Splunk Search

Community Activity

How to compare data by the same day of different weeks? Hi everyone, I am searching data in Splunk, after different steps, I have now this table: _timecountTypeMon Sep 12 ... by Julia1231 Communicator in Splunk Search 09-26-2022 0 1	0	1
How to get column from csv file to insert in search result? Hi everyone, I use dbxquery and get this result from database: idcount12312456244786 Also I have a csv file already... by Julia1231 Communicator in Splunk Search 09-26-2022 0 3	0	3
How to display user list with number of attachment emails daily? Hello All, I have email exchange transactional data with below fields. Looking some data with span of 1day. Like how ... by Snehraj New Member in Splunk Search 09-26-2022 0 1	0	1
Is it possible to change the background in Classic Dashboard? Hi Community! I am trying to find a good example of setting a background image to a classic dashboard. This process ... by quietferret Loves-to-Learn in Splunk Search 09-26-2022 0 1	0	1
How to rename a field name with curly braces by using Field Alias ? Hi I have several search where I performed renaming. Some of them are done on fied which looks likexxx.yyy{}.aaaxxx.y... by erwanlebaron Engager in Splunk Search 09-26-2022 0 2	0	2
How to extract data from log message data using rex field=_raw? Sample data is How to extract data from log message data using rex field=_raw? Sample data isInstance Name : ABCDEFGH1Connecting to ... by AK_Splunk Explorer in Splunk Search 09-26-2022 0 5	0	5
What would be the regular expression when using rex to match fields that end with a range of values? What would be the regular expression when using rex to match fields that end with a range of values? Sample:"var0":0,... by dzyfer Path Finder in Splunk Search 09-25-2022 0 2	0	2
How to find and extract a json object from a json array based on other json field? Hi, I have rows that are json based. each row has a field that looks like this: { "students" : [ {"id":"123", "... by asafd Explorer in Splunk Search 09-25-2022 0 6	0	6
Referencing a json element- how do I convert "data" into a parsed json? Hi guys, I'm trying to do something that I expected to be very simple, so I guess I'm missing something big. This is ... by asafd Explorer in Splunk Search 09-24-2022 0 2	0	2
Help with Regex to extract values Hello Splunk Ninjas!I'm new to the group (and to the splunk) and will require your assistance with designing my regex... by napoleon182 Explorer in Splunk Search 09-24-2022 0 4	0	4
What is the difference between maxspan and timelimit? the transaction is identified as jsessionid .the spl query to find all transactions which lasted less than 5 sec : s... by kimmyb Loves-to-Learn in Splunk Search 09-23-2022 0 5	0	5
If i want to create a macro, do i use ' ' or dollar signs? when i was studying about macro i sometimes see that we put our arguments between ' ' and sometimes between $ ... by kimmyb Loves-to-Learn in Splunk Search 09-23-2022 0 4	0	4
How many email triggered in a day and how to schedule a report to the user? Hi All i am using the below query and it works fine. i.e how many emails were triggered to a Distribution list in a M... by risingflight143 Explorer in Splunk Search 09-23-2022 0 7	0	7
TimeChart round values: How to create search? I need to round the max(Delay) and avg(Delay) to 3 decimals in the following command:my search \| timechart span=5m av... by DPOIRE Path Finder in Splunk Search 09-23-2022 0 4	0	4
How to create timechart with 4 count values? Hi, I'm new as Splunk user,I'm asking your help  I would like to create an easy dashboard with VPN datas. My search... by Dim_No Loves-to-Learn Everything in Splunk Search 09-23-2022 0 16	0	16
How to use tstats where with structured data source? tstats shows an error if I include a JSON field in "where" clause. Same happens to CSV fields. For example, if my s... by yuanliu SplunkTrust in Splunk Search 09-23-2022 0 3	0	3
mvexpand multiple multi-value fields: How do I turn my three multi-value fields into tuples? I have a query that extracts useful info from a storage system report. rex "quota list --verbose (?<fs>[A-Z0-9_]+) " ... by nathanh42 Explorer in Splunk Search 09-23-2022 8 23	8	23
How to modify query to tabulate error codes and percent failure? I am trying to create a query that returns a table showing counts of different error codes and percentage of transact... by 9jamie Explorer in Splunk Search 09-23-2022 0 1	0	1
Help with a search for barcodes based by group? I have a customer that would like to use Splunk to search for a set of devices by their respective barcodes. The devi... by KayBeesKnees83 Path Finder in Splunk Search 09-23-2022 0 9	0	9
How to extract as below using universal forwarder props.conf? I want to extract as below using universal forwarder props.conf Whatever data I have before: should be the ... by bapun18 Communicator in Splunk Search 09-23-2022 0 5	0	5
How to Capture & Compare _time from two searches using append ? I am performing two searches in an attempt to calculate the duration, but am having some issues. Here is what I have ... by sjringo Contributor in Splunk Search 09-23-2022 0 6	0	6
Help with extracting JSON fields Hi Team,I have the event in the below format and want to extract the key-value pairs as fields. Please help extract f... by kranthimutyala Path Finder in Splunk Search 09-23-2022 0 5	0	5
Regex Issue using Rex command? Hi,I have a field X with values similar to the following "device-group APCC1_Core_Controller pre-rulebase application... by POR160893 Builder in Splunk Search 09-23-2022 0 9	0	9
Nested comparisons (using AND / OR with IF / CASE functions)- How would I add a second condition? Hi everyone, I am attempting to implement some logic in my alert searches but I can't seem to figure out how to do ... by mark_cet Path Finder in Splunk Search 09-23-2022 0 2	0	2
Why the error "sh: /opt/container_artifact/splunk-container.state: Permission denied"? we are using ocp-4.10 deploying splunk/splunk:7.2.2 image but pod is going into crashbakloopoff state and in logs we ... by maheswari New Member in Splunk Search 09-23-2022 0 0	0	0