Splunk Search

Community Activity

	How do I auto extract fields from JSON event? Hi there after much searching and testing i feel i'm stuck. Or even unsure what i want is possible. What i wantI have... by comcordriro Explorer in Splunk Search 09-15-2022 0 2	0	2
	How to search a log if a match hasn't been seen in 24 hours? I currently have a lookup that contains two columns. Hostnames and Location. I can use the following formula to sear... by weddi_eddy Explorer in Splunk Search 09-15-2022 0 2	0	2
	How to run comparison after a group by? I am running a query where I'm trying to calculate the difference between the start and end times a request travels t... by kimsej Explorer in Splunk Search 09-15-2022 0 1	0	1
	How to persist fields after group by command? I have a query that does a group by, which allows the sum(diff) column to be calculated. [search] \| stats sum(diff) b... by kimsej Explorer in Splunk Search 09-15-2022 0 1	0	1
	Time picker seems to be overriding earliest=-24, any suggestions? Hello all! Newbie here so please forgive the ignorance in advance! I have a search: index="zscaler" reason="Reputati... by splunkzilla Explorer in Splunk Search 09-15-2022 0 3	0	3
	How to group each full iteration into single fields? I have a stats table with output in the below format: Device Timestamp Action some va... by ABSplunker93 Engager in Splunk Search 09-15-2022 0 1	0	1
	How do I combine two searches in an eval command? Hello, How do I combine two searches in an eval command? In the example below, I'm trying to create a value for "foll... by KyleMcDougall Path Finder in Splunk Search 09-15-2022 0 1	0	1
	Help with extraction to trim value? Hello Splunker !! XBY-123-UTB SVV-123-TBU I want extract to trim the value according Condition : for XBY-123-UTB I ... by uagraw01 Motivator in Splunk Search 09-15-2022 0 5	0	5
	How to troubleshoot connectivity issues using Splunk? a customer reports intermittent connectivity issues to the internet, a website, what have you. Our instance of Splunk... by trentsnowbarger New Member in Splunk Search 09-15-2022 0 1	0	1
	How to list chosen fields in one field? Hello, I am trying to list fields I have selected into a single field to display in a dashboard. Currently trying \|... by nathanluke1986 Engager in Splunk Search 09-15-2022 0 1	0	1
	ES Search Help - How do I multi index join when IP address field is named differently between the two indexes? I have looked at the join documentation, but I am getting a little lost in translation.What I am trying to accomplish... by lou_sierra New Member in Splunk Search 09-15-2022 0 1	0	1
	Help with decoding data exfiltration- What time calculation is it doing? Reference : https://zpettry.com/cybersecurity/splunk-queries-data-exfiltration/ \| bucket _time span=1d \| stats sum(by... by Basavaraj Engager in Splunk Search 09-15-2022 0 1	0	1
	How to extract field using regex? Hello everyone, Please, I need to extract a field named product (with its value in bold) from the below Message field... by evallja Path Finder in Splunk Search 09-15-2022 0 1	0	1
	Help with rex and multi-value fields, assigning key value pairs? Hi All, I have a search which parses key/value pairs out of a strangely-formatted XML field. rex field=xml "<... by Phil_S Engager in Splunk Search 09-15-2022 0 4	0	4
	Splunk Search-Where is key dynamic? Hello , I have data like below. I need to frame a query such that I can calculate number of desync for each rate-pari... by Sanjana Explorer in Splunk Search 09-14-2022 0 7	0	7
	How to compare results of 2 periods? Hello, guys. I am struggling with my search in splunk and would appreciate any help. Currently I have search that o... by jdonic New Member in Splunk Search 09-14-2022 0 1	0	1
	Lookups with extracted fields not working- Why can't I see the active or group fields in events? I am a fairly new to Splunk, and I am having a lot of trouble using the table lookups. I have a lookup CSV table (t... by mark_cet Path Finder in Splunk Search 09-14-2022 0 2	0	2
	How to FILTER same events whit two or more fields in a time interval? Hello team !! Im working whit CDR of SMS and I have to find a way to visualize that two fields are repeated more than... by DG3bran Explorer in Splunk Search 09-14-2022 0 2	0	2
	Rex mode=sed to substitute < & > with nothing? Greetings! The target filed is message_id and sometimes the field value comes with brackets <b8047a671f47430cb44afbf1... by LHumberto Explorer in Splunk Search 09-14-2022 0 1	0	1
	"Middle" parameter for stats command? Hi all! We use stats commands to pull in data from our APIs. But, our APIs get called multiple times in a single sess... by KyleMcDougall Path Finder in Splunk Search 09-13-2022 0 4	0	4
	How can I split Splunk query into time ranges? Hi Everyone, If I am searching through the past 4 weeks in one query, how can I break this data into two columns, one... by coreytoast Explorer in Splunk Search 09-13-2022 0 8	0	8
	How to create an alert to notify when a job runs over a specified time? My requirement is to notify when the job runs more than the specified time, condition 1 - the first job of every day ... by smanojkumar Contributor in Splunk Search 09-13-2022 0 3	0	3
	Help with Search in XML file-Multiple lines data for validation of HTTP response content validation for API calls I am new to Splunk query I need to capture the filed value of tn "Subscription_S04_LookupInvoiceStatus" and Respons... by rpachamuthu Explorer in Splunk Search 09-12-2022 0 4	0	4
	Regex help, using ^ character Hey, I was trying to filter some search data in splunk using regex. I was able to figure the regex part. However when... by AttarSingh1 Explorer in Splunk Search 09-12-2022 0 6	0	6
	How to display only a substring of result set? When i search for the string "ERROR" in a log i get the below < DEBUG : blah blah INFO : blah blah blah ERROR : <s... by HelloItsMe76 Explorer in Splunk Search 09-12-2022 0 2	0	2