Splunk Search

Community Activity

Merge 3 Splunk field into 1? Hi, I am trying to concatenate 3 fields into 1 field but I am unable to do so.I tried: and this: Can someone help? ... by POR160893 Builder in Splunk Search 10-06-2022 0 4	0	4
How to create a new field? Tell me, what should I do in my case, I need from the field: 1.SAPS-SIS.TO.LSP.SEND, or: "12.SAPS-SIS.TO.LSP.RECEIVEG... by metylkinandrey Communicator in Splunk Search 10-06-2022 0 2	0	2
Could someone assist on converting Azure Sentinel to SPL? Hi all. It might sound weird but I need assistance converting Azure Sentinel queries to SPL. The main goal is to use ... by NizanCohen Explorer in Splunk Search 10-06-2022 0 0	0	0
How to use substr to extract the first 3 letters of a field and use it as a grouping field? I'm not sure I asked the right question, but I'd like to use substr to extract the first 3 letters of a field and use... by chq_alanf Explorer in Splunk Search 10-06-2022 2 9	2	9
Average wrong box estimate- Why is my attempt wrong? I have total 17 orders. Box Estimates is wrong 6 out of 17 orders. What is the average wrong box estimate in total?T... by alakdam Path Finder in Splunk Search 10-06-2022 0 17	0	17
Splunk SPL- How do I use regex to create an alert? Hello Splunker! I created below regex from the raw events. And I want to create an alert which show the event in one ... by uagraw01 Motivator in Splunk Search 10-06-2022 0 5	0	5
Splunk Dashboard- Why is the edit dashboard mood screen appearing? One dashboard was made by me. I'm showing my colleagues my dashboard. Problem: When my coworkers or I access that Spl... by alakdam Path Finder in Splunk Search 10-06-2022 0 2	0	2
How to combine lookup file with splunk query, static data with live data Static data with one common field app Name as splunk query. by san112491 New Member in Splunk Search 10-06-2022 0 2	0	2
How to count total empty object? I have a data where I got empty object. I would like count in total how many empty object in one table data and also ... by alakdam Path Finder in Splunk Search 10-05-2022 0 10	0	10
How to check value of my search present in which lookup table HiI am looking for query where say for example user=xyz which is present in multiple watchlists [watchlist_A.csv, wat... by akshayinnamuri Loves-to-Learn Lots in Splunk Search 10-05-2022 0 1	0	1
Why does the split function fail for list_split_failure_1 and 2 but succeeds for list_split_success? \| makeresults count=1\| eval list_split_failure_1 = "fail:,searching old data:,searching new"\| eval list_split_failure... by rkoster Explorer in Splunk Search 10-05-2022 0 1	0	1
Need help with query performance improvement Hi guys,I need to evaluate a disruption. It can last multiple hours, so I need to use data which is at least 4h old.... by username13 Explorer in Splunk Search 10-05-2022 0 3	0	3
Specify time zone in static earliest and latest times? I would like to send a search with a specific time range to people in different time zones. I can use earliest and la... by reed_kelly Contributor in Splunk Search 10-05-2022 0 6	0	6
Help with Drilldown and token condition in Dashboard Hi everybody, I am creating a Dashboard using Splunk and I'm searching for a solution. I have a list machine accordin... by Julia1231 Communicator in Splunk Search 10-05-2022 0 2	0	2
Do not display certain elements of a search? Hello community, I am having a problem with a dashboard that I am setting up based on Splunk OnCall data, in order to... by Rajaion Path Finder in Splunk Search 10-05-2022 0 6	0	6
How can we convert milliseconds to seconds? Hi, How can we calculate milli seconds to seconds for this field -> transactionDuration=20058? by monicateja Explorer in Splunk Search 10-05-2022 0 3	0	3
Can I generate a table in which I list every event with the four variables? Hey Guys, I have the following data in Splunk. Each eventdata has 4 lines (which are seperated through newLines) and ... by leon12 Loves-to-Learn in Splunk Search 10-05-2022 0 1	0	1
How to use a multivalue field in a dropdown list? Hello as you can see "type" field as 3 values : stand, vd or xe if the "type" field is "vd" or "xe", I need to gather... by jip31 Motivator in Splunk Search 10-05-2022 0 6	0	6
Multisearch or union for this case- How to show for 5 user id's? i All There are query splunk like this : (index=Prod sourcetype=ProdApp (host=Prod01 OR Prod02) source="/prodlib/S... by untitledman27 Loves-to-Learn Everything in Splunk Search 10-05-2022 0 24	0	24
How to convert timestamp to date for below timestamp to just date 2022-10-04? How can i convert timestamp to date for below timestamp to just date 2022-10-04. timestamp: 2022-10-04 19:52:00.151 ... by monicateja Explorer in Splunk Search 10-05-2022 0 3	0	3
Is it possible to extract nested data make 2 keys? Hi Splunkers, I have data like this, Primary Key_1: subkey_1 : subvalue_1 subkey_2 : subvalue_2 Primary Ke... by batabay Path Finder in Splunk Search 10-05-2022 0 3	0	3
How to feed results of a query into another query of a different time and index? Hi all, I am trying to feed results of a query into another of a different time and index and I'm facing issues with ... by charlottelimcl Explorer in Splunk Search 10-05-2022 0 5	0	5
[Solution] Dashboard global_time token value not set For the search record: I edited an already functional dashboard in the studio, tweaking the layout. Part of that was ... by preview Engager in Splunk Search 10-04-2022 2 0	2	0
How can I extract data with delimiter? I have a log entry with the current format: field=A_B (delimited by underscore)How can I extract this data into two ... by yk010123 Path Finder in Splunk Search 10-04-2022 0 1	0	1
How to possibly use spath within a tstats query? Hello, I have an API call that is bringing in json data to my Splunk environment. When I do a basic query of the inde... by DBattisto Communicator in Splunk Search 10-04-2022 0 1	0	1