Splunk Search

Community Activity

Splunk query to Append/replace the specific fields in the lookup file (csv) Hi, I have a lookup file with the fields - biz_department, biz_unit, biz_owner, data_usageI have a query to generate... by mala_splunk_91 Explorer in Splunk Search 09-29-2022 0 1	0	1
How to add the field name via command in a lookup file? Hi Community Support, I have a lookup file with IP addresses where all the values are IP Addresses including the very... by joomla Engager in Splunk Search 09-29-2022 0 4	0	4
Event sampling and Count - accuracy? I have a need for approximate statistics/metrics and am currently using Event Sampling, which drastically speeds up t... by dmoberg Path Finder in Splunk Search 09-29-2022 0 1	0	1
Priority of a search error- How do find what searches are high priority and what are non-high priority search in splunk? The splunkd health has the following message: The percentage of non-high priority searches skipped (97%) over the la... by Sithima Explorer in Splunk Search 09-29-2022 0 1	0	1
Help on removing the double quotes and reading a substring I have the below string in my error log {"@odata.context":"https://apistaging.payspace.com/odata/v1.1/11846/$metadat... by manojchacko78 Path Finder in Splunk Search 09-29-2022 0 7	0	7
How to display table with vertical title? I'm sure this must be possible, but I can't find a way, unfortunately there are a couple of threads on this with no s... by JohnnyMnemonic Explorer in Splunk Search 09-29-2022 0 2	0	2
How to get ip objects from a Splunk list? Hello, I have an output list like this one: { "10.10.10.15": { "High": [ { "name": "vu1"... by splunknewuser Loves-to-Learn Everything in Splunk Search 09-29-2022 0 4	0	4
How to unite multiple columns into one column? table A table B I know there are lots of ways to spread the table from table B to table A . Is there ant method to... by krim Explorer in Splunk Search 09-29-2022 0 4	0	4
Is there any way to export my custom visualization in PDF format --- BoxPlot? Hey Splunkers!! Is there any way to export my custom visualization in PDF format --- BoxPlot I check over the Splunkb... by restinlinux Explorer in Splunk Search 09-28-2022 0 1	0	1
How to display comma separated in two column in Splunk under events or statistics or visualization? case_S56_search_Get_T01_search,{"success":false "message":"Note not found: 52229548" "messageCode":"**" "localizedMes... by rpachamuthu Explorer in Splunk Search 09-28-2022 0 1	0	1
Help with Search for sporadic servers in the past 14 days? Trying to build a search looking for sporadic servers in the past 14 days, here is my search so far. \| tstats count a... by andrew_burnett Path Finder in Splunk Search 09-28-2022 0 3	0	3
Retrieve all latest rows that share the same _time value? I have an application that sends logs to Splunk every few seconds. These logs are "snapshots" which provide a static ... by HappyFeet Engager in Splunk Search 09-28-2022 0 2	0	2
Filter JSON search results based on another log message in the same search? I have the below search results that will consist of 2 different types of log formats or strings. Log 1: "MESSAGE "(... by ghostrider Path Finder in Splunk Search 09-28-2022 0 2	0	2
How to show the total size of events from a source? Hi, I need to show a customer that Splunk is processing their entire file, and thought a good way of doing it was to ... by a212830 Champion in Splunk Search 09-28-2022 1 10	1	10
Can I use macro but complete search if macro is broken or missing? I am using two macros in a search however, I want to use them in a way that IF they are broken or not available the s... by coreyCLI Communicator in Splunk Search 09-28-2022 0 1	0	1
How to compare two fields data from appendcols Hi Community,I need support to know how I can get the non-existent values from the two fields obtained from the "appe... by joomla Engager in Splunk Search 09-28-2022 0 2	0	2
Can splunk index same data into one index but different sourcetypes?? Hello,I have to index a log file in linux server in to one index but need to have two different sourcetype. Is it pos... by sivaranjiniG Communicator in Splunk Search 09-28-2022 1 1	1	1
Need help on regex Hai all,Need help on to extract as new filed for user named after CORP\Message=Task Scheduler started "{<!-- -->B9F5A32A-A340... by sekhar463 Path Finder in Splunk Search 09-28-2022 0 7	0	7
Intermittent log data ingestion- Why aren't logs ingested regularly? I have an issue where the logs aren't ingested regularly. The log file updates every 5 minutes with the same line ent... by drikusc New Member in Splunk Search 09-28-2022 0 2	0	2
Is it possible to specify Event Sampling in a query for use in a Dashboard? For the type of data I am trying to extract, Event Sampling really speeds up the query. This works fine when executin... by dmoberg Path Finder in Splunk Search 09-28-2022 0 5	0	5
How to define time period? For example, the "SUBMIT_DATE" is split by date and time. Then define some period of time as a value(A/B/C). Can this... by simon1524 Explorer in Splunk Search 09-27-2022 0 8	0	8
How to filter results based on property inside JSON string? I want to filter the search results based on tx_id that I extract in the 2nd rex. Meaning only those results that hav... by ghostrider Path Finder in Splunk Search 09-27-2022 0 2	0	2
How to convert check-ins index into date then calculate desync for each day? Hello, I have data like below. {"property":"XYZ", "period":{ "start":"2022-09-16", "end":"2022-10-02" }, "nb-day":17... by Sanjana Explorer in Splunk Search 09-27-2022 0 7	0	7
Help with Splunk json dymanic field extraction Hey all, I am trying to extract dynamic field from json . {"period":{"start":"2023-04-17","end":"2023-05-14"},"check-... by Sanjana Explorer in Splunk Search 09-27-2022 0 5	0	5
Show changed events- What is the right approach to find the block events? Say, we have events like this: _timefwsrc_ipdest_ipdest_portfw_rule_action8/1/22 1:30:00.000 AMfw1192.168.50.518.8.8.... by dennis_u Observer in Splunk Search 09-27-2022 0 2	0	2