Splunk Search

Community Activity

How to calculate duration between two log entries? i have the following two entries TimeEvent8/16/221:46:22.592 PM2022/08/16 13:46:22.592154:P_GUI_SERV06 :pbaho3 : 98... by splunkhadi_480 Engager in Splunk Search 08-16-2022 0 2	0	2
How to sample first N minutes of span in timechart, with huge numbers of events? I would like to run a timechart query that ends with `\| timechart span=1h distinct_count(thing) by other_thing` The p... by rpecka Explorer in Splunk Search 08-16-2022 0 3	0	3
Security Essentials- How to export rule list? H, I want to take rules on security essentials as a list.I m try to search in app but I cant get rule list.There r ma... by cybersej Observer in Splunk Search 08-15-2022 0 3	0	3
How to write regex to represent only first part of value? I have a key:value for db names but need only the first part. Example CurrentDBNAME : db001_inst1:schemanamexyxOrDBNA... by mark_groenveld Path Finder in Splunk Search 08-15-2022 0 4	0	4
Why does Splunk module python script get an SSL error? how to access splunk using python script when i run this code i get an error import splunklib.client as client servic... by rockzers Path Finder in Splunk Search 08-15-2022 0 1	0	1
How to merge two SPL to get common output? We have output of 2 queries in terms of disk usage. One is from DELL and one is rom Huawei index. Dell Query: \|`clus... by amey2407 Splunk Employee in Splunk Search 08-15-2022 0 4	0	4
How to filter index from inputlook and avoid 10k subsearch limit? Creating a dashboard that allows you to select a region which will then retrieve data for only customers in that regi... by mtruji Engager in Splunk Search 08-15-2022 0 2	0	2
Summary Index - hostname appended on summary events We're summary indexing events from one index into another. The original index contains JSON events e.g.{"field1": "v... by stepheneardley Path Finder in Splunk Search 08-15-2022 0 1	0	1
How to get the json results of my custom script in Splunk? i created a custom python api script and it works fine and i want to import in splunk so i put my script. "C:\\Progra... by rockzers Path Finder in Splunk Search 08-15-2022 0 3	0	3
REX - Extracting multiple fields- What's the rex syntax to return microService AND warningMessage? I have raw message of the form... 2022-08-15T10:41:54.266337+00:00 microService 9bc7520a-4f8d-4edc-a4cd-b08c0fae8992[... by Mick_OBrien Path Finder in Splunk Search 08-15-2022 0 4	0	4
How to fix this error: Rawdata journal is missing in the bucket clush -w splunk-idx1 /data/splunk/ We are getting the error below for all indexes, but there is no detail in all search. Rawdata journal is missing in t... by mehmetarpa Observer in Splunk Search 08-14-2022 0 0	0	0
How to send Windows log to Splunk? new splunk useri installed my splunk on my windows machine and i want to receive logs and how to find a logon event?i... by rockzers Path Finder in Splunk Search 08-14-2022 0 9	0	9
How to join two search using condition if ,case, or where? Hi there, I am new to splunk and struggling to join two searches based on conditions .eg. left join with field 1 fr... by Cs80 Loves-to-Learn Lots in Splunk Search 08-13-2022 0 4	0	4
Why are similar rows not grouping together? For some reason there are entries that are not grouped together, but obviously look like they should be. In the follo... by scaparelli Explorer in Splunk Search 08-13-2022 1 2	1	2
How to write a Field Extraction using PROPS Configuration File for Nested JSON Events? Hello, I have done field extraction for the nested JSON event using props.conf file. Everything is working as expect... by SplunkDash Motivator in Splunk Search 08-12-2022 0 3	0	3
How to sum up multiple fields without using foreach? I am using the below search query which contains multiple fields. All the fields (DATA_MB, INDEX_MB, DB2_INDEX_MB, et... by akarivaratharaj Communicator in Splunk Search 08-12-2022 0 14	0	14
How to create a query as below, but I would like to get the latest data for a field within span? Latest data within a time span. I have a query as below, but I would like to get the latest data for a field within s... by vgiri8 Path Finder in Splunk Search 08-12-2022 0 14	0	14
How to create new field? how can solve this ::: (Create a new field called "StartTime" and set the value to seven days ago from today, snapped... by mananzeh New Member in Splunk Search 08-12-2022 0 2	0	2
How to delete logs at the web interface with out using \| delete? Hello, i need to de delete some old logs on my cloud instance because i run out of space is there any way to rem... by NicolásMilans Explorer in Splunk Search 08-12-2022 0 4	0	4
How do I remove Fields "values"? I am new to splunk and still wokring out the kinks however im wondering as to why i have the iplocation of clients an... by HarperWCurran Engager in Splunk Search 08-12-2022 0 2	0	2
which overrides first either time modifier or time range picker? I have created Splunk query with time modifiers "earliest" and "latest" ( for eg. earliest="15/01/2022 8 am" latest="... by jmohan1984 New Member in Splunk Search 08-12-2022 0 1	0	1
What is the average of occurrence of string in the log files? Hi, I have a log file in which I have two things functionality and different repositories which use this functionalit... by tankhanandita Explorer in Splunk Search 08-12-2022 0 2	0	2
How to extract field name containing as table? Hello All, I have data like below. How do I extract the field names like prefix:field1, prefix:field2, prefix:field3... by msg4sunil Path Finder in Splunk Search 08-11-2022 0 9	0	9
How do I extract only endpoints and ignore the ID of API endpoints? Hi, I have a bunch of failure events of different api endpoints. The field is called RequestPath and some examples ar... by labaningombam Explorer in Splunk Search 08-11-2022 0 7	0	7
How to remove Duplicate values in different field? How to remove duplicate values in a different field \|stats count by src dest by alexspunkshell Contributor in Splunk Search 08-11-2022 0 5	0	5