Splunk Search

Community Activity

How to extract cancelled transactions from logs? I'm looking at events and I'm trying to determine which files are not "deleted" from the folder on a server after fi... by syed Observer in Splunk Search 08-28-2022 0 6	0	6
How to normalize MAC address format? We have different log sources that may format the MAC address as: af:af:af:af:af:af af-af-af-af-af-af af.af.a... by jeff Contributor in Splunk Search 08-28-2022 0 9	0	9
How to create a new field based on existing fields? Hi, how can I combine two fields (2.1 and 2.2) into one field (Main calculation) I have a table : I would like to... by Edwin1471 Path Finder in Splunk Search 08-28-2022 0 3	0	3
How to transform a table? Hi, How can I transform a table, so that the result would look something like this by Edwin1471 Path Finder in Splunk Search 08-27-2022 0 4	0	4
Unable to render the dropdown value in the search for the 1st time? I have a dashboard that gets its base query from a dropdown option and that to run that base query takes the values f... by MT New Member in Splunk Search 08-27-2022 0 1	0	1
How to sort contiguous _time into discreet sets? I'm trying to collapse a of data into earliest/lastest by _time, with the time is contiguous. Such as: 2022-08-27 07... by timgren Path Finder in Splunk Search 08-27-2022 0 2	0	2
How do I get two fileds "ip numbers" in an timechart? Hi all,How do I get two fileds "ip numbers" in an timechart?I tried the aggregate fileds, but show up wrong in my vis... by janroc Explorer in Splunk Search 08-27-2022 0 7	0	7
How to merge two searches without losing main search data? Hi, I am having some troubles to merge two searches and I am looking for the best way to do this. We have firewall tr... by jeremyrenard Explorer in Splunk Search 08-27-2022 0 5	0	5
Configuration Files in Default and Local App folders: How to create three sourcetypes? Hello, I have one data source and getting feed through the inputs.conf file located under default folder and it is cu... by SplunkDash Motivator in Splunk Search 08-27-2022 0 4	0	4
charting.fieldColors option doesn't seem to work when fields have a colon in the name? Hi, I have a graph which is produced by this timechart command: timechart max(duration) as TPS_MAX, sum(par_new_du... by johnraftery Communicator in Splunk Search 08-26-2022 0 5	0	5
How to save memory and ignore table row where column value is less than x? I may use a search similar to this: index=mock_index source=mock_source\| eval event = _raw\| stats count as frequency ... by firstname Explorer in Splunk Search 08-26-2022 0 3	0	3
How to search for an event that doesn't have a response after 30 minutes? I have two separate logs ( Request.log, and Response.log ). Events from App1 will be recorded in Request.log. Event... by ramana4u Explorer in Splunk Search 08-26-2022 0 5	0	5
Help with SEDCMD props.conf Hello. I am in problem. I have log like this. 1.example.log 2022/08/24 12:04:00,ExampreA,"xxx"xx"xxx"xxxx"xxx"xxxx... by hayashi_ayr728 Engager in Splunk Search 08-26-2022 0 1	0	1
Splunk Use Case- How can I compare two IP addresses when IP address is only available in one sourcetype? Hi All, I am trying to build a use case with the below scenarios: 1) Person A can do tasks X and Y but not task Z or,... by Splunk_Master01 Explorer in Splunk Search 08-26-2022 1 35	1	35
Why am I getting the wrong search results? i have this dropdown which produces correct results: <input type="dropdown" token="tUser" searchWhenChang... by pbnl Path Finder in Splunk Search 08-25-2022 0 8	0	8
How to show Error inputs gracefully How to display the error input or value errors in a pop up? I am trying to build a custom command and want to show er... by Saikat001 Explorer in Splunk Search 08-25-2022 0 1	0	1
How to check that a field value is unchanged in last two day or if possible two business days? I am checking for reboot required, if yes, since how long is the status unchanged from reboot required yes. Logic I a... by vgiri8 Path Finder in Splunk Search 08-25-2022 0 9	0	9
How to calculate the delta between two time intervals for sending messages? Good afternoon! We receive messages on splunk. The task is as follows: there is a time period between the first messa... by metylkinandrey Communicator in Splunk Search 08-25-2022 0 4	0	4
How to search for a string that begins with a square bracket ]? I have a field value like this that I want to exclude. [22m[2hinfo[3: host.console[0] The searches I can think of... by spadler Explorer in Splunk Search 08-25-2022 0 4	0	4
How do I add a string in the title of a e-mail? "user-info"index=user_interface_type sourcetype=* \| table _time, host, port, _raw \| sendemail to="abc@splunk.com" sen... by avneet26 Engager in Splunk Search 08-25-2022 0 3	0	3
Help with Dashboard with time span for with tstats I am trying to build a dashboard with time input, how can I use the time selected to pass to below query? \| tstats ... by deodeshm Explorer in Splunk Search 08-25-2022 0 3	0	3
Chart by Duration (D+HH:MM:SS) which is in string format? Hello, I used below to convert seconds into D+HH:MM:SS format which is now in string format. However, I want to creat... by deodeshm Explorer in Splunk Search 08-25-2022 0 3	0	3
How to show output for last week? I have spent days working on this, can someone help? how to populate previous week results? Also there are differen... by wanda619 Path Finder in Splunk Search 08-24-2022 0 7	0	7
How to build a table out of this log file? Hi, I have below log file, I would like to build a table out of it (Line1, Line2,Line3,Line4 are just for understandi... by SS1 Path Finder in Splunk Search 08-24-2022 0 1	0	1
How would I extract field/value pairs from these sample events (2 sample events given below)? Hello, How would I extract field/value pairs from these sample events (2 sample events given below)? I can use like ... by SplunkDash Motivator in Splunk Search 08-24-2022 0 4	0	4