Splunk Search

Community Activity

CIDR lookup with normal lookup- Can I add single IP's to the same lookup file/definition? Hello, I have created a lookup definition for CIDR. The CIDR matching works just fine and I am able to whitelist the ... by izzie123 Path Finder in Splunk Search 11-02-2022 0 1	0	1
How to use appendpipe to sum count and calculate correct percentage? I have a query that works, but the output calculates a percentage column in a chart. I need to show the total of TAM... by richtate Path Finder in Splunk Search 11-02-2022 0 2	0	2
What is Best Practice for keeping my real time dashboard running indefinitely? In Splunk GUI, after I create a real time report and put it on my dashboard, it eventually times out. Wondering if th... by maverick Splunk Employee in Splunk Search 11-02-2022 6 9	6	9
How to use the results of subsearch? My requirement is to utilize the results of the sub-search and use it with the results of the main search results, bu... by smanojkumar Contributor in Splunk Search 11-02-2022 0 1	0	1
How to track transaction with multiple indexes with different fields? Hello everyone. I am trying to track office and remote logins using multiple indexes with the transaction command. On... by jkang117 Loves-to-Learn Everything in Splunk Search 11-02-2022 0 4	0	4
Unused indexes: Why simple strings won't provide any events? Hi all. I currently experiencing an issue where simple strings won't provide any events while two weeks ago I had. Do... by NizanCohen Explorer in Splunk Search 11-02-2022 0 3	0	3
Performance check- How can I check why I'm not getting any results? Hi all. I use Splunk on my workplace and recently I feel like it's performance is decreasing. Basic search queries li... by NizanCohen Explorer in Splunk Search 11-02-2022 0 5	0	5
How to compare .csv file with results from search and join by uniqueID? Hi I have a search index=main sourcetype=data2 type=policythat gives me the following in json: customerId: man0000... by greekleo89 Loves-to-Learn Everything in Splunk Search 11-02-2022 0 7	0	7
How to list and plot total and average events by hour? I'm trying to do something pretty straightforward, and have looked at practically every "average" answer on Splunk C... by ejohn Path Finder in Splunk Search 11-02-2022 0 5	0	5
Error in search: Configuration initialization for /opt/splunk/etc Hi, I have an issue with about a searching, someone know about it, this is the issue: Error in search: "Configura... by Said7 Explorer in Splunk Search 11-01-2022 1 7	1	7
How to replace severity values by respective levels? Hello,In the events, the severity is captured as values between 1 to 10. I want to represent them as High, Low, Mediu... by sidtalup27 Explorer in Splunk Search 11-01-2022 0 1	0	1
How to add multiple field values from a CSV to my main search? I need to add multiple values from a CSV to a main Search I have, I used the lookup command but I think that will jus... by queryboy Explorer in Splunk Search 11-01-2022 0 3	0	3
How do I create bar chart where I want x axis to display all the value in field even If Y axis don't have value? I use index= main \| lookup test1.csv Severity1 \| stats count by Severity The lookup table have 5 value ( Veryhigh,... by karu0711 Communicator in Splunk Search 11-01-2022 0 18	0	18
How would I fix my search not counting correctly? Hello y'all!I'm trying to use the Single Value object, and build a search which count the number of the records and s... by fpedrosa Engager in Splunk Search 11-01-2022 0 7	0	7
How to generate a parent child process chain to use dendogram visualization? Hello all! I´m so lost trying to get full process tree to visualize it in dendogram https://splunkbase.splunk.com/app... by cpm003 Path Finder in Splunk Search 11-01-2022 0 1	0	1
Why is my eval command with multiple if conditions not working? Hi, I have used eval with multiple if conditions and it's failing. Kindly help. source = "2access_30DAY.log" \| eva... by SumanPalisetty Path Finder in Splunk Search 11-01-2022 0 7	0	7
Replacing values in a column in a lookup table with the results from a search query? Hi, I have been tasked to design an alert to trigger whenever there is a modification of the "search query" of an ale... by loki New Member in Splunk Search 11-01-2022 0 1	0	1
Check if field match the regex? Hi Splunk Community, I need help to check whether my directory field match the regex The regex I used is ^\w+:\\root_... by boxmetal Path Finder in Splunk Search 11-01-2022 0 3	0	3
Extract count of search field(SPL) by re-search? hello index=_audit user=admin action=search info=granted search=* \| table search_id search\| replace "'search *" WITH ... by syloee Explorer in Splunk Search 11-01-2022 0 3	0	3
Add dashboard tab to app? Good afternoon!The infrastructure command gave me permissions so that I can add a dashboard tab to my application. I ... by metylkinandrey Communicator in Splunk Search 11-01-2022 0 9	0	9
How to match case on multiple value assigned Hi all,I'm trying to create category based on host category: Lab,Personal,Staff and get workstations to be counted fo... by aa0 Path Finder in Splunk Search 11-01-2022 0 2	0	2
How to split multiple fields? I need to be able to split multiple fields that have a delimiter of "\|#\|". The field name will differ depending on th... by paras Explorer in Splunk Search 10-31-2022 0 2	0	2
Why is eval command case function not working? Hi, I wrote a eval command and its not working. Kindly help. source = "2access_30DAY.log" \| eval "new_field" = case('... by SumanPalisetty Path Finder in Splunk Search 10-31-2022 0 7	0	7
SPL to extract field and field value? SPL to extract field and field value when data seems like belowscreenshot attached.I need help in extracting field as... by AK_Splunk Explorer in Splunk Search 10-31-2022 0 3	0	3
Combinatorics, permutation, foreach within a foreach... unique stats case to calculate a fields vertical relationship? I have a unique query that I think I have a general logical approach to solving, but the syntax and most efficient ro... by tobiasboone1 Explorer in Splunk Search 10-31-2022 0 10	0	10