Splunk Search

Community Activity

How to get pie chart average value in three slices? Short description:When a consumer orders groceries online, I provide the picker—the individual who picked the foods b... by alakdam Path Finder in Splunk Search 10-07-2022 0 3	0	3
Why does search use up large amount of memory? I'm trying to export raw linux audit logs to a file. For example: splunk.exe "sourcetype=linux:audit _time>xxx... by eng3 New Member in Splunk Search 10-06-2022 0 2	0	2
Splunk search- How to extract payload? Hello , I have splunk logger line like below: Address: XXX HttpMethod: POST Headers: {<!-- -->Ama-Internal-REST-Service=hote... by Sanjana Explorer in Splunk Search 10-06-2022 0 2	0	2
How to utilize wildcards in time fields in lookup file? I have a lookup which has a field with time values (in 24 hr time; i.e. 00:30, 13:45, 23:15), which tells my dashboar... by TBH0 Explorer in Splunk Search 10-06-2022 0 6	0	6
Do I use Last(..) or Latest(..) after match(..), or something else? I am performing a search for two events. A start event and a stop event for a specific job Name. I have ran into an i... by sjringo Contributor in Splunk Search 10-06-2022 0 12	0	12
How to use eval within stats for data from tstats I'm trying to use eval within stats to work with data from tstats, but it doesn't seem to work the way I expected it ... by kcheek_umich New Member in Splunk Search 10-06-2022 0 8	0	8
Time Range "earliest" in SPL not working? When conducting searches, we have observed that the SPL searches were not working based on the "earliest" time range ... by thahir Contributor in Splunk Search 10-06-2022 0 3	0	3
Can I change the stats limit in Splunk for the max characters? hello all, My problem is I thing Splunk have max character accepted for stats command, when i perform this search ind... by Hugues Path Finder in Splunk Search 10-06-2022 0 15	0	15
How to dynamically change table contents based on log messages? Not sure if I am putting this in the correct area; my apologies ahead of time. I wanted to know if it would be possib... by kiddsupreme Explorer in Splunk Search 10-06-2022 0 1	0	1
How to join REST & search results? I'm really bad when it comes to join searches, though I've been doing this for years. I'm able to find the list of o... by manderson7 Contributor in Splunk Search 10-06-2022 0 2	0	2
Make average compare with two columns value based and display it in Panel I have two two columns of data, One is Expected box and another is Actual box. I would like to make Percentage/Avera... by alakdam Path Finder in Splunk Search 10-06-2022 0 7	0	7
Report results to event summary index, why value with hyphen (-) is double quoted? Isn't hyphen a minor breaker so I'm wondering why the values with hyphen get double quoted when doing summary indexin... by JykkeDaMan Path Finder in Splunk Search 10-06-2022 0 3	0	3
How to make comparison of a field with a digit with a field where there are alphabetic characters? Prompt as I can make arithmetic comparison of two fields. Comparison: more, less.The first field consists of numbers:... by metylkinandrey Communicator in Splunk Search 10-06-2022 0 7	0	7
Merge 3 Splunk field into 1? Hi, I am trying to concatenate 3 fields into 1 field but I am unable to do so.I tried: and this: Can someone help? ... by POR160893 Builder in Splunk Search 10-06-2022 0 4	0	4
How to create a new field? Tell me, what should I do in my case, I need from the field: 1.SAPS-SIS.TO.LSP.SEND, or: "12.SAPS-SIS.TO.LSP.RECEIVEG... by metylkinandrey Communicator in Splunk Search 10-06-2022 0 2	0	2
Could someone assist on converting Azure Sentinel to SPL? Hi all. It might sound weird but I need assistance converting Azure Sentinel queries to SPL. The main goal is to use ... by NizanCohen Explorer in Splunk Search 10-06-2022 0 0	0	0
How to use substr to extract the first 3 letters of a field and use it as a grouping field? I'm not sure I asked the right question, but I'd like to use substr to extract the first 3 letters of a field and use... by chq_alanf Explorer in Splunk Search 10-06-2022 2 9	2	9
Average wrong box estimate- Why is my attempt wrong? I have total 17 orders. Box Estimates is wrong 6 out of 17 orders. What is the average wrong box estimate in total?T... by alakdam Path Finder in Splunk Search 10-06-2022 0 17	0	17
Splunk SPL- How do I use regex to create an alert? Hello Splunker! I created below regex from the raw events. And I want to create an alert which show the event in one ... by uagraw01 Motivator in Splunk Search 10-06-2022 0 5	0	5
Splunk Dashboard- Why is the edit dashboard mood screen appearing? One dashboard was made by me. I'm showing my colleagues my dashboard. Problem: When my coworkers or I access that Spl... by alakdam Path Finder in Splunk Search 10-06-2022 0 2	0	2
How to combine lookup file with splunk query, static data with live data Static data with one common field app Name as splunk query. by san112491 New Member in Splunk Search 10-06-2022 0 2	0	2
How to count total empty object? I have a data where I got empty object. I would like count in total how many empty object in one table data and also ... by alakdam Path Finder in Splunk Search 10-05-2022 0 10	0	10
How to check value of my search present in which lookup table HiI am looking for query where say for example user=xyz which is present in multiple watchlists [watchlist_A.csv, wat... by akshayinnamuri Loves-to-Learn Lots in Splunk Search 10-05-2022 0 1	0	1
Why does the split function fail for list_split_failure_1 and 2 but succeeds for list_split_success? \| makeresults count=1\| eval list_split_failure_1 = "fail:,searching old data:,searching new"\| eval list_split_failure... by rkoster Explorer in Splunk Search 10-05-2022 0 1	0	1
Need help with query performance improvement Hi guys,I need to evaluate a disruption. It can last multiple hours, so I need to use data which is at least 4h old.... by username13 Explorer in Splunk Search 10-05-2022 0 3	0	3