Splunk Search

Community Activity

How can I overlay the 7 day, 30 day or 90 day average line over the timechart? Dumb question I cannot find a simple answer to. 藍 If I run a simple timechart search for 7 days, 30 days or 90 days -... by dmbrcx Explorer in Splunk Search 11-07-2022 0 3	0	3
What's the difference between nomv and mvcombine? Could someone please show the difference between nomv and mvcombine with some examples? What I have seen is that both... by nabeel652 Builder in Splunk Search 11-07-2022 0 2	0	2
Help with Eval from Multivalue field? I have a dataset with a multiline field called Logs. The field typically has values like the below, "mId": "Nul... by ff170a Explorer in Splunk Search 11-07-2022 0 3	0	3
How to display a table based on a clicked value of another table? I have a table with 1 column and 6 rows which I'll be changing to 1 row and 6 columns using transpose and eventually ... by sh254087 Communicator in Splunk Search 11-07-2022 0 6	0	6
tstats with where condition \| StatsFileWriterLz4 file open failed file=C:\Splunk\var\run\splunk\srtemp\910252184_17768_a I have a SPL, when first running the result is appearing but once the query is finished the error have shown below: \|... by iamtheclient20 Explorer in Splunk Search 11-07-2022 1 8	1	8
Getting Rex sub pattern error when using counts Index=dev log-severity=INFO app name=abcd \| rex “tv counts for indicator S = (?<Count>\d+)” \| stats count by _... by Aryc090908 Explorer in Splunk Search 11-07-2022 0 3	0	3
Lookup for a value in two lookup table columns? Hi, I have generated a search which return list of hosts and the count of events for these host. sometime the host va... by Hisham Engager in Splunk Search 11-07-2022 0 1	0	1
Annotation based on Existing Value (to avoid duplicate search) On an existing dashboard I have a rather complex query that generates a timechart on which I am looking to use annota... by lennys26 Communicator in Splunk Search 11-07-2022 0 2	0	2
Why is my rex command extracting other text strings I am using the following rex command to extract an id number, which is in the following format: 1e4gd5g7-4fy6-fg567-3... by jhilton90 Path Finder in Splunk Search 11-07-2022 0 7	0	7
Is there a way to be notified(alerted) if any saved searches are modified? I am looking for an alert when any search in (rest /services/saved/searches splunk_server=local) is being modified. by nihvk Explorer in Splunk Search 11-07-2022 0 1	0	1
How to best approach timeseries graph based on multiple fields? Hi, I am looking to create timeseries graph based on multiple fields.we could have multiple hosts and each host have ... by AKG11 Path Finder in Splunk Search 11-07-2022 0 5	0	5
How to visualize ongoing actions based on start/stop time? Hi,I have events which are received when action is finished on my system. Event contains start and stop time for acti... by karjsim Loves-to-Learn Lots in Splunk Search 11-07-2022 0 9	0	9
Why am I unable to search from "MAIN" index? Hello, I have installed an App, and the data in APP is written to "MAIN" index. When I am search for DATA from the AP... by sidtalup27 Explorer in Splunk Search 11-07-2022 0 3	0	3
How to split different field values into separate fields Hello Everyone, I have a field in this format and this information is fetched from a json array.Label apple 1apple 2a... by anuhya_b Observer in Splunk Search 11-07-2022 0 1	0	1
How to display palo threat over a month with severity again allowed & blocked actions? Hi ,how to do i display number of blocked and allowed threats with different severities in a timeframe(e.g monthly).S... by mkshah New Member in Splunk Search 11-06-2022 0 1	0	1
How to Split Group by Values? Hello, I am very new to Splunk. I am wondering how to split these two values into separate rows. The "API_Name" value... by user33 Path Finder in Splunk Search 11-06-2022 0 7	0	7
What rex command can separate hostname from the field? NONPROD:abcd123456_DBSERVERNeed to extract abcd123456 from the string... by priya1926 Path Finder in Splunk Search 11-06-2022 0 1	0	1
Why does this eval case not work? The following is my ideal final query to be used in a dashboard. index=cdn_app httpMessage.host=taxes* \| eval _env=... by jaycetan New Member in Splunk Search 11-05-2022 0 4	0	4
find Exact string contains double comma How can I find an exact string which has double code in it. I want to find exact string HTTP/1.1" 500 by talktulika Observer in Splunk Search 11-04-2022 0 2	0	2
Can I schedule a search that writes to a lookup table? I have a search that writes to a lookup table. I would like to run this search once a month and update (overwrite) t... by ilhwan Path Finder in Splunk Search 11-04-2022 0 4	0	4
For loop on each result of a the table I have query that returns successful logins and a profile ID. Then from the result of those I want to create another... by giolapid911 New Member in Splunk Search 11-04-2022 0 1	0	1
How to compare csv and search and show results which are different from csv? Hello Splunkers , I am using the following search which outputs the following fields host ,Component and output an... by vrmandadi Builder in Splunk Search 11-04-2022 0 3	0	3
How to search results and present as a table of selected key vaule? Hello All, The log has empty space before and after equal with semicolon separation. I’m unable to get the table re... by padrsri Explorer in Splunk Search 11-04-2022 0 8	0	8
How to achieve subsearch with static result? I want to achieve something like this: index=main servicetype="aws:accesslogs" (apps in ("app1","app2","app3")) note:... by biju_babu Explorer in Splunk Search 11-04-2022 0 7	0	7
Why does regex keeps extracting wrong data? I am trying to use the rex command to extract an id number, which is a mixture of letters and numbers separated by a ... by jhilton90 Path Finder in Splunk Search 11-04-2022 0 3	0	3