Splunk Search

Community Activity

How search total number services count based on host? hai all, i am checking about list of services down based on a host using below search index=ivz_unix* Service source... by sekhar463 Path Finder in Splunk Search 10-26-2022 0 8	0	8
Buckets in splunk- Is it possible to do a 10 minutes from event not 10 minute window? Hi all, Wondering if it is possible to do 10 minute search from when you see an event instead of doing 10 minute wind... by Mckechnie Engager in Splunk Search 10-26-2022 0 1	0	1
Regex Help to extract the first ip? Please help with regex to extract the first ip(highlighted red) only 2022-10-25T14:30:28.108+00:00 10.3.4.150 syslog... by orionex Observer in Splunk Search 10-26-2022 0 2	0	2
How to get values count to display in table? Hi all. I wish to display in a table format the value's count. For example; Computer A has 100 sessions. Computer B h... by NizanCohen Explorer in Splunk Search 10-26-2022 0 5	0	5
How to count number of events and length along with the median value ? I want to be able to able to count the number of events and the median length of events per sourcetype in Splunk ?I'm... by zacksoft_wf Contributor in Splunk Search 10-26-2022 0 9	0	9
How to update the lookup table dynamically? I have a list of hosts in the lookup table. These values aren't static and gets updated dynamically every three month... by innoce Path Finder in Splunk Search 10-26-2022 0 2	0	2
How do I reformat my table? Hello Splunkers!! As per my requirement my current results are as below : severityVulnablitiesCritical3Medium 4Low6 ... by uagraw01 Motivator in Splunk Search 10-26-2022 0 5	0	5
How to get special characters in logs recognized by Splunk by default? Hi, Log format is JSON I have a Field named Organization Now when Organization = "Systèmes" , this will have the foll... by edwinmae Path Finder in Splunk Search 10-26-2022 0 0	0	0
How to search for Windows event followed by another Windows event? I am trying to create a search which looks for an EventCode 4624 followed by another EventCode 4625 from same user, i... by Mckechnie Engager in Splunk Search 10-26-2022 0 1	0	1
Why is a function as 3-rd arg in the "replace" function not evaluating capturing groups? Hi all,Due to utf16/8-mismatch, I find a lot of utf16 \xnn chars in my events; this makes the json-parser kind of lo... by philbond Observer in Splunk Search 10-26-2022 0 1	0	1
Performance fields/stats/table https://community.splunk.com/t5/Splunk-Search/Fields-vs-table-vs-nothing/m-p/498525#M194897 I was looking at a Splunk... by bowesmana SplunkTrust in Splunk Search 10-25-2022 1 6	1	6
How to calculate the percentage of total bytes by app? I am having a brain fart on trying to figure out how to find the total bytes per application and the the percent of e... by jwalzerpitt Influencer in Splunk Search 10-25-2022 0 2	0	2
Separate multiple splunk values with an OR clause? I have a text box in a splunk dashboard and I'm trying to find out how I can separate values entered into the text bo... by MM0071 Path Finder in Splunk Search 10-25-2022 0 4	0	4
Why am I receiving fewer events when using rename command in Splunk? I am getting fewer events when using rename command in splunk. ( Compared to the search where I haven't used rename).... by vjsplunk Loves-to-Learn Everything in Splunk Search 10-25-2022 0 3	0	3
How to join inner? Inter join is not displaying any results. the search works however, nothing is showing up on the screen index = ten... by marceldera Explorer in Splunk Search 10-25-2022 0 1	0	1
How to combine two values from the same field? I'm trying to combine two simular values from the same field. and rename the values. I would like to combine /v1/pr... by msarkaus Path Finder in Splunk Search 10-25-2022 0 1	0	1
How can I show empty timechart with global_time date range? I have three graphs that show results based on a global time range.However, if I have no results (no errors) the thir... by vmpj Loves-to-Learn in Splunk Search 10-25-2022 0 6	0	6
Is there a Dashboard Studio widget to change background colors based upon query result (Yes / No)? I have seen several posts asking similar questions but I am not that much of a UI guy so they do not make sense. I ha... by sjringo Contributor in Splunk Search 10-25-2022 0 0	0	0
Result-depending cidrmatch between two lookups? Hello, I've been searching the internet for quite a while. But can't find any approach. I have a primary search that ... by JoDeBa Loves-to-Learn in Splunk Search 10-24-2022 0 2	0	2
How to determine if event is in list of outages? I have a seemingly simple request: list the events and indicate if it occurred during an outage. I have been trying f... by apps_inpaytech Explorer in Splunk Search 10-24-2022 0 6	0	6
Can I limit foreach iterations, or place a where clause (or other filter) in the foreach subsearch? Can I limit foreach iterations, or place a where clause (or other filter) in the foreach subsearch? I'm attempting to... by testingMemes Engager in Splunk Search 10-24-2022 0 2	0	2
Is there a more efficient way to match multiple values using rex? Hello, I have to avoid matching several values in a fields. The following works, but I"m wondering if there is a mo... by richnavis88 Explorer in Splunk Search 10-24-2022 1 2	1	2
How to dynamically remove events based on field value? Hello all, I have a search that's something like this: index=* sourcetype=* ID=* (value=1 OR value=2 OR value=... by es5 Loves-to-Learn Lots in Splunk Search 10-24-2022 0 7	0	7
How to get 2 unique rows for the values in the list. I have the following query: application_id=12345 STATUS_CODE IN (300, 400, 500)\| head 10 How can I modify this such ... by angersleek Path Finder in Splunk Search 10-24-2022 0 1	0	1
Inconsistency in search results with time settings? Hello, \| transaction RRN keepevicted=t \| search date_hour <6 If I execute this search with a specific date(10-10... by bo2057 Loves-to-Learn in Splunk Search 10-24-2022 0 2	0	2