Splunk Search

Community Activity

How to check the first character of the string is numeric or not? I have a field called Identifier which has values of server names. I need to check the server names first character ... by nivets Engager in Splunk Search 11-03-2022 0 1	0	1
Search returning different number of results every time? I am trying to execute this search but 90% of the times this search does not complete and returns incomplete result... by kgiri253 Explorer in Splunk Search 11-03-2022 0 2	0	2
How to compare a field with accents with a field without accents? I need to compare two fields "Name" and "StudentName" and I am having problems with this, the values in the field "Na... by queryboy Explorer in Splunk Search 11-02-2022 0 1	0	1
How to combine data from 2 separate events? I have the following scenario. An object transitions through multiple queues , I want to query the time spent in Queu... by Hyperlemon Loves-to-Learn in Splunk Search 11-02-2022 0 6	0	6
How to extract id from url message? Hi, I have below message and Iam trying to use rex to extract the id... But myid always shows empty.. Please help - -... by Span Engager in Splunk Search 11-02-2022 0 2	0	2
How to search 25 digit numbers to find and compare a subset? Hello, we have a system that receives data from multiple sources each of these sources identifies the data being sent... by walsh_david Engager in Splunk Search 11-02-2022 0 1	0	1
CIDR lookup with normal lookup- Can I add single IP's to the same lookup file/definition? Hello, I have created a lookup definition for CIDR. The CIDR matching works just fine and I am able to whitelist the ... by izzie123 Path Finder in Splunk Search 11-02-2022 0 1	0	1
How to use appendpipe to sum count and calculate correct percentage? I have a query that works, but the output calculates a percentage column in a chart. I need to show the total of TAM... by richtate Path Finder in Splunk Search 11-02-2022 0 2	0	2
What is Best Practice for keeping my real time dashboard running indefinitely? In Splunk GUI, after I create a real time report and put it on my dashboard, it eventually times out. Wondering if th... by maverick Splunk Employee in Splunk Search 11-02-2022 6 9	6	9
How to use the results of subsearch? My requirement is to utilize the results of the sub-search and use it with the results of the main search results, bu... by smanojkumar Contributor in Splunk Search 11-02-2022 0 1	0	1
How to track transaction with multiple indexes with different fields? Hello everyone. I am trying to track office and remote logins using multiple indexes with the transaction command. On... by jkang117 Loves-to-Learn Everything in Splunk Search 11-02-2022 0 4	0	4
Unused indexes: Why simple strings won't provide any events? Hi all. I currently experiencing an issue where simple strings won't provide any events while two weeks ago I had. Do... by NizanCohen Explorer in Splunk Search 11-02-2022 0 3	0	3
Performance check- How can I check why I'm not getting any results? Hi all. I use Splunk on my workplace and recently I feel like it's performance is decreasing. Basic search queries li... by NizanCohen Explorer in Splunk Search 11-02-2022 0 5	0	5
How to compare .csv file with results from search and join by uniqueID? Hi I have a search index=main sourcetype=data2 type=policythat gives me the following in json: customerId: man0000... by greekleo89 Loves-to-Learn Everything in Splunk Search 11-02-2022 0 7	0	7
How to list and plot total and average events by hour? I'm trying to do something pretty straightforward, and have looked at practically every "average" answer on Splunk C... by ejohn Path Finder in Splunk Search 11-02-2022 0 5	0	5
Error in search: Configuration initialization for /opt/splunk/etc Hi, I have an issue with about a searching, someone know about it, this is the issue: Error in search: "Configura... by Said7 Explorer in Splunk Search 11-01-2022 1 7	1	7
How to replace severity values by respective levels? Hello,In the events, the severity is captured as values between 1 to 10. I want to represent them as High, Low, Mediu... by sidtalup27 Explorer in Splunk Search 11-01-2022 0 1	0	1
How to add multiple field values from a CSV to my main search? I need to add multiple values from a CSV to a main Search I have, I used the lookup command but I think that will jus... by queryboy Explorer in Splunk Search 11-01-2022 0 3	0	3
How do I create bar chart where I want x axis to display all the value in field even If Y axis don't have value? I use index= main \| lookup test1.csv Severity1 \| stats count by Severity The lookup table have 5 value ( Veryhigh,... by karu0711 Communicator in Splunk Search 11-01-2022 0 18	0	18
How would I fix my search not counting correctly? Hello y'all!I'm trying to use the Single Value object, and build a search which count the number of the records and s... by fpedrosa Engager in Splunk Search 11-01-2022 0 7	0	7
How to generate a parent child process chain to use dendogram visualization? Hello all! I´m so lost trying to get full process tree to visualize it in dendogram https://splunkbase.splunk.com/app... by cpm003 Path Finder in Splunk Search 11-01-2022 0 1	0	1
Why is my eval command with multiple if conditions not working? Hi, I have used eval with multiple if conditions and it's failing. Kindly help. source = "2access_30DAY.log" \| eva... by SumanPalisetty Path Finder in Splunk Search 11-01-2022 0 7	0	7
Replacing values in a column in a lookup table with the results from a search query? Hi, I have been tasked to design an alert to trigger whenever there is a modification of the "search query" of an ale... by loki New Member in Splunk Search 11-01-2022 0 1	0	1
Check if field match the regex? Hi Splunk Community, I need help to check whether my directory field match the regex The regex I used is ^\w+:\\root_... by boxmetal Path Finder in Splunk Search 11-01-2022 0 3	0	3
Extract count of search field(SPL) by re-search? hello index=_audit user=admin action=search info=granted search=* \| table search_id search\| replace "'search *" WITH ... by syloee Explorer in Splunk Search 11-01-2022 0 3	0	3