Splunk Search

Community Activity

How to delete row values if condition is not met in a table? Hi all, I need to write a query that checks whether (Daily AH <= Daily Po <= Daily Risk <= Daily File <= Daily Instr... by Edwin1471 Path Finder in Splunk Search 09-04-2022 0 4	0	4
How to convert time in another timezone? Hello everyone! I have time in such format 2022-09-02T18:44:15, this time in GMT+3, and I need to change convert this... by bosseres Contributor in Splunk Search 09-04-2022 0 3	0	3
How to output of search results of one index as inputs to another search using a different index? I search Netflow firewall denied traffic on port 53 using the netflow index. Based on the IPs found (source and DNS d... by Thuan Explorer in Splunk Search 09-04-2022 0 5	0	5
How to get extracted fields count per index? Hi,Trying to get the count of extracted fields per index. I am using the following search for this: index=*\|fieldsum... by harshal_chakran Builder in Splunk Search 09-03-2022 0 6	0	6
How to display/access parameters after grouping? For example I have getting splunk logs with 4 fields TimeEventtime 1service = "service1" \| operation = "sampleOpera... by KAKA New Member in Splunk Search 09-02-2022 0 1	0	1
How to find duration between multiple events for multiple occurrences? Hi all, I'm hoping that someone can help / point me in the right direction. I have two events which are being fed int... by MLL9 Explorer in Splunk Search 09-02-2022 0 5	0	5
How can I get just one avg count per day? (With time span = 3h I get 3 counts per day) Using the below query to get the daily avg user in during biz hours: index=pan_logs sourcetype=json_no_timestamp met... by imsidrai Explorer in Splunk Search 09-02-2022 0 4	0	4
How can I modify the search to show only the host_name and the sum total of the avg_kWh column? I have borrowed a search from an earlier question to help give kWh information on a given month. How can I modify the... by mallaht Loves-to-Learn in Splunk Search 09-02-2022 0 3	0	3
How to find changing serial numbers? Hello Splunk Enjoyers! I have problem Information about routers arrives every minute, so What I have: name_of_route... by splunk_enjoyer Explorer in Splunk Search 09-02-2022 0 6	0	6
How do I replace sourcetype? Finally we migrated away for Microsoft Azure Add-on for Splunk to Splunk Add-on for Microsoft Cloud Services. In Micr... by Kalnins Observer in Splunk Search 09-02-2022 0 1	0	1
How to search across all my data for any public IP addresses? Hello all, I've been hoping to play around with some of the iplocation functionality and see if I could leverage it ... by j4adam Communicator in Splunk Search 09-02-2022 0 3	0	3
How to customize x-axis and y-axis? I want to create a chart that show all the services being executed and the percentage of cpu used. I tried this after... by coolUsername Explorer in Splunk Search 09-02-2022 0 10	0	10
How to get the count based on sub_group? platfrom bkc_name domain testcase_id tnl abzke hef gh_1... by ramkyreddy Explorer in Splunk Search 09-01-2022 0 6	0	6
How to add new Lookup? I am working to leverage the below query for 'Stale Account Usage' from Splunk Security Essentials Docs, which uses l... by Sven1 Path Finder in Splunk Search 09-01-2022 0 2	0	2
Search for certain adjacent events in IIS log Greetings, I've been asked to provide log data for a specific form that has been accessed over a certain time period.... by seekay Engager in Splunk Search 09-01-2022 0 2	0	2
How to write rex to extract string? Hi, REX command rex mode=sed to remove quotation marks and numbers inside of them OUTPUT file "19214132.IKU" copied... by Edwin1471 Path Finder in Splunk Search 09-01-2022 0 2	0	2
How to calculate the difference between two dates? I have 2 dates first_found: 2022-08-23T21:08:54.808Z last_fixed:2022-08-30T12:56:58.860Z I am trying to calculate the... by marceldera Explorer in Splunk Search 09-01-2022 0 3	0	3
How to create a count down? Hello, I need to create a single value panel that displays a countdown from today's date until a target date, how ... by Anesthet1ze Explorer in Splunk Search 09-01-2022 0 4	0	4
Why am I getting the last Value column? Dear Splunk community: So i have the following SPL that has been running fine for the last week or so however, all of... by djoobbani Path Finder in Splunk Search 09-01-2022 0 2	0	2
Why is my auto lookup not working as intended? I have some searches that do not appear to be enhancing properly using the asset_lookup_by_str lookup table. In this ... by XOJ Path Finder in Splunk Search 09-01-2022 0 0	0	0
Will Limits.conf on an app level overwrite the default for all apps for just the one? Hi All If I apply a limits.conf for subsearch - maxout and searchresults - maxresultsrow for an app im deploying, wil... by ZubairBMW Engager in Splunk Search 09-01-2022 0 2	0	2
Help with Heartbeat check Good afternoon!I have six Heartbeat messages coming from the system. All messages from the chain are connected by one... by metylkinandrey Communicator in Splunk Search 09-01-2022 0 1	0	1
Which Condition Function for \| seach based on Token should I use? Case Scenario: Dashboard A is clicked, thus sending a token whose value is hostname ($hostnameToken$) to Dashboard B.... by time2200 Explorer in Splunk Search 09-01-2022 0 6	0	6
How to append a row and a column of averages? Hi, I have a search that uses the chart command to split by 2 fields, such that the results are shown below. The data... by dzyfer Path Finder in Splunk Search 09-01-2022 0 6	0	6
Using multiple time range on the same index to return different row values Hello all, I have a report that searches for differents time range like Year to now, Month to now, Last 5 days and l... by egonstep Path Finder in Splunk Search 08-31-2022 1 5	1	5