Splunk Search

Community Activity

	Need help on regex Hai all,Need help on to extract as new filed for user named after CORP\Message=Task Scheduler started "{<!-- -->B9F5A32A-A340... by sekhar463 Path Finder in Splunk Search 09-28-2022 0 7	0	7
	Intermittent log data ingestion- Why aren't logs ingested regularly? I have an issue where the logs aren't ingested regularly. The log file updates every 5 minutes with the same line ent... by drikusc New Member in Splunk Search 09-28-2022 0 2	0	2
	Is it possible to specify Event Sampling in a query for use in a Dashboard? For the type of data I am trying to extract, Event Sampling really speeds up the query. This works fine when executin... by dmoberg Path Finder in Splunk Search 09-28-2022 0 5	0	5
	How to define time period? For example, the "SUBMIT_DATE" is split by date and time. Then define some period of time as a value(A/B/C). Can this... by simon1524 Explorer in Splunk Search 09-27-2022 0 8	0	8
	How to filter results based on property inside JSON string? I want to filter the search results based on tx_id that I extract in the 2nd rex. Meaning only those results that hav... by ghostrider Path Finder in Splunk Search 09-27-2022 0 2	0	2
	How to convert check-ins index into date then calculate desync for each day? Hello, I have data like below. {"property":"XYZ", "period":{ "start":"2022-09-16", "end":"2022-10-02" }, "nb-day":17... by Sanjana Explorer in Splunk Search 09-27-2022 0 7	0	7
	Help with Splunk json dymanic field extraction Hey all, I am trying to extract dynamic field from json . {"period":{"start":"2023-04-17","end":"2023-05-14"},"check-... by Sanjana Explorer in Splunk Search 09-27-2022 0 5	0	5
	Show changed events- What is the right approach to find the block events? Say, we have events like this: _timefwsrc_ipdest_ipdest_portfw_rule_action8/1/22 1:30:00.000 AMfw1192.168.50.518.8.8.... by dennis_u Observer in Splunk Search 09-27-2022 0 2	0	2
	How to use a list of allowable IP addresses? Good morning, Curious to see if anyone has used a similar dataset in Splunk and/or any suggestions on the best way to... by kevinb0011 Explorer in Splunk Search 09-27-2022 0 5	0	5
	Is there an option to add Time Token function on Dashboard? Hi Team,I have several Dashboards that contain base searches data from reports for example: <search id="baseSearch"... by cbiraris Path Finder in Splunk Search 09-27-2022 0 3	0	3
	Help with regex to remove first part of string? I have 2 fields: the values of fieldA are present in fieldB and I need to remove the first part of fieldB up to the v... by tomapatan Contributor in Splunk Search 09-27-2022 0 3	0	3
	How to frame a table from stats data? I want to create a Bar chart with the logs where the key would be the stats count field name and value would be the s... by ninja_panda Engager in Splunk Search 09-27-2022 0 4	0	4
	How to achieve multiple time ranges in a single report/view? Here is my query. In final line chart when I hover, I am not getting different dates. Rather only 26th Sept (Today's... by angadbagga Explorer in Splunk Search 09-27-2022 0 9	0	9
	How to create a dashboard : timechart with base search and events limit? Hi, I have multiple panels that need to run timecharts like these: something \| table _time,A,B</query> \| search A="1"... by asafd Explorer in Splunk Search 09-27-2022 0 1	0	1
	How to plot a timechart for calculated value? Hi all,I am calculating a value from data and i want to plot it in a timechart. \| where status!="ABORTED" \| streamsta... by anooshac Communicator in Splunk Search 09-27-2022 0 7	0	7
	Stats with different bins (full time period AND 5 min intervals)- How to compare average time? I have a need to compare the average time for certain events with the 5 min bucket/bins of the same events. The idea ... by dmoberg Path Finder in Splunk Search 09-27-2022 0 4	0	4
	Checking TA usage-How do I know if a TA is used by any user? How do I know if a TA is used by any user.I have a TA laying around, and I doubt is is been used. But before removing... by zacksoft_wf Contributor in Splunk Search 09-27-2022 0 4	0	4
	Why did Splunk 9.0.1 "Fail to parse templatized search for field 'i'"? I'm trying to use the Splunk 9 addition in foreach iteration with ITEM, but it always returns "Failed to parse templa... by yuanliu SplunkTrust in Splunk Search 09-26-2022 0 3	0	3
	How to sort values(_time)? Hello everyone!i have the following search: index="xyz" "restart" \| eval _time = strftime(_time,"%F %H:%M:%S") \| ... by klischatb Path Finder in Splunk Search 09-26-2022 0 4	0	4
	How to achieve an alert for when the count is 0? I am running a query \|tstats count latest(_time) where index=abcd by host, my requirement is to create an alert when ... by bapun18 Communicator in Splunk Search 09-26-2022 0 4	0	4
	Pie Chart - How to show my own field instead of Count% ? Hi,I have this search:\| stats count by application \| eval application = case( application=="malware-detection",... by fpedrosa Engager in Splunk Search 09-26-2022 0 1	0	1
	How to get query to extract phone numbers from an event? Hi all, I'm trying to get a list of phone numbers for each event by sessionId. I can't quite figure it out. I think I... by KyleMcDougall Path Finder in Splunk Search 09-26-2022 0 3	0	3
	How to get the time difference between consecutive events of a host and then do the average of it? I am using the below search to first get the difference in time everytime I see an event which has boot timestamp in ... by vrmandadi Builder in Splunk Search 09-26-2022 0 10	0	10
	How to compare data by the same day of different weeks? Hi everyone, I am searching data in Splunk, after different steps, I have now this table: _timecountTypeMon Sep 12 ... by Julia1231 Communicator in Splunk Search 09-26-2022 0 1	0	1
	How to get column from csv file to insert in search result? Hi everyone, I use dbxquery and get this result from database: idcount12312456244786 Also I have a csv file already... by Julia1231 Communicator in Splunk Search 09-26-2022 0 3	0	3