Splunk Search

Community Activity

How to check value of my search present in which lookup table HiI am looking for query where say for example user=xyz which is present in multiple watchlists [watchlist_A.csv, wat... by akshayinnamuri Loves-to-Learn Lots in Splunk Search 10-05-2022 0 1	0	1
Why does the split function fail for list_split_failure_1 and 2 but succeeds for list_split_success? \| makeresults count=1\| eval list_split_failure_1 = "fail:,searching old data:,searching new"\| eval list_split_failure... by rkoster Explorer in Splunk Search 10-05-2022 0 1	0	1
Need help with query performance improvement Hi guys,I need to evaluate a disruption. It can last multiple hours, so I need to use data which is at least 4h old.... by username13 Explorer in Splunk Search 10-05-2022 0 3	0	3
Specify time zone in static earliest and latest times? I would like to send a search with a specific time range to people in different time zones. I can use earliest and la... by reed_kelly Contributor in Splunk Search 10-05-2022 0 6	0	6
Help with Drilldown and token condition in Dashboard Hi everybody, I am creating a Dashboard using Splunk and I'm searching for a solution. I have a list machine accordin... by Julia1231 Communicator in Splunk Search 10-05-2022 0 2	0	2
Do not display certain elements of a search? Hello community, I am having a problem with a dashboard that I am setting up based on Splunk OnCall data, in order to... by Rajaion Path Finder in Splunk Search 10-05-2022 0 6	0	6
How can we convert milliseconds to seconds? Hi, How can we calculate milli seconds to seconds for this field -> transactionDuration=20058? by monicateja Explorer in Splunk Search 10-05-2022 0 3	0	3
Can I generate a table in which I list every event with the four variables? Hey Guys, I have the following data in Splunk. Each eventdata has 4 lines (which are seperated through newLines) and ... by leon12 Loves-to-Learn in Splunk Search 10-05-2022 0 1	0	1
How to use a multivalue field in a dropdown list? Hello as you can see "type" field as 3 values : stand, vd or xe if the "type" field is "vd" or "xe", I need to gather... by jip31 Motivator in Splunk Search 10-05-2022 0 6	0	6
Multisearch or union for this case- How to show for 5 user id's? i All There are query splunk like this : (index=Prod sourcetype=ProdApp (host=Prod01 OR Prod02) source="/prodlib/S... by untitledman27 Loves-to-Learn Everything in Splunk Search 10-05-2022 0 24	0	24
How to convert timestamp to date for below timestamp to just date 2022-10-04? How can i convert timestamp to date for below timestamp to just date 2022-10-04. timestamp: 2022-10-04 19:52:00.151 ... by monicateja Explorer in Splunk Search 10-05-2022 0 3	0	3
Is it possible to extract nested data make 2 keys? Hi Splunkers, I have data like this, Primary Key_1: subkey_1 : subvalue_1 subkey_2 : subvalue_2 Primary Ke... by batabay Path Finder in Splunk Search 10-05-2022 0 3	0	3
How to feed results of a query into another query of a different time and index? Hi all, I am trying to feed results of a query into another of a different time and index and I'm facing issues with ... by charlottelimcl Explorer in Splunk Search 10-05-2022 0 5	0	5
[Solution] Dashboard global_time token value not set For the search record: I edited an already functional dashboard in the studio, tweaking the layout. Part of that was ... by preview Engager in Splunk Search 10-04-2022 2 0	2	0
How can I extract data with delimiter? I have a log entry with the current format: field=A_B (delimited by underscore)How can I extract this data into two ... by yk010123 Path Finder in Splunk Search 10-04-2022 0 1	0	1
How to possibly use spath within a tstats query? Hello, I have an API call that is bringing in json data to my Splunk environment. When I do a basic query of the inde... by DBattisto Communicator in Splunk Search 10-04-2022 0 1	0	1
How can I parse a log containing multiple JSON records? I have the following log: Requests over Threshold found: {"kv":{"top_requests":[{"operation_name":"get","last_dispa... by yk010123 Path Finder in Splunk Search 10-04-2022 0 8	0	8
Dashboard for host,sourcetype, latest event received,Total Eventcount and sparkline for count of 1month? Hi, \| tstats earliest(_time) as Earliest latest(_time) as Latest where index=_internal by _time, index, sourcetype,... by Atchyuth_P Path Finder in Splunk Search 10-04-2022 0 1	0	1
How to regex the field = "URI path" values by "/" character where the values are varying length? Hi, I am b/t a rock and a wall, looking for any suggestion to solved this. I am using the URL ToolBox to dissect URI ... by Glasses2 Communicator in Splunk Search 10-04-2022 0 5	0	5
Default Table sort order not working as expected? host="*" index=main sourcetype=WwanSignal uid="3F77F61645E8323E205F832212" \| table _time deviceName user quality prev... by simpkins1958 Contributor in Splunk Search 10-04-2022 0 15	0	15
How to compare the values from same fields? I want to create the new_field when other values of field_1 is less than of first value.Here in below example as 23 g... by saurabh_ha Explorer in Splunk Search 10-04-2022 0 2	0	2
Help with Regex to extract values inside of the [] Good afternoon Splunk ninjas, i will require your assistance in designing regex that will help me take the values ins... by napoleon182 Explorer in Splunk Search 10-03-2022 0 2	0	2
How to create pie charts with column values? Hi guys, I am quite new to the Splunk world, pls forgive me for asking a very basic question. So I have a table as ... by ktanwar Explorer in Splunk Search 10-03-2022 0 4	0	4
How to hide some values in field? When i have query data result from search in field worker id it show >> domain\worker_id search result Example ABC\... by chakuttha Explorer in Splunk Search 10-03-2022 0 5	0	5
How would I extract number from text message? Hello, I would like to extract the 10 milliseconds in the below snippet of text as a separate value in a field. Is th... by user33 Path Finder in Splunk Search 10-03-2022 0 2	0	2