Splunk Search

Community Activity

Performance check- How can I check why I'm not getting any results? Hi all. I use Splunk on my workplace and recently I feel like it's performance is decreasing. Basic search queries li... by NizanCohen Explorer in Splunk Search 11-02-2022 0 5	0	5
How to compare .csv file with results from search and join by uniqueID? Hi I have a search index=main sourcetype=data2 type=policythat gives me the following in json: customerId: man0000... by greekleo89 Loves-to-Learn Everything in Splunk Search 11-02-2022 0 7	0	7
How to list and plot total and average events by hour? I'm trying to do something pretty straightforward, and have looked at practically every "average" answer on Splunk C... by ejohn Path Finder in Splunk Search 11-02-2022 0 5	0	5
Error in search: Configuration initialization for /opt/splunk/etc Hi, I have an issue with about a searching, someone know about it, this is the issue: Error in search: "Configura... by Said7 Explorer in Splunk Search 11-01-2022 1 7	1	7
How to replace severity values by respective levels? Hello,In the events, the severity is captured as values between 1 to 10. I want to represent them as High, Low, Mediu... by sidtalup27 Explorer in Splunk Search 11-01-2022 0 1	0	1
How to add multiple field values from a CSV to my main search? I need to add multiple values from a CSV to a main Search I have, I used the lookup command but I think that will jus... by queryboy Explorer in Splunk Search 11-01-2022 0 3	0	3
How do I create bar chart where I want x axis to display all the value in field even If Y axis don't have value? I use index= main \| lookup test1.csv Severity1 \| stats count by Severity The lookup table have 5 value ( Veryhigh,... by karu0711 Communicator in Splunk Search 11-01-2022 0 18	0	18
How would I fix my search not counting correctly? Hello y'all!I'm trying to use the Single Value object, and build a search which count the number of the records and s... by fpedrosa Engager in Splunk Search 11-01-2022 0 7	0	7
How to generate a parent child process chain to use dendogram visualization? Hello all! I´m so lost trying to get full process tree to visualize it in dendogram https://splunkbase.splunk.com/app... by cpm003 Path Finder in Splunk Search 11-01-2022 0 1	0	1
Why is my eval command with multiple if conditions not working? Hi, I have used eval with multiple if conditions and it's failing. Kindly help. source = "2access_30DAY.log" \| eva... by SumanPalisetty Path Finder in Splunk Search 11-01-2022 0 7	0	7
Replacing values in a column in a lookup table with the results from a search query? Hi, I have been tasked to design an alert to trigger whenever there is a modification of the "search query" of an ale... by loki New Member in Splunk Search 11-01-2022 0 1	0	1
Check if field match the regex? Hi Splunk Community, I need help to check whether my directory field match the regex The regex I used is ^\w+:\\root_... by boxmetal Path Finder in Splunk Search 11-01-2022 0 3	0	3
Extract count of search field(SPL) by re-search? hello index=_audit user=admin action=search info=granted search=* \| table search_id search\| replace "'search *" WITH ... by syloee Explorer in Splunk Search 11-01-2022 0 3	0	3
Add dashboard tab to app? Good afternoon!The infrastructure command gave me permissions so that I can add a dashboard tab to my application. I ... by metylkinandrey Communicator in Splunk Search 11-01-2022 0 9	0	9
How to match case on multiple value assigned Hi all,I'm trying to create category based on host category: Lab,Personal,Staff and get workstations to be counted fo... by aa0 Path Finder in Splunk Search 11-01-2022 0 2	0	2
How to split multiple fields? I need to be able to split multiple fields that have a delimiter of "\|#\|". The field name will differ depending on th... by paras Explorer in Splunk Search 10-31-2022 0 2	0	2
Why is eval command case function not working? Hi, I wrote a eval command and its not working. Kindly help. source = "2access_30DAY.log" \| eval "new_field" = case('... by SumanPalisetty Path Finder in Splunk Search 10-31-2022 0 7	0	7
SPL to extract field and field value? SPL to extract field and field value when data seems like belowscreenshot attached.I need help in extracting field as... by AK_Splunk Explorer in Splunk Search 10-31-2022 0 3	0	3
Combinatorics, permutation, foreach within a foreach... unique stats case to calculate a fields vertical relationship? I have a unique query that I think I have a general logical approach to solving, but the syntax and most efficient ro... by tobiasboone1 Explorer in Splunk Search 10-31-2022 0 10	0	10
Is it possible to concatenate string with a number using eval? Hi, Can we concatenate a string with a number using eval with '.' operator? I got to know that from a video, but when... by SumanPalisetty Path Finder in Splunk Search 10-31-2022 0 3	0	3
How to achieve a federated search to link the on-prem indexers to the cloud SH? I have a distributed Splunk environment, meaning a SHC and IDX cluster connected via distributed search as outlined i... by andrew_burnett Path Finder in Splunk Search 10-31-2022 0 1	0	1
The default search won't let you click the link, it just lets you filter on that field, is there an override to this? I can control the data sent to the fields. All fields on the deafult search allow you include/exclude in search resu... by vinceisvince Observer in Splunk Search 10-31-2022 0 1	0	1
What happened to the data? Hi,I have a question for my understanding. Kindly help.You had data in the past, one fine day if you see there is no ... by SumanPalisetty Path Finder in Splunk Search 10-31-2022 0 4	0	4
"[Errno 111] Connection refused" when I restart Splunk on my HF Hello Splunkers,I am facing some errors every time I relaunch my Splunk service on my HF.Inside splunkd.log I have th... by GaetanVP Contributor in Splunk Search 10-31-2022 0 2	0	2
DNS tunneling detection - Help with fine tuning splunk search Hey Splunkers,Can someone please help me with the logic, how can I finetune the search below to detect DNS tunnelling... by Woodpecker Path Finder in Splunk Search 10-31-2022 0 1	0	1