Splunk Search

Community Activity

How can I remove duplicate from multiple columns at once? Paranumber Name 95929 Magnolia Jones Sr. 35716 Leslie Streich 99265 Magnoli... by marceldera Explorer in Splunk Search 11-19-2022 0 3	0	3
How to combine or merge two or more fields? Hi. How do I combine these two fields, since the username is similar?The result of my query is the following: user ... by m0rt1f4g0 Explorer in Splunk Search 11-18-2022 0 2	0	2
How to search weekly trending for the past 30 days? I have this query index = tenable sourcetype="tenable:io:vuln" state!=fixed eventtype="*" \| dedup dns_name plugin.id ... by marceldera Explorer in Splunk Search 11-18-2022 0 2	0	2
How to Group and count values by group? I have a table like below: Servername Category Status Server_1 C_1 Completed Ser... by rpradeep Path Finder in Splunk Search 11-18-2022 0 4	0	4
Timechart RAM or CPU usage by Linux process 1. There will be 2 separate charts: CPU usage by process, and RAM usage by process.2. Sometimes more than one instanc... by mxanareckless Path Finder in Splunk Search 11-18-2022 0 1	0	1
How to search field output? I am VERY new to splunk so please bear with me. I have a search, index=vulnerability "list of packages installed on ... by David_M Explorer in Splunk Search 11-18-2022 0 2	0	2
How do you combine a pair of 2 fields into a column? I need to create a Dashboard with below columns from below event data. I couldn't able to get "Status" column valu... by anu41 Explorer in Splunk Search 11-18-2022 0 6	0	6
Can someone help me with stats dc with subsearch? Let's say we have couple of fields in our dataset (called my_dataset) : event_time, event_type, user, field1 and fiel... by cbrbkrm Loves-to-Learn in Splunk Search 11-18-2022 0 1	0	1
Why doesn't my post process search work when using timechart command? hello Why doesn't my post process search work when using timechart command? <search id="cap"> <query> `... by jip31 Motivator in Splunk Search 11-17-2022 0 17	0	17
How to search string abc/efg in log using multiselect field? Hi, Splunkers, I want to search string like abc/efg in my log using multiselect field. I directly defined this ... by wangkevin1029 Communicator in Splunk Search 11-17-2022 0 2	0	2
How to test if a lookup does exist? Hi Splunkers, I want to create a macro that will be looking inside a lookup file, but in a way that will not break th... by vagnet Explorer in Splunk Search 11-17-2022 0 4	0	4
How to to add a field to a search using a lookup table? I am trying to add a field to a search using a lookup table. However, my key field is sometimes blank and I get an e... by adent Explorer in Splunk Search 11-17-2022 0 1	0	1
Is there any way to set the semi-permanent variables exists to 0 until a specific event comes up? Hello!I currently have this eval in a search of mine: \| eval exists=if(like(_raw, "%xa recovery%"), 0, 1) Is ther... by hermitfeather Loves-to-Learn in Splunk Search 11-17-2022 0 2	0	2
How do I list value in the table as I want order to be? I want to be the order I list below?Very High High MediumLowVery Low Info by karu0711 Communicator in Splunk Search 11-17-2022 0 2	0	2
How to link dynamically the range time picker with a relative time? hi as you can see I use a relative time in my search in order to filter events on today between 7h and 19h earliest... by jip31 Motivator in Splunk Search 11-17-2022 0 3	0	3
Why is Splunk ignoring timestamp in message? Good afternoon, I have already raised a similar topic. The last time I was cleared up the situation, but the problem ... by metylkinandrey Communicator in Splunk Search 11-17-2022 0 9	0	9
How to consolidate two columns into a single column without losing data? We have a data source which contains two columns, both of which contain valuable information. In any event, either on... by msarro Builder in Splunk Search 11-17-2022 1 8	1	8
How to move all of the different searches to a single/couple of base searches and then post processing? hiI am trying to get my dashboard better and move all of the different searches to a single/couple of base searches a... by noammeir Explorer in Splunk Search 11-17-2022 0 3	0	3
How to extract dynamic key from nested json? sample json: Hosts: { [-] Nodepool1: { [-] Cluster: xyz1 Accountid: idxyz Nodepool3: { [-] Clust... by directtv999 Loves-to-Learn Lots in Splunk Search 11-17-2022 0 7	0	7
How to create custom field on Splunk cloud? i am trying to create a custom field like host and source by making changes in atteched photos of entrypoint.sh and ... by sc_admin11 Explorer in Splunk Search 11-16-2022 0 0	0	0
How to use "where" and "not in" and "like" in one query? I have the following query :sourcetype="docker" AppDomain=Eos Level=INFO Message="Eos request calculated" \| eval Val_... by JyotiP Path Finder in Splunk Search 11-16-2022 0 3	0	3
Why doesn't replace work on a nested field? Sample event { durationMs: 83 properties: { url: https://mywebsite/v1/organization/41547/bui... by YatMan Explorer in Splunk Search 11-16-2022 0 3	0	3
How to create regex that will pick up on a value contained in [ ] brackets? Hi all, I'm attempting to develop a regex that will pick up on a value contained in [ ] brackets (see below): Log val... by Splunky21 Explorer in Splunk Search 11-16-2022 0 2	0	2
Trouble extracting GUIDS and how to make a new field with rex? Trying to get these UUID/GUIDs to extract from the message field. Hoping to create a rex to extract everything after ... by judges88 Explorer in Splunk Search 11-16-2022 0 5	0	5
Merge all values in two fields in a new one? I have read all the posts about "merging fields" and none of the options work for me. I have events where the same va... by JohnnyMnemonic Explorer in Splunk Search 11-16-2022 0 3	0	3