Splunk Search

Community Activity

	How to add row to chart from lookup file? Hi Splunk community, I want to chart the data retrieved from index, filter the app_name field to match with ones in t... by boxmetal Path Finder in Splunk Search 09-06-2022 0 5	0	5
	Storing data in Splunk Good afternoon! I want to know how splunk stores data. I can't find detailed information.Can I connect a DBMS to splu... by metylkinandrey Communicator in Splunk Search 09-06-2022 0 7	0	7
	How do I move all values from column one row up? Hello everyone, Can not find how I may move all values from a column(Total), one row up, in a table This is my curr... by nmsaraujo Explorer in Splunk Search 09-06-2022 0 4	0	4
	Is there any way to optimize this query to increase performance? We are trying to create a query to get list of fields in all sourcetypes grouped by sourcetype and index. We tried t... by shafee_anwar New Member in Splunk Search 09-05-2022 0 0	0	0
	Windows account lockout and enable- Why is my search returning 0 results? Hi I want to create a splunk use case like a after getting 3 times failure the account again got enable.. I was wor... by debjit_k Path Finder in Splunk Search 09-05-2022 0 9	0	9
	How to use span with stats? My query below does the following: Ignores time_taken values which are negativeFor each event, extracts the hour, mi... by jpanderson Path Finder in Splunk Search 09-05-2022 0 6	0	6
	Left Join: How to display missing data in a table using Join? Hi There, I have a requirement where i have an index with two different sources. index=a sourcetype=a1 index=a source... by asveturi Path Finder in Splunk Search 09-05-2022 0 9	0	9
	How to extract a field from raw json? Hi Team, From the below raw JSON string in Splunk, I am trying to display only correlationId column in a table, can s... by asveturi Path Finder in Splunk Search 09-05-2022 0 9	0	9
	What is the relation between the Splunk inner/left join and the ones in relational databases? What's the relation between the Splunk inner/left joins and the ones in relational databases, functionality and termi... by ddrillic Ultra Champion in Splunk Search 09-05-2022 0 4	0	4
	Filter a search result with lookup values- What command is most appropriate for this? Hi, I have a search query where a field is named "user_email".I also have a lookup table where I have a list of email... by iammax Explorer in Splunk Search 09-05-2022 0 2	0	2
	How do I list the events if there are more than 1 item in array? how do i list the events that in an array has more than 1 item? 1) a:[ {"data1":"abc"},{"data1":"def"}] 2) a:[ {"data... by graziaedu Explorer in Splunk Search 09-05-2022 0 2	0	2
	How to create a table based on two queries? I have two queries I am trying to join the results together. The first query has the organization details and the sec... by sandybar New Member in Splunk Search 09-05-2022 0 0	0	0
	How to search to get value from the last event? Hello folks,I have Logger lines as below:job MONITOR-DESYNC-3-20I-ERNC: { "chain":"PR1", "nbProperties":1345, "proper... by Sanjana Explorer in Splunk Search 09-05-2022 0 3	0	3
	Overlaying data from multiple devices, or being able to select which device to view? Further to my previous post here, which was generously solved by ITWhisperer:Solved: Help with search to use for dash... by neilmac64 Path Finder in Splunk Search 09-05-2022 0 1	0	1
	How to list out saved searches which are used index=* instated of using index fully qualified name? Hi all,we have hundreds of saved searches,but the problem is while creating savedsearches they were used index= * ins... by john_q Explorer in Splunk Search 09-05-2022 0 6	0	6
	How to search for the time difference between last event and now? I have installedAt field which gives the application's installation time. If I run a Splunk search for the last 7 day... by alexspunkshell Contributor in Splunk Search 09-05-2022 0 9	0	9
	Help with search to use for dashboard - link key-value pairs Hi Folks - I would appreciate some help to create a dashboard. I want a simple line chart that shows how a value chan... by neilmac64 Path Finder in Splunk Search 09-05-2022 0 5	0	5
	Why is the search with NOT take less time compared to search using IN? Hello Everyone, I have two queries to exclude events one using NOT and other one using IN, both the queries returnin... by Wonder_women Loves-to-Learn in Splunk Search 09-05-2022 0 3	0	3
	How to create a dashboard with event ID below to application usecube ? Hi, i would to create a dashboard with event ID below to application usecube 4720 A user account was created. 472... by cedric57 New Member in Splunk Search 09-05-2022 0 0	0	0
	Can I write this search with stats instead of left join? Hi All, I have a join query that works perfectly fine for my use case, but I was trying to see if I can write this us... by vjzone Path Finder in Splunk Search 09-05-2022 0 2	0	2
	Help with Searching Events with different OS platform table fields Hello, I have recently starting learning about Splunk and been stuck while attempting to make the search display for ... by SplunkNewbie132 New Member in Splunk Search 09-04-2022 0 2	0	2
	How to run an index to generate events through an input lookup table? Hi all, I wish to generate login times for a list of users which are specified in a lookup table titled user_list.csv... by charlottecl Engager in Splunk Search 09-04-2022 0 2	0	2
	How to compare events with "milestone" lookup? I have a really simple task but haven't figured out how. This is a simple table of milestonesmilestone1milestone2mil... by yuanliu SplunkTrust in Splunk Search 09-04-2022 0 3	0	3
	Splunk search based on lookup time? Below query, I have used and it is saving in output lookup format. Lookupname - S1_installedtime Query - index=sent... by alexspunkshell Contributor in Splunk Search 09-04-2022 0 2	0	2
	How to delete row values if condition is not met in a table? Hi all, I need to write a query that checks whether (Daily AH <= Daily Po <= Daily Risk <= Daily File <= Daily Instr... by Edwin1471 Path Finder in Splunk Search 09-04-2022 0 4	0	4