Splunk Search

Community Activity

Display total count of unique values of a field? Hi, Fundamentals question but one of those brain teasers. How do i get a total count of distinct values of a field... by neerajs_81 Builder in Splunk Search 09-16-2022 0 4	0	4
Splunk search- How to capitalize the first letter of every filed column? Hello Splunkers !! As per the below screenshot I want to capitalise the first letter of every filed column.So for the... by uagraw01 Motivator in Splunk Search 09-15-2022 0 6	0	6
Why am I unable to filter log data from extracted fields? scenario : - I had a log file. I am able to extract the fields from the log event and also see the data in the extrac... by Manideep Loves-to-Learn Lots in Splunk Search 09-15-2022 0 3	0	3
How to extract a number of a string and check the count? Hi, I have data like A-001, A-002, A-003..... I would like to know how to extract the numbers from these strings: 00... by zoe Path Finder in Splunk Search 09-15-2022 0 3	0	3
CLI Search - Export JSON File? Can I run a CLI search that will output the results to a file in json format? Thanks, Joe by cramasta Builder in Splunk Search 09-15-2022 1 3	1	3
Please delete this question Hello, by ichesla1111 Path Finder in Splunk Search 09-15-2022 0 1	0	1
How to exclude results if some conditions? Hi All, I have the following saved search: \| tstats summariesonly=true fillnull_value="N/D" count from datamodel=Chan... by marco_massari11 Communicator in Splunk Search 09-15-2022 0 5	0	5
How do I auto extract fields from JSON event? Hi there after much searching and testing i feel i'm stuck. Or even unsure what i want is possible. What i wantI have... by comcordriro Explorer in Splunk Search 09-15-2022 0 2	0	2
How to search a log if a match hasn't been seen in 24 hours? I currently have a lookup that contains two columns. Hostnames and Location. I can use the following formula to sear... by weddi_eddy Explorer in Splunk Search 09-15-2022 0 2	0	2
How to run comparison after a group by? I am running a query where I'm trying to calculate the difference between the start and end times a request travels t... by kimsej Explorer in Splunk Search 09-15-2022 0 1	0	1
How to persist fields after group by command? I have a query that does a group by, which allows the sum(diff) column to be calculated. [search] \| stats sum(diff) b... by kimsej Explorer in Splunk Search 09-15-2022 0 1	0	1
Time picker seems to be overriding earliest=-24, any suggestions? Hello all! Newbie here so please forgive the ignorance in advance! I have a search: index="zscaler" reason="Reputati... by splunkzilla Explorer in Splunk Search 09-15-2022 0 3	0	3
How to group each full iteration into single fields? I have a stats table with output in the below format: Device Timestamp Action some va... by ABSplunker93 Engager in Splunk Search 09-15-2022 0 1	0	1
How do I combine two searches in an eval command? Hello, How do I combine two searches in an eval command? In the example below, I'm trying to create a value for "foll... by KyleMcDougall Path Finder in Splunk Search 09-15-2022 0 1	0	1
Help with extraction to trim value? Hello Splunker !! XBY-123-UTB SVV-123-TBU I want extract to trim the value according Condition : for XBY-123-UTB I ... by uagraw01 Motivator in Splunk Search 09-15-2022 0 5	0	5
How to troubleshoot connectivity issues using Splunk? a customer reports intermittent connectivity issues to the internet, a website, what have you. Our instance of Splunk... by trentsnowbarger New Member in Splunk Search 09-15-2022 0 1	0	1
How to list chosen fields in one field? Hello, I am trying to list fields I have selected into a single field to display in a dashboard. Currently trying \|... by nathanluke1986 Engager in Splunk Search 09-15-2022 0 1	0	1
ES Search Help - How do I multi index join when IP address field is named differently between the two indexes? I have looked at the join documentation, but I am getting a little lost in translation.What I am trying to accomplish... by lou_sierra New Member in Splunk Search 09-15-2022 0 1	0	1
Help with decoding data exfiltration- What time calculation is it doing? Reference : https://zpettry.com/cybersecurity/splunk-queries-data-exfiltration/ \| bucket _time span=1d \| stats sum(by... by Basavaraj Engager in Splunk Search 09-15-2022 0 1	0	1
How to extract field using regex? Hello everyone, Please, I need to extract a field named product (with its value in bold) from the below Message field... by evallja Path Finder in Splunk Search 09-15-2022 0 1	0	1
Help with rex and multi-value fields, assigning key value pairs? Hi All, I have a search which parses key/value pairs out of a strangely-formatted XML field. rex field=xml "<... by Phil_S Engager in Splunk Search 09-15-2022 0 4	0	4
Splunk Search-Where is key dynamic? Hello , I have data like below. I need to frame a query such that I can calculate number of desync for each rate-pari... by Sanjana Explorer in Splunk Search 09-14-2022 0 7	0	7
How to compare results of 2 periods? Hello, guys. I am struggling with my search in splunk and would appreciate any help. Currently I have search that o... by jdonic New Member in Splunk Search 09-14-2022 0 1	0	1
Lookups with extracted fields not working- Why can't I see the active or group fields in events? I am a fairly new to Splunk, and I am having a lot of trouble using the table lookups. I have a lookup CSV table (t... by mark_cet Path Finder in Splunk Search 09-14-2022 0 2	0	2
How to FILTER same events whit two or more fields in a time interval? Hello team !! Im working whit CDR of SMS and I have to find a way to visualize that two fields are repeated more than... by DG3bran Explorer in Splunk Search 09-14-2022 0 2	0	2