Splunk Search

Community Activity

	Merge all values in two fields in a new one? I have read all the posts about "merging fields" and none of the options work for me. I have events where the same va... by JohnnyMnemonic Explorer in Splunk Search 11-16-2022 0 3	0	3
	How to apply alert based on search in Splunk? Hi All, these are the logger info counts which are generated in splunk Total numner where inds-a 20Total numner wher... by Splunkstart Explorer in Splunk Search 11-16-2022 0 4	0	4
	How to not display the weekend in a chart? hi I want to not display the week end in my chart for example, if i use a time picler range of 7 days, I just want to... by jip31 Motivator in Splunk Search 11-16-2022 0 11	0	11
	Issue in combined field values? I am having issue with "Status" values as below and screenshot, please find below json and search query. Please advis... by anu41 Explorer in Splunk Search 11-16-2022 0 2	0	2
	Sometimes if we are doing base search, if not handled properly, you will see page loading, how do you handle it? Hi,Sometimes if we are doing base search, if not handled properly, you will see page loading, how do you handle it?Re... by SumanPalisetty Path Finder in Splunk Search 11-16-2022 0 1	0	1
	Convert normal search to tstats? Dears, We need your support to convert below search to tstats search. (index=os_windows OR index=workstation*) tag=... by Abdullah Explorer in Splunk Search 11-16-2022 0 3	0	3
	Why is search for hosts not sending logs and no longer showing results? Hello, We have been using this query to list out hosts that are not sending logs since past 24h. It has been workin... by neerajs_81 Builder in Splunk Search 11-16-2022 0 8	0	8
	Group events based on content of field? I have the following table of activities: InternalExternalDirection1.1.1.12.2.2.2Outbound3.3.3.34.4.4.4Inbound5.5.5.5... by KMoryson Explorer in Splunk Search 11-16-2022 0 2	0	2
	How to remove double quotes from events ? sample event "USR_LOGIN","USR_EMP_NO","USR_LAST_NAME","USR_FIRST_NAME","USR_DISPLAY_NAME","USR_STATUS","USR_EMAIL","... by sivakumargik New Member in Splunk Search 11-16-2022 0 6	0	6
	How to annotate when a transition happens? I want to add an annotation to a dashboard every time we switch from blue servers to green servers or green to blue. ... by MScottFoley Path Finder in Splunk Search 11-15-2022 0 1	0	1
	What are the limitations on subsearch? Hi, What are the limitations on subsearch? Please give one or two, please? This is an interview question. Regards Sum... by SumanPalisetty Path Finder in Splunk Search 11-15-2022 0 3	0	3
	ISO 8601 TimeStamp Extraction / Formatting and Source Type Config Hi all,I have a timestamp in a format I havn't dealt with before and I am struggling to get it converted to my timezo... by DGilbert91 Explorer in Splunk Search 11-15-2022 0 4	0	4
	How will search head know which index has data? Hi,How will search head know which index has data? It's an interview question. Kindly help me.RegardsSuman P. by SumanPalisetty Path Finder in Splunk Search 11-15-2022 0 2	0	2
	How to search for Phantom (SOAR) playbook runs and results? I have some Phantom playbooks performing tasks that I want to monitor on a Splunk dashboard - runs/day, distinct task... by ben_r Engager in Splunk Search 11-15-2022 0 0	0	0
	How to return events with or without a value in a specific field? Hi all!I'm trying to create a table with case_number and session as the two columns. Any event without a case_number ... by KyleMcDougall Path Finder in Splunk Search 11-15-2022 0 5	0	5
	Help with regex search? Hi Team, Thanks in advance, Need a quick help in Regex query, Input values: KUL6LJBJ62YDBLR6LC7BLNJRHRI6M5G6KKPHKUL6... by jerinvarghese Communicator in Splunk Search 11-15-2022 0 5	0	5
	How to get only latest record for each specific column? sample data _timesourcenameappIdstate10/8/207:53:27.090 AMxyzTransform-x-2020-10-081001success10/8/207:53:16.890 AMxy... by shivaguthi Explorer in Splunk Search 11-15-2022 0 10	0	10
	What is the splunk search query to find oldest (first) event generated on an index? what is splunk search query to find the oldest ( first ) event generated on a index ? by Mayurmpatil Path Finder in Splunk Search 11-15-2022 0 6	0	6
	How do you find the earliest event in an index by sourcetype and source? Hi I have index = A sourcetype = A and source = /tmp/A.app.log I want to find the earliest event (date and time... by Log_wrangler Builder in Splunk Search 11-15-2022 0 6	0	6
	Help to pass time to subsearch? Hi, I have SPL which includes just using bunch of lookups and producting following data: _timeturnaround_timediff_tim... by k31453 Explorer in Splunk Search 11-15-2022 0 2	0	2
	How to group some of field value into new fields value? Hi peeps, Need help to do some query. Basically I'm trying to group some of field value in the 'Category' field into ... by syazwani Path Finder in Splunk Search 11-14-2022 0 2	0	2
	A field is lost in a message sent in raw? Good afternoon!I send a message like this: curl --location --request POST 'http://test.test.org:8088/services/collect... by metylkinandrey Communicator in Splunk Search 11-14-2022 0 20	0	20
	How to create a query to identify blocked IP's by firewall and the reason? Hi, I am working with firewall logs in external IP's , I want to collect blocked IP's from the firewall, and blocked... by k115 Engager in Splunk Search 11-14-2022 0 3	0	3
	How can I compare two values obtained from a search and a lookup table? Hello,For the past week I've been working in a way to run some queries for a report about vulnerability findings.I ha... by Berfomet96 Explorer in Splunk Search 11-14-2022 0 3	0	3
	Listing the common fields from 2 Indexes that that dont exist during a specified time I am trying to correlate authentication attempts [ index_A (username, role) vs index_B (username, authentication_time... by Ansab Engager in Splunk Search 11-14-2022 0 1	0	1