Splunk Search

Community Activity

	How to create a table based on two queries? I have two queries I am trying to join the results together. The first query has the organization details and the sec... by sandybar New Member in Splunk Search 09-05-2022 0 0	0	0
	How to search to get value from the last event? Hello folks,I have Logger lines as below:job MONITOR-DESYNC-3-20I-ERNC: { "chain":"PR1", "nbProperties":1345, "proper... by Sanjana Explorer in Splunk Search 09-05-2022 0 3	0	3
	Overlaying data from multiple devices, or being able to select which device to view? Further to my previous post here, which was generously solved by ITWhisperer:Solved: Help with search to use for dash... by neilmac64 Path Finder in Splunk Search 09-05-2022 0 1	0	1
	How to list out saved searches which are used index=* instated of using index fully qualified name? Hi all,we have hundreds of saved searches,but the problem is while creating savedsearches they were used index= * ins... by john_q Explorer in Splunk Search 09-05-2022 0 6	0	6
	How to search for the time difference between last event and now? I have installedAt field which gives the application's installation time. If I run a Splunk search for the last 7 day... by alexspunkshell Contributor in Splunk Search 09-05-2022 0 9	0	9
	Help with search to use for dashboard - link key-value pairs Hi Folks - I would appreciate some help to create a dashboard. I want a simple line chart that shows how a value chan... by neilmac64 Path Finder in Splunk Search 09-05-2022 0 5	0	5
	Why is the search with NOT take less time compared to search using IN? Hello Everyone, I have two queries to exclude events one using NOT and other one using IN, both the queries returnin... by Wonder_women Loves-to-Learn in Splunk Search 09-05-2022 0 3	0	3
	How to create a dashboard with event ID below to application usecube ? Hi, i would to create a dashboard with event ID below to application usecube 4720 A user account was created. 472... by cedric57 New Member in Splunk Search 09-05-2022 0 0	0	0
	Can I write this search with stats instead of left join? Hi All, I have a join query that works perfectly fine for my use case, but I was trying to see if I can write this us... by vjzone Path Finder in Splunk Search 09-05-2022 0 2	0	2
	Help with Searching Events with different OS platform table fields Hello, I have recently starting learning about Splunk and been stuck while attempting to make the search display for ... by SplunkNewbie132 New Member in Splunk Search 09-04-2022 0 2	0	2
	How to run an index to generate events through an input lookup table? Hi all, I wish to generate login times for a list of users which are specified in a lookup table titled user_list.csv... by charlottecl Engager in Splunk Search 09-04-2022 0 2	0	2
	How to compare events with "milestone" lookup? I have a really simple task but haven't figured out how. This is a simple table of milestonesmilestone1milestone2mil... by yuanliu SplunkTrust in Splunk Search 09-04-2022 0 3	0	3
	Splunk search based on lookup time? Below query, I have used and it is saving in output lookup format. Lookupname - S1_installedtime Query - index=sent... by alexspunkshell Contributor in Splunk Search 09-04-2022 0 2	0	2
	How to delete row values if condition is not met in a table? Hi all, I need to write a query that checks whether (Daily AH <= Daily Po <= Daily Risk <= Daily File <= Daily Instr... by Edwin1471 Path Finder in Splunk Search 09-04-2022 0 4	0	4
	How to convert time in another timezone? Hello everyone! I have time in such format 2022-09-02T18:44:15, this time in GMT+3, and I need to change convert this... by bosseres Contributor in Splunk Search 09-04-2022 0 3	0	3
	How to output of search results of one index as inputs to another search using a different index? I search Netflow firewall denied traffic on port 53 using the netflow index. Based on the IPs found (source and DNS d... by Thuan Explorer in Splunk Search 09-04-2022 0 5	0	5
	How to get extracted fields count per index? Hi,Trying to get the count of extracted fields per index. I am using the following search for this: index=*\|fieldsum... by harshal_chakran Builder in Splunk Search 09-03-2022 0 6	0	6
	How to display/access parameters after grouping? For example I have getting splunk logs with 4 fields TimeEventtime 1service = "service1" \| operation = "sampleOpera... by KAKA New Member in Splunk Search 09-02-2022 0 1	0	1
	How to find duration between multiple events for multiple occurrences? Hi all, I'm hoping that someone can help / point me in the right direction. I have two events which are being fed int... by MLL9 Explorer in Splunk Search 09-02-2022 0 5	0	5
	How can I get just one avg count per day? (With time span = 3h I get 3 counts per day) Using the below query to get the daily avg user in during biz hours: index=pan_logs sourcetype=json_no_timestamp met... by imsidrai Explorer in Splunk Search 09-02-2022 0 4	0	4
	How can I modify the search to show only the host_name and the sum total of the avg_kWh column? I have borrowed a search from an earlier question to help give kWh information on a given month. How can I modify the... by mallaht Loves-to-Learn in Splunk Search 09-02-2022 0 3	0	3
	How to find changing serial numbers? Hello Splunk Enjoyers! I have problem Information about routers arrives every minute, so What I have: name_of_route... by splunk_enjoyer Explorer in Splunk Search 09-02-2022 0 6	0	6
	How do I replace sourcetype? Finally we migrated away for Microsoft Azure Add-on for Splunk to Splunk Add-on for Microsoft Cloud Services. In Micr... by Kalnins Observer in Splunk Search 09-02-2022 0 1	0	1
	How to search across all my data for any public IP addresses? Hello all, I've been hoping to play around with some of the iplocation functionality and see if I could leverage it ... by j4adam Communicator in Splunk Search 09-02-2022 0 3	0	3
	How to customize x-axis and y-axis? I want to create a chart that show all the services being executed and the percentage of cpu used. I tried this after... by coolUsername Explorer in Splunk Search 09-02-2022 0 10	0	10