Splunk Search

Community Activity

Help with SEDCMD props.conf Hello. I am in problem. I have log like this. 1.example.log 2022/08/24 12:04:00,ExampreA,"xxx"xx"xxx"xxxx"xxx"xxxx... by hayashi_ayr728 Engager in Splunk Search 08-26-2022 0 1	0	1
Splunk Use Case- How can I compare two IP addresses when IP address is only available in one sourcetype? Hi All, I am trying to build a use case with the below scenarios: 1) Person A can do tasks X and Y but not task Z or,... by Splunk_Master01 Explorer in Splunk Search 08-26-2022 1 35	1	35
Why am I getting the wrong search results? i have this dropdown which produces correct results: <input type="dropdown" token="tUser" searchWhenChang... by pbnl Path Finder in Splunk Search 08-25-2022 0 8	0	8
How to show Error inputs gracefully How to display the error input or value errors in a pop up? I am trying to build a custom command and want to show er... by Saikat001 Explorer in Splunk Search 08-25-2022 0 1	0	1
How to check that a field value is unchanged in last two day or if possible two business days? I am checking for reboot required, if yes, since how long is the status unchanged from reboot required yes. Logic I a... by vgiri8 Path Finder in Splunk Search 08-25-2022 0 9	0	9
How to calculate the delta between two time intervals for sending messages? Good afternoon! We receive messages on splunk. The task is as follows: there is a time period between the first messa... by metylkinandrey Communicator in Splunk Search 08-25-2022 0 4	0	4
How to search for a string that begins with a square bracket ]? I have a field value like this that I want to exclude. [22m[2hinfo[3: host.console[0] The searches I can think of... by spadler Explorer in Splunk Search 08-25-2022 0 4	0	4
How do I add a string in the title of a e-mail? "user-info"index=user_interface_type sourcetype=* \| table _time, host, port, _raw \| sendemail to="abc@splunk.com" sen... by avneet26 Engager in Splunk Search 08-25-2022 0 3	0	3
Help with Dashboard with time span for with tstats I am trying to build a dashboard with time input, how can I use the time selected to pass to below query? \| tstats ... by deodeshm Explorer in Splunk Search 08-25-2022 0 3	0	3
Chart by Duration (D+HH:MM:SS) which is in string format? Hello, I used below to convert seconds into D+HH:MM:SS format which is now in string format. However, I want to creat... by deodeshm Explorer in Splunk Search 08-25-2022 0 3	0	3
How to show output for last week? I have spent days working on this, can someone help? how to populate previous week results? Also there are differen... by wanda619 Path Finder in Splunk Search 08-24-2022 0 7	0	7
How to build a table out of this log file? Hi, I have below log file, I would like to build a table out of it (Line1, Line2,Line3,Line4 are just for understandi... by SS1 Path Finder in Splunk Search 08-24-2022 0 1	0	1
How would I extract field/value pairs from these sample events (2 sample events given below)? Hello, How would I extract field/value pairs from these sample events (2 sample events given below)? I can use like ... by SplunkDash Motivator in Splunk Search 08-24-2022 0 4	0	4
How to make a table with columns getting results for different time ranges? Hi All,I want to write a search which gives me total event counts for each host as per the time range picker. Additio... by Taruchit Contributor in Splunk Search 08-24-2022 0 3	0	3
How to create timechart for event spikes by comparing to the previous 10 minute? Hi all! I'm trying to create a Timechart showing only the graph bars where the number of events is 2X the number of e... by ygzamx Engager in Splunk Search 08-24-2022 0 2	0	2
Comparing data located in two different indexes? Hello fellow Splunkers! So, I have a series of questions related to comparing data from two different indexes in Splu... by KayBeesKnees83 Path Finder in Splunk Search 08-24-2022 0 7	0	7
How to extract a value from a field? Dear allI have a search that returns the description of the windows event and I would like to extract the IP address ... by renanxavier Explorer in Splunk Search 08-24-2022 0 5	0	5
How to make multiple searches combine into a table? Disclaimer - Fairly New to SplunkI'm stuck on building a table for a dashboard.I would like to list a table of Comput... by Russ Explorer in Splunk Search 08-24-2022 0 4	0	4
How to extract a string in a variable I have a table in which one of the columns has logs like below 2022-08-21 23:00:00.877 Warning: PooledThread::run: N4... by avneet26 Engager in Splunk Search 08-24-2022 0 4	0	4
How to search how many emails are triggered to this DL in one year? Hi All i have an exchange onprem distribution list, lets say dl@mydomain.com i want to know how many emails are trigg... by risingflight143 Explorer in Splunk Search 08-23-2022 0 1	0	1
How to use dynamic colors and icons for Status Indicator in Trellis layout? Hi, how do I display my Status Indicator with dynamic colors and icons in a Trellis layout? \| eval status=case(statu... by dzyfer Path Finder in Splunk Search 08-23-2022 0 0	0	0
How to add a field from a subsearch to every event in a parent search? I'm wanting to do something like this: index=main sourcetype=access_combined [ search index=myidx sourcetype=oncall ... by jwalthour Communicator in Splunk Search 08-23-2022 0 8	0	8
How to use a lookup file to search for ip addresses in my logs? I have a lookup file called ipaddress.csv. The column title in the file is ipaddress. I want to search my logs for ... by jcaron9999a Explorer in Splunk Search 08-23-2022 0 2	0	2
How do I fix low disk space in Enterprise indexer? How do I fix low disk space in enterprise indexer. Please comment back on how to fix. by Fields29 New Member in Splunk Search 08-23-2022 0 1	0	1
How can i split this field into multiple columns? Filed name = pluginText<plugin_output>Information about this scan : Nessus version : 10.3.0 Nessus build : 20080 Plug... by marceldera Explorer in Splunk Search 08-23-2022 0 2	0	2