Splunk Search

Community Activity

How to exclude NULL lines in query for table results? Hello Team, Trying to exclude NULL fields from results to avoid gaps in table. Currently using this query:<my base... by karlpena Loves-to-Learn in Splunk Search 08-11-2022 0 1	0	1
How to extract the timestamp from a filename at index-time to use as _time? I have searched answers high & low to try and extract the timestamp from my filename at index-time, but I'm still una... by ahartge Path Finder in Splunk Search 08-11-2022 2 18	2	18
Why is sendalert not working with makeresults? Hello! I am trying to use makeresults + eval inside a sendalert parameters, but it doesn't return what i need. Follow... by uchoavaz Explorer in Splunk Search 08-11-2022 0 1	0	1
How to return value from specific key within an object? Dear Community, I am new to Splunk so apologies for the newbie question: Basic Problem I have a field which holds an ... by bmohammadi Explorer in Splunk Search 08-11-2022 0 2	0	2
How to configure splunk HF to route the events which does not include a keyword? Hello Community,We have 2 target groups to route events.(2 indexers, one is ours and other 3rd party)i want to config... by SK_ New Member in Splunk Search 08-11-2022 0 0	0	0
How to compare column from two searches and find the difference between them and print all rows? Hi Thanks for your time. Im using splunk to parse the log. I have two search. the columns i got from A is as below... by hakusama1024 New Member in Splunk Search 08-11-2022 0 7	0	7
How to import mulitple host csv file to fetch data in splunk? I am trying to download vulnerability report for a 1000 hosts. Instead of providing them in the splunk query. I thoug... by shariz New Member in Splunk Search 08-11-2022 0 1	0	1
How to view dashboard subsearches using HiddenSearch? Hi, I am creating a custom view dashboard. In that I'm trying to utilize the same search to extract a single value an... by pravusnex Explorer in Splunk Search 08-11-2022 1 9	1	9
Search for Universal Forwarder getting dropped by the firewall? Hi Splunkers, I am trying to do a search that gives me a list of forwarders that cannot contact the Deployment serv... by max_ruas Explorer in Splunk Search 08-10-2022 0 3	0	3
Is there a way to rename subfields based on a condition? Is there a way to rename subfields based on a condition? Some of our applications log into fields, say message.messag... by OliverG91 Explorer in Splunk Search 08-10-2022 0 2	0	2
Can I make a drill down report on one page? I have 2 searches from two individual log files with Txid in common (could be outerjoin): The first search I get the ... by rilee Explorer in Splunk Search 08-10-2022 0 7	0	7
How do I create a search, excluding a list of CIDR ranges? So I'm trying to create a metrics search using the following query: index="test" identities="ident_*" src=10.11.40.... by Skeer-Jamf Path Finder in Splunk Search 08-10-2022 0 6	0	6
How to do data extraction? I'm having trouble extracting some dates from a date field. Certain assets were provided with a generic date, and I c... by mistydennis Communicator in Splunk Search 08-10-2022 0 1	0	1
What are we doing wrong in our Splunk API request for inputlookup? Hi Everyone, we have another internal team that is trying to use the API to return some data we built for them. Unfor... by jnichols914 Explorer in Splunk Search 08-10-2022 0 3	0	3
When SQL set data is sent to Splunk via sql scripts, do you use sql syntax or do you utilize Splunk query linguistics? This is just a question for my learning. When SQL set data is sent to Splunk via sql scripts, do you use sql syntax ... by reneedeleon Engager in Splunk Search 08-10-2022 0 2	0	2
Why is my join not working? Basically my query should search an index for an ip in the last 4 hours and return 1 event.Then it should left join o... by leftinnerouter Explorer in Splunk Search 08-10-2022 0 6	0	6
How to get Mstats sum by time? Hi Team, I'm new to Splunk and will need some help in getting this query total sum by timestamp as we are not explici... by pancham Explorer in Splunk Search 08-10-2022 0 1	0	1
Possible to show all values from same field name with different values from one Event? Hi, I'm trying to make my query show all the different values from one field (Product) that it is showing in the Even... by FGAnders Explorer in Splunk Search 08-10-2022 0 4	0	4
What is the best way to filter results for two queries with big data sets? Hello, trying to create visualization that will show results from KV_Store used as filter and then query index. Basic... by jbanAtSplunk Communicator in Splunk Search 08-10-2022 0 2	0	2
Why are events duplicating when running \| collect command using output_format=hec? HI I am facing issue when running collect command event are double in new index test \| collect index=test_1 outpu... by Pavankumar Loves-to-Learn Lots in Splunk Search 08-10-2022 0 0	0	0
How to filter on 'count' without losing original results? I am trying to build an Alert which will trigger whenever one of our AWS-hosted Active Directory domains get replacem... by ttovarzoll Path Finder in Splunk Search 08-09-2022 0 7	0	7
How to remove duplicates from the table? Hi community,I have table like below -ClientError_codeError Resultsabc10032abc10033abc10131abc10273abc10275abc10132ab... by wanda619 Path Finder in Splunk Search 08-09-2022 0 6	0	6
Can a lookup be recreated and use the existing lookup definition? The scenario is, A lookup csv has become unreadable. A lookup definition exists for it. The lookup was deleted and r... by leftinnerouter Explorer in Splunk Search 08-09-2022 0 1	0	1
Does Rex in splunk support variable in regular expression? Does Rex in splunk support variable in regular expression ? For example, user could input a text from UI, usually I... by Tao_Zeng Explorer in Splunk Search 08-09-2022 0 5	0	5
How to remove duplicates? Client Error Error Results Error ResultsPrevious week Percent of Total PercentDifference abc 1003 2 0 12.5 ... by wanda619 Path Finder in Splunk Search 08-09-2022 0 2	0	2