Splunk Search

Community Activity

	How to use span with stats? My query below does the following: Ignores time_taken values which are negativeFor each event, extracts the hour, mi... by jpanderson Path Finder in Splunk Search 09-05-2022 0 6	0	6
	Left Join: How to display missing data in a table using Join? Hi There, I have a requirement where i have an index with two different sources. index=a sourcetype=a1 index=a source... by asveturi Path Finder in Splunk Search 09-05-2022 0 9	0	9
	How to extract a field from raw json? Hi Team, From the below raw JSON string in Splunk, I am trying to display only correlationId column in a table, can s... by asveturi Path Finder in Splunk Search 09-05-2022 0 9	0	9
	What is the relation between the Splunk inner/left join and the ones in relational databases? What's the relation between the Splunk inner/left joins and the ones in relational databases, functionality and termi... by ddrillic Ultra Champion in Splunk Search 09-05-2022 0 4	0	4
	Filter a search result with lookup values- What command is most appropriate for this? Hi, I have a search query where a field is named "user_email".I also have a lookup table where I have a list of email... by iammax Explorer in Splunk Search 09-05-2022 0 2	0	2
	How do I list the events if there are more than 1 item in array? how do i list the events that in an array has more than 1 item? 1) a:[ {"data1":"abc"},{"data1":"def"}] 2) a:[ {"data... by graziaedu Explorer in Splunk Search 09-05-2022 0 2	0	2
	How to create a table based on two queries? I have two queries I am trying to join the results together. The first query has the organization details and the sec... by sandybar New Member in Splunk Search 09-05-2022 0 0	0	0
	How to search to get value from the last event? Hello folks,I have Logger lines as below:job MONITOR-DESYNC-3-20I-ERNC: { "chain":"PR1", "nbProperties":1345, "proper... by Sanjana Explorer in Splunk Search 09-05-2022 0 3	0	3
	Overlaying data from multiple devices, or being able to select which device to view? Further to my previous post here, which was generously solved by ITWhisperer:Solved: Help with search to use for dash... by neilmac64 Path Finder in Splunk Search 09-05-2022 0 1	0	1
	How to list out saved searches which are used index=* instated of using index fully qualified name? Hi all,we have hundreds of saved searches,but the problem is while creating savedsearches they were used index= * ins... by john_q Explorer in Splunk Search 09-05-2022 0 6	0	6
	How to search for the time difference between last event and now? I have installedAt field which gives the application's installation time. If I run a Splunk search for the last 7 day... by alexspunkshell Contributor in Splunk Search 09-05-2022 0 9	0	9
	Help with search to use for dashboard - link key-value pairs Hi Folks - I would appreciate some help to create a dashboard. I want a simple line chart that shows how a value chan... by neilmac64 Path Finder in Splunk Search 09-05-2022 0 5	0	5
	Why is the search with NOT take less time compared to search using IN? Hello Everyone, I have two queries to exclude events one using NOT and other one using IN, both the queries returnin... by Wonder_women Loves-to-Learn in Splunk Search 09-05-2022 0 3	0	3
	How to create a dashboard with event ID below to application usecube ? Hi, i would to create a dashboard with event ID below to application usecube 4720 A user account was created. 472... by cedric57 New Member in Splunk Search 09-05-2022 0 0	0	0
	Can I write this search with stats instead of left join? Hi All, I have a join query that works perfectly fine for my use case, but I was trying to see if I can write this us... by vjzone Path Finder in Splunk Search 09-05-2022 0 2	0	2
	Help with Searching Events with different OS platform table fields Hello, I have recently starting learning about Splunk and been stuck while attempting to make the search display for ... by SplunkNewbie132 New Member in Splunk Search 09-04-2022 0 2	0	2
	How to run an index to generate events through an input lookup table? Hi all, I wish to generate login times for a list of users which are specified in a lookup table titled user_list.csv... by charlottecl Engager in Splunk Search 09-04-2022 0 2	0	2
	How to compare events with "milestone" lookup? I have a really simple task but haven't figured out how. This is a simple table of milestonesmilestone1milestone2mil... by yuanliu SplunkTrust in Splunk Search 09-04-2022 0 3	0	3
	Splunk search based on lookup time? Below query, I have used and it is saving in output lookup format. Lookupname - S1_installedtime Query - index=sent... by alexspunkshell Contributor in Splunk Search 09-04-2022 0 2	0	2
	How to delete row values if condition is not met in a table? Hi all, I need to write a query that checks whether (Daily AH <= Daily Po <= Daily Risk <= Daily File <= Daily Instr... by Edwin1471 Path Finder in Splunk Search 09-04-2022 0 4	0	4
	How to convert time in another timezone? Hello everyone! I have time in such format 2022-09-02T18:44:15, this time in GMT+3, and I need to change convert this... by bosseres Contributor in Splunk Search 09-04-2022 0 3	0	3
	How to output of search results of one index as inputs to another search using a different index? I search Netflow firewall denied traffic on port 53 using the netflow index. Based on the IPs found (source and DNS d... by Thuan Explorer in Splunk Search 09-04-2022 0 5	0	5
	How to get extracted fields count per index? Hi,Trying to get the count of extracted fields per index. I am using the following search for this: index=*\|fieldsum... by harshal_chakran Builder in Splunk Search 09-03-2022 0 6	0	6
	How to display/access parameters after grouping? For example I have getting splunk logs with 4 fields TimeEventtime 1service = "service1" \| operation = "sampleOpera... by KAKA New Member in Splunk Search 09-02-2022 0 1	0	1
	How to find duration between multiple events for multiple occurrences? Hi all, I'm hoping that someone can help / point me in the right direction. I have two events which are being fed int... by MLL9 Explorer in Splunk Search 09-02-2022 0 5	0	5