Splunk Search

Community Activity

How to compare 2 Search's percentage results? Hey Team, I am trying to generate a search which returns a complete set of results from today and then compares it wi... by EBVanguard Engager in Splunk Search 09-16-2022 0 1	0	1
Why is my Splunk index showing "0"? I push the logs to splunk using hec method using this end point "/services/collector" that index data showing in 1 ... by tcsec2user Explorer in Splunk Search 09-16-2022 0 6	0	6
Why is timechart with where and streamstat not retrieving same results as where and stats? I am running a query where the following fetches the latency above 1000 milliseconds: As you can see the query uses ... by kimsej Explorer in Splunk Search 09-16-2022 0 4	0	4
How to create an eval and use of like? I am trying to an eval with like to assign priority to certain IPs/hosts and running into an issue where the priority... by jwalzerpitt Influencer in Splunk Search 09-16-2022 0 8	0	8
How to insert checkboxes in a simple statistics results table? Hello Splunkers, I have a situation where I have to replace the first cell in each row in a statistics table with a ... by allan_newton Path Finder in Splunk Search 09-16-2022 1 10	1	10
How do I compare times to find the closest to time in a column? Hi everyone, From dbxquery, I retrieve this table: idstart_time1end_time1start_time2end_time2123413/09/2022 21:46:43.... by Julia1231 Communicator in Splunk Search 09-16-2022 0 1	0	1
Display total count of unique values of a field? Hi, Fundamentals question but one of those brain teasers. How do i get a total count of distinct values of a field... by neerajs_81 Builder in Splunk Search 09-16-2022 0 4	0	4
Splunk search- How to capitalize the first letter of every filed column? Hello Splunkers !! As per the below screenshot I want to capitalise the first letter of every filed column.So for the... by uagraw01 Motivator in Splunk Search 09-15-2022 0 6	0	6
Why am I unable to filter log data from extracted fields? scenario : - I had a log file. I am able to extract the fields from the log event and also see the data in the extrac... by Manideep Loves-to-Learn Lots in Splunk Search 09-15-2022 0 3	0	3
How to extract a number of a string and check the count? Hi, I have data like A-001, A-002, A-003..... I would like to know how to extract the numbers from these strings: 00... by zoe Path Finder in Splunk Search 09-15-2022 0 3	0	3
CLI Search - Export JSON File? Can I run a CLI search that will output the results to a file in json format? Thanks, Joe by cramasta Builder in Splunk Search 09-15-2022 1 3	1	3
Please delete this question Hello, by ichesla1111 Path Finder in Splunk Search 09-15-2022 0 1	0	1
How to exclude results if some conditions? Hi All, I have the following saved search: \| tstats summariesonly=true fillnull_value="N/D" count from datamodel=Chan... by marco_massari11 Communicator in Splunk Search 09-15-2022 0 5	0	5
How do I auto extract fields from JSON event? Hi there after much searching and testing i feel i'm stuck. Or even unsure what i want is possible. What i wantI have... by comcordriro Explorer in Splunk Search 09-15-2022 0 2	0	2
How to search a log if a match hasn't been seen in 24 hours? I currently have a lookup that contains two columns. Hostnames and Location. I can use the following formula to sear... by weddi_eddy Explorer in Splunk Search 09-15-2022 0 2	0	2
How to run comparison after a group by? I am running a query where I'm trying to calculate the difference between the start and end times a request travels t... by kimsej Explorer in Splunk Search 09-15-2022 0 1	0	1
How to persist fields after group by command? I have a query that does a group by, which allows the sum(diff) column to be calculated. [search] \| stats sum(diff) b... by kimsej Explorer in Splunk Search 09-15-2022 0 1	0	1
Time picker seems to be overriding earliest=-24, any suggestions? Hello all! Newbie here so please forgive the ignorance in advance! I have a search: index="zscaler" reason="Reputati... by splunkzilla Explorer in Splunk Search 09-15-2022 0 3	0	3
How to group each full iteration into single fields? I have a stats table with output in the below format: Device Timestamp Action some va... by ABSplunker93 Engager in Splunk Search 09-15-2022 0 1	0	1
How do I combine two searches in an eval command? Hello, How do I combine two searches in an eval command? In the example below, I'm trying to create a value for "foll... by KyleMcDougall Path Finder in Splunk Search 09-15-2022 0 1	0	1
Help with extraction to trim value? Hello Splunker !! XBY-123-UTB SVV-123-TBU I want extract to trim the value according Condition : for XBY-123-UTB I ... by uagraw01 Motivator in Splunk Search 09-15-2022 0 5	0	5
How to troubleshoot connectivity issues using Splunk? a customer reports intermittent connectivity issues to the internet, a website, what have you. Our instance of Splunk... by trentsnowbarger New Member in Splunk Search 09-15-2022 0 1	0	1
How to list chosen fields in one field? Hello, I am trying to list fields I have selected into a single field to display in a dashboard. Currently trying \|... by nathanluke1986 Engager in Splunk Search 09-15-2022 0 1	0	1
ES Search Help - How do I multi index join when IP address field is named differently between the two indexes? I have looked at the join documentation, but I am getting a little lost in translation.What I am trying to accomplish... by lou_sierra New Member in Splunk Search 09-15-2022 0 1	0	1
Help with decoding data exfiltration- What time calculation is it doing? Reference : https://zpettry.com/cybersecurity/splunk-queries-data-exfiltration/ \| bucket _time span=1d \| stats sum(by... by Basavaraj Engager in Splunk Search 09-15-2022 0 1	0	1