Splunk Search

Community Activity

How to leave date (in a field) is before today? I'm extremely new to Splunk and finding learning SPL very frustrating. I'm trying to look for windows log on events/ ... by KH Engager in Splunk Search 09-08-2022 0 2	0	2
Issue with foreach in multivalue <> not recognized I have encountered an issue with the foreach command on mv-fields.When I execute my search, Splunk says: "Error in 'e... by Finn Explorer in Splunk Search 09-08-2022 0 2	0	2
What is the difference between now() and _time? What is the difference between now() and _time? by smanojkumar Contributor in Splunk Search 09-08-2022 0 2	0	2
How to replace digits in regex? Hi, Below is the example for raw log: 20220906T23:43:58+03:00#0115dummyvalue.com#01110.111.169.11:51868#01110.45.38.1... by Dharani Path Finder in Splunk Search 09-08-2022 0 2	0	2
Time stamp Start_Time=092659Start_Date=20220908My requirement is to find the job amount many jobs that runs longer than a day, t... by smanojkumar Contributor in Splunk Search 09-08-2022 0 3	0	3
How can I identify the longest string in a multivalued field? I'm trying to make the Linux audit daemon data play nice. One of the challenges is that a particular action can trig... by responsys_cm Builder in Splunk Search 09-08-2022 0 2	0	2
Determining the max value of a multivalue field containing comma delimited text and number I have a comma delimited multivalue field that contains text and a digit in each value pair that I am trying to find ... by mydog8it Builder in Splunk Search 09-08-2022 1 14	1	14
How to extract multiple values to same field? Hello,I have logs like : samples={'xxxxxxx' : {'111' :{'222' :{'333'}}}}{'yyyyyyy'{'444'}}{'zzzzzzz'}I need to take a... by CybSec1 New Member in Splunk Search 09-08-2022 0 2	0	2
Is it possible to exclude any events with multi value fields and only table ones with single value? Hi, Is there any way to exclude any events that has more than one value of a field from end result. index=X statu... by FGAnders Explorer in Splunk Search 09-08-2022 0 2	0	2
Why does my SPLUNK RETS API return 0 eventCount? Hello, I've been using SPLUNK search REST API for a while now and just today i've run into the following issue. W... by PepposChris Observer in Splunk Search 09-07-2022 0 4	0	4
How to create a search for multiple earliest dates for 7day output? Hi All, Am looking for query to have multiple earliest days index=something sourcetype=something earliest=-7d@d late... by kpavan Path Finder in Splunk Search 09-07-2022 0 3	0	3
How to split the JSON array into multiple new events? Hey all, Can someone help me out with a JSON related question! Many many thanks!  I have a JSON arrays field in this... by jhcbazinga95 Loves-to-Learn Everything in Splunk Search 09-07-2022 0 3	0	3
Combining 2 searches but need help with dedup strategy Hi, I have 2 searches where the dedup strategy is different, i want to combine the 2 searches but need help with dedu... by SS1 Path Finder in Splunk Search 09-07-2022 0 1	0	1
How to Count appearance of containers per company? Hi,I want to count the numbers of containers per company. Each data point has a container id, company id, and much mo... by janderhungrige Observer in Splunk Search 09-07-2022 0 1	0	1
Is it possible to merge two searches (inner+outer)? Greetings. Is it possible merge 2 search? If there is any common value than connect it. If there is no match keep the... by Kislac Engager in Splunk Search 09-07-2022 0 4	0	4
Compare x hours vs last 1 week ago @ITWhisper As per the Below Screenshot I want to add Custom time frame. Where user can able to select any time frame ... by uagraw01 Motivator in Splunk Search 09-07-2022 0 9	0	9
How to extract second field between quotes and add url? I have logs of the format... 2022-09-07T01:42:06.321624+00:00 micro.service 2867ce23-bdfd-48eb-ba5a-40e1e8a93987[[APP... by Mick_OBrien Path Finder in Splunk Search 09-07-2022 0 5	0	5
How to merge two message threads into one? I have two message threads, each thread consists of ten messages. I need to request to display these two chains in on... by metylkinandrey Communicator in Splunk Search 09-07-2022 0 6	0	6
index = aws_ubs_n \| search log IN ("error","info","warn") \| stats count as log How to count each log value separately?("error","info","warn") by surens Explorer in Splunk Search 09-07-2022 0 6	0	6
Not getting the last week of data in graph when using the filter search Device_Type="mobile" In the above, I am comparing the last 15m data to the current week's 15m data. And I am getting good results. ... by uagraw01 Motivator in Splunk Search 09-06-2022 0 5	0	5
How to calculate percentage in a total row generated by addcoltotals? I am trying to add a percentage to the total row generated by addcoltotals. I would like to show the total percentage... by pwilson Explorer in Splunk Search 09-06-2022 0 1	0	1
How to convert IPv6 to IPv4 dotted decimal format with eval? I've found many samples of how to convert an IPv4 to many different formats but I can't seem to locate one to convert... by roayers Explorer in Splunk Search 09-06-2022 0 3	0	3
How to limit the triggering of a Splunk alert according to a time range to avoid having several similar results? I have a problem triggering an alert on a splunk request based on a cron job that runs this way: Search query: index... by elmadi_fares Loves-to-Learn Everything in Splunk Search 09-06-2022 0 3	0	3
How to use span with stats? I have a table with the next information:Fecha31/08/2022 16:16:4331/08/2022 16:19:4831/08/2022 16:16:3431/08/2022 16:... by m0rt1f4g0 Explorer in Splunk Search 09-06-2022 0 4	0	4
How to decrease the font size and make the count bold in only one table? I have to decrease the fields names font size, like subgroup, platforms, bkcname etc.. (all fields present in the tab... by ramkyreddy Explorer in Splunk Search 09-06-2022 0 2	0	2