Splunk Search

Community Activity

Dedup vs. Stats performance Hi Splunkers! Some days ago, one of my colleagues told me that "if you want to delete duplicates on your search, usi... by faguilar Path Finder in Splunk Search 11-10-2022 5 5	5	5
How to get list from inputlookup and run search on this smaller list? Hi All, I have a SPL query that runs on an index , sourcetype which has milions of jobnames. I want to my SPL to read... by mihir_hardas Explorer in Splunk Search 11-10-2022 0 10	0	10
How do I join a search with a list of jobnames from a file DepC_listofjobs.csv? How do I join a search with a list of jobnames from a file DepC_listofjobs.csv. This file has only one column which h... by mihir_hardas Explorer in Splunk Search 11-10-2022 0 3	0	3
How to format _time column to display only month name Hi i have a column _time getting displayed in the results due to timechart used in the query. Its currently getting d... by sudeep5689 Explorer in Splunk Search 11-10-2022 0 4	0	4
How to avoid excessive memory usage error? Hello,I am performing a search in Splunk Cloud but I am getting the following error, does anyone know how to resolve ... by Neonbeeflash Explorer in Splunk Search 11-10-2022 0 0	0	0
Can I use Splunk's anomaly detection in MLTK to enable ops folks to identify recent unusual log messages? I want our operations folks to be able to quickly see which unusual log messages have started showing up. That is rat... by tlevine New Member in Splunk Search 11-10-2022 0 1	0	1
Importing error code reasons from URL to Splunk query Hi all.My company is working with GlobalScope and I wish to enter their error code description to Splunk.As of right ... by NizanCohen Explorer in Splunk Search 11-09-2022 0 1	0	1
Why is my chart overlay not working? Hi, I need to overlay two values in one chart with a common X axis and a Y axis on either side chart 1 - column cha... by namritha Path Finder in Splunk Search 11-09-2022 0 6	0	6
What regex to use to drop everything after the last occurrence of a symbol? Hi Splunk Community, I am working on a regex to filter the sources I am getting from logs. I am trying to drop everyt... by jpfrancetic Path Finder in Splunk Search 11-09-2022 0 3	0	3
Filtering out part of a value? Hi all. I'm working with a FTP server which include a session number with each status and I wish to exclude the sessi... by NizanCohen Explorer in Splunk Search 11-09-2022 0 6	0	6
How to use extract using rex command? "Context":"{"user id":"jane.doe.sen", "Expense Date":"11/10/2022", How to use extract this rex command? to come ... by wvsgo215 Engager in Splunk Search 11-09-2022 0 1	0	1
How to use Wildcards with eval, stats, and count? Hello! I have a field called "Customers Email" and I wanted to get a count of all the emails that end in .gov, .edu, ... by cdson Explorer in Splunk Search 11-09-2022 0 2	0	2
Way to exclude results from Values() based on # returned? I'm trying to do a search to find IPs trying to login in using multiple usernames (using Duo). I have it working ver... by JR_Akaviri Engager in Splunk Search 11-09-2022 0 2	0	2
Align all values of a table to the left (for PDF export) Hello, I am currently trying to create a table on which every value, whether number or string, is aligned to the lef... by ckunath Communicator in Splunk Search 11-09-2022 0 8	0	8
How to dedup in a search with a Lookup table? I have a working search that uses a look up, that is like this: index=MyIndex [\| inputlookup MyCSVFile \| stat... by earriaga Path Finder in Splunk Search 11-09-2022 0 1	0	1
How to combine two field values into one field from a .csv file? Hello! I have a csv file where there are two fields called "Customers First Name" and "Customers Last Name". I was ... by cdson Explorer in Splunk Search 11-09-2022 0 2	0	2
Why do transforming commands not work after upgrade to Splunk 8? Hello, I have recently upgraded from Splunk 7 to Splunk 8.2.4. After the upgrade, I noticed that some transform co... by sistemistiposta Path Finder in Splunk Search 11-09-2022 0 23	0	23
How to search duration of job? Hi, I am trying to build a query where I need Job duration. Each job could run multiple time and its start/end time ... by AKG11 Path Finder in Splunk Search 11-09-2022 0 3	0	3
How to change timestamp value on old data in an index? Hi there, I have a requirement where I have a large number of events which was uploaded on the 4th November but that ... by vishalduttauk Communicator in Splunk Search 11-09-2022 0 7	0	7
Is there a way to sort eval-ed field by one of its parent fields? Hi all, I need some help sorting an eval field by one of it's components per below. ... \| eventstats count(ID) AS c... by Dworsnop Path Finder in Splunk Search 11-09-2022 0 8	0	8
How to refine search to pull the hosts that has 100+ results? So based off my original query that shows 100+ hosts, I would like to generate a list of the hosts in statistics but ... by wrongquery Explorer in Splunk Search 11-09-2022 0 6	0	6
How to compare GeoLocation values of login events for each user to previous logins? I am trying to create an alert that triggers when the location field of a login event from a user changes. so if a us... by olawalePS Path Finder in Splunk Search 11-09-2022 0 1	0	1
Unable to get fields with rex? Hello, I have this search results: Error for user flow: AAAAA - user: BBBB - Msg: {\"_errorCode\":Z, \"_messa... by frnSpLrnr11 Engager in Splunk Search 11-08-2022 0 2	0	2
How to exclude top N values or percent from percentile calculations? I'm trying to get an accurate percentile representation from a dataset of hourly metrics, excluding outliers. The da... by JM_dataguy New Member in Splunk Search 11-08-2022 0 2	0	2
How to compare two multi value fields and return true when at least one of the values matches? Hello Splunkers, I am trying to compare two multi value ID columns, and return true when at least of the values ma... by RexPei New Member in Splunk Search 11-08-2022 0 3	0	3