count > 10 If I apply... by jtest372 Explorer in Splunk Search 11-20-2022 0 8	0	8
	How to separate string with regex? Hi! I would like to separate the field Privilegio \|---------------------------\|------------------------------------... by m0rt1f4g0 Explorer in Splunk Search 11-19-2022 0 3	0	3
	How can I remove duplicate from multiple columns at once? Paranumber Name 95929 Magnolia Jones Sr. 35716 Leslie Streich 99265 Magnoli... by marceldera Explorer in Splunk Search 11-19-2022 0 3	0	3
	How to combine or merge two or more fields? Hi. How do I combine these two fields, since the username is similar?The result of my query is the following: user ... by m0rt1f4g0 Explorer in Splunk Search 11-18-2022 0 2	0	2
	How to search weekly trending for the past 30 days? I have this query index = tenable sourcetype="tenable:io:vuln" state!=fixed eventtype="*" \| dedup dns_name plugin.id ... by marceldera Explorer in Splunk Search 11-18-2022 0 2	0	2
	How to Group and count values by group? I have a table like below: Servername Category Status Server_1 C_1 Completed Ser... by rpradeep Path Finder in Splunk Search 11-18-2022 0 4	0	4
	Timechart RAM or CPU usage by Linux process 1. There will be 2 separate charts: CPU usage by process, and RAM usage by process.2. Sometimes more than one instanc... by mxanareckless Path Finder in Splunk Search 11-18-2022 0 1	0	1
	How to search field output? I am VERY new to splunk so please bear with me. I have a search, index=vulnerability "list of packages installed on ... by David_M Explorer in Splunk Search 11-18-2022 0 2	0	2
	How do you combine a pair of 2 fields into a column? I need to create a Dashboard with below columns from below event data. I couldn't able to get "Status" column valu... by anu41 Explorer in Splunk Search 11-18-2022 0 6	0	6
	Can someone help me with stats dc with subsearch? Let's say we have couple of fields in our dataset (called my_dataset) : event_time, event_type, user, field1 and fiel... by cbrbkrm Loves-to-Learn in Splunk Search 11-18-2022 0 1	0	1
	Why doesn't my post process search work when using timechart command? hello Why doesn't my post process search work when using timechart command? <search id="cap"> <query> `... by jip31 Motivator in Splunk Search 11-17-2022 0 17	0	17
	How to search string abc/efg in log using multiselect field? Hi, Splunkers, I want to search string like abc/efg in my log using multiselect field. I directly defined this ... by wangkevin1029 Communicator in Splunk Search 11-17-2022 0 2	0	2
	How to test if a lookup does exist? Hi Splunkers, I want to create a macro that will be looking inside a lookup file, but in a way that will not break th... by vagnet Explorer in Splunk Search 11-17-2022 0 4	0	4
	How to to add a field to a search using a lookup table? I am trying to add a field to a search using a lookup table. However, my key field is sometimes blank and I get an e... by adent Explorer in Splunk Search 11-17-2022 0 1	0	1
	Is there any way to set the semi-permanent variables exists to 0 until a specific event comes up? Hello!I currently have this eval in a search of mine: \| eval exists=if(like(_raw, "%xa recovery%"), 0, 1) Is ther... by hermitfeather Loves-to-Learn in Splunk Search 11-17-2022 0 2	0	2
	How do I list value in the table as I want order to be? I want to be the order I list below?Very High High MediumLowVery Low Info by karu0711 Communicator in Splunk Search 11-17-2022 0 2	0	2