Splunk Search

Community Activity

Why is eval command case function not working? Hi, I wrote a eval command and its not working. Kindly help. source = "2access_30DAY.log" \| eval "new_field" = case('... by SumanPalisetty Path Finder in Splunk Search 10-31-2022 0 7	0	7
SPL to extract field and field value? SPL to extract field and field value when data seems like belowscreenshot attached.I need help in extracting field as... by AK_Splunk Explorer in Splunk Search 10-31-2022 0 3	0	3
Combinatorics, permutation, foreach within a foreach... unique stats case to calculate a fields vertical relationship? I have a unique query that I think I have a general logical approach to solving, but the syntax and most efficient ro... by tobiasboone1 Explorer in Splunk Search 10-31-2022 0 10	0	10
Is it possible to concatenate string with a number using eval? Hi, Can we concatenate a string with a number using eval with '.' operator? I got to know that from a video, but when... by SumanPalisetty Path Finder in Splunk Search 10-31-2022 0 3	0	3
How to achieve a federated search to link the on-prem indexers to the cloud SH? I have a distributed Splunk environment, meaning a SHC and IDX cluster connected via distributed search as outlined i... by andrew_burnett Path Finder in Splunk Search 10-31-2022 0 1	0	1
The default search won't let you click the link, it just lets you filter on that field, is there an override to this? I can control the data sent to the fields. All fields on the deafult search allow you include/exclude in search resu... by vinceisvince Observer in Splunk Search 10-31-2022 0 1	0	1
What happened to the data? Hi,I have a question for my understanding. Kindly help.You had data in the past, one fine day if you see there is no ... by SumanPalisetty Path Finder in Splunk Search 10-31-2022 0 4	0	4
"[Errno 111] Connection refused" when I restart Splunk on my HF Hello Splunkers,I am facing some errors every time I relaunch my Splunk service on my HF.Inside splunkd.log I have th... by GaetanVP Contributor in Splunk Search 10-31-2022 0 2	0	2
DNS tunneling detection - Help with fine tuning splunk search Hey Splunkers,Can someone please help me with the logic, how can I finetune the search below to detect DNS tunnelling... by Woodpecker Path Finder in Splunk Search 10-31-2022 0 1	0	1
Is this message format possible for sending to splunk? Tell me, is this message format possible for sending to splunk: curl --location --request POST 'http://170.25.25.25:8... by metylkinandrey Communicator in Splunk Search 10-31-2022 0 2	0	2
How to use the results of subsearch? My requirement is to utilize the results of the sub-search and use it with the results of the main search results, bu... by smanojkumar Contributor in Splunk Search 10-31-2022 0 5	0	5
Time range in rest query- Unable to get it down to last hour? Hi, ive got the below query that im using to try and see when correlation searches have been edited: \| rest splunk_s... by Ra1n New Member in Splunk Search 10-31-2022 0 1	0	1
Suggestions on Minimum message type (json)? Good afternoon!We have a problem in the workflow: a part of the customer's system, which is not developed by us, is n... by metylkinandrey Communicator in Splunk Search 10-31-2022 0 4	0	4
Need help in extraction and creating table Below query is in string text format need to separate each field and create a table with all columns for operator , ... by monicateja Explorer in Splunk Search 10-31-2022 0 2	0	2
Regex search help? log: {“timeMillis”:“1667091964927",“timestamp”:“2022-10-30T01:06:04.927Z”,“thread”:“reactor-http-epoll-3",“level”:“IN... by monicateja Explorer in Splunk Search 10-31-2022 0 1	0	1
How to lookup two files with same column name and display only the difference? This is my first question here! And I just started my journey with Splunk.I have two files test1.csv and test2.csv wi... by nihvk Explorer in Splunk Search 10-31-2022 0 3	0	3
How to search for newly established connection between members of the Splunk infrastructure? Hello again community Today I received notice that on every Friday morning at a particular time there are a lot of ne... by fatsug Builder in Splunk Search 10-30-2022 0 2	0	2
Join a lookup to events in an index where the date is one day prior? I have an index that snapshots an inventory system every day. The inventory is a list of all active circuits. There... by adomenico Explorer in Splunk Search 10-30-2022 0 1	0	1
How to use OR operator between subsearch and fields? Hey Splunkers, I have the following search but it is not working as expected. What I am trying to achieve is if one... by splunkxorsplunk Explorer in Splunk Search 10-28-2022 0 4	0	4
Stats count as a percentage as the total? I have a search which I am using stats to generate a data grid. Something to the affect of Choice1 10 Choice2 50 Choi... by christopherutz Path Finder in Splunk Search 10-28-2022 1 6	1	6
Help with rex- Unbalanced quotes when there are \ and " in string Hey community, Can someone help me out with a rex related question! Many many thanks! I am trying to rex the V1 out o... by jhcbazinga95 Loves-to-Learn Everything in Splunk Search 10-28-2022 0 2	0	2
Why does transaction command seems to be encoding characters? Hello all, This is my first post here. I have been learning Splunk over the past few months and I am loving it. I a... by jplasencia Explorer in Splunk Search 10-28-2022 0 0	0	0
Why can't I see preliminary search results when using associate command? In my SPL I use the associate command. However, I've noticed that when I use the command, any previous preliminary s... by TAE Engager in Splunk Search 10-28-2022 0 4	0	4
How to produce a csv based on a complex business logic? We have a Splunk UI that allows the users to export a certain set of the rows from a lookup. The caveat is that each ... by danielbb Motivator in Splunk Search 10-28-2022 0 6	0	6
How to extract key/value with dynamic key name? I found this, but I am unable to replicate it. I am not understanding where I am messing up here. Problem: I feed bto... by oliverja Path Finder in Splunk Search 10-28-2022 0 5	0	5