Splunk Search

Community Activity

	Why are events duplicating when running \| collect command using output_format=hec? HI I am facing issue when running collect command event are double in new index test \| collect index=test_1 outpu... by Pavankumar Loves-to-Learn Lots in Splunk Search 08-10-2022 0 0	0	0
	How to filter on 'count' without losing original results? I am trying to build an Alert which will trigger whenever one of our AWS-hosted Active Directory domains get replacem... by ttovarzoll Path Finder in Splunk Search 08-09-2022 0 7	0	7
	How to remove duplicates from the table? Hi community,I have table like below -ClientError_codeError Resultsabc10032abc10033abc10131abc10273abc10275abc10132ab... by wanda619 Path Finder in Splunk Search 08-09-2022 0 6	0	6
	Can a lookup be recreated and use the existing lookup definition? The scenario is, A lookup csv has become unreadable. A lookup definition exists for it. The lookup was deleted and r... by leftinnerouter Explorer in Splunk Search 08-09-2022 0 1	0	1
	Does Rex in splunk support variable in regular expression? Does Rex in splunk support variable in regular expression ? For example, user could input a text from UI, usually I... by Tao_Zeng Explorer in Splunk Search 08-09-2022 0 5	0	5
	How to remove duplicates? Client Error Error Results Error ResultsPrevious week Percent of Total PercentDifference abc 1003 2 0 12.5 ... by wanda619 Path Finder in Splunk Search 08-09-2022 0 2	0	2
	How to pull latest values for every 4 hours time interval? Hello, I'm trying to pull the latest values for every 4 hours in a day ie., latest values between the time00:00:00 t... by bnikhil0584 Explorer in Splunk Search 08-09-2022 0 3	0	3
	How to do a multi line field extraction? I want to extract package line as individual results,tried rex "Linux\ssystem\s\:\s+(?<packages>.+)", but that is jus... by satyaallaparthi Communicator in Splunk Search 08-09-2022 0 7	0	7
	How do I show in table, when a field is greater than 1, to exclude it? Hi guys, I have a query that works and gives me table such as below. What I wanted to do was when count of values i... by aikn061 Explorer in Splunk Search 08-09-2022 0 1	0	1
	How to achieve complex filtering on MVFields? I am attempting to build a search that pulls back all logs that have a value in a multi-value field but do not have o... by ett Engager in Splunk Search 08-09-2022 0 2	0	2
	How do I merge two rows coming from different macros? Hi All,I am appending two macros to generate the following result set using append command. The 1st row comes from o... by neerajs_81 Builder in Splunk Search 08-09-2022 0 5	0	5
	How to dynamically pass as parameters all host matching a specific query: index=* host=myserver? Hi all,I have just downloaded the app "SSL Certificate lookup" from splunk base and it's working fine. with following... by Julien22 Explorer in Splunk Search 08-09-2022 0 6	0	6
	Extract a field from a field in splunk? I have a field names "code_value" which has the values as follows code_value ABC-123 JHLIK ABC-456 LKJF ABC-781 klkl... by pavanae Builder in Splunk Search 08-09-2022 0 2	0	2
	How to extract string after particular word? Hi, I have a line in the event like "/v1/locations/7b-cec6-4820-b699-ec" I need to extract 7b-cec6-4820-b699-ec, or... by labaningombam Explorer in Splunk Search 08-09-2022 0 2	0	2
	Is it possible to merge searches with same index but different host names? Hello, I have two searches with same index but different host names. Is it possible to have the results of both the s... by arshiarshi Explorer in Splunk Search 08-09-2022 0 11	0	11
	How would I calculate time difference between different events of a table? Hi All, i am using 2 searches combined via an append to get me data in the following format. Each row is a distinct ... by neerajs_81 Builder in Splunk Search 08-09-2022 0 8	0	8
	Maximun disk usage quota- Why are alerts not sending? Hello, I have a Splunk Cloud deployment and the alerts are not firing. I have searched for information and using the ... by bolopez Explorer in Splunk Search 08-09-2022 0 2	0	2
	How to club data from an index and a file to club? I am trying to club data from one source type with a search input from a formatted CSV file, however I can send only ... by srikanth_gurram New Member in Splunk Search 08-09-2022 0 3	0	3
	Problem with quota for splunk-system-user- Why does size of dispatch folder not correspond to searches in Jobs menu? Hi Splunkers, we had copied many searches to the search head node from indexer and now we have many errors like this:... by evelenke Contributor in Splunk Search 08-08-2022 0 2	0	2
	Combine separate fields to a single MV field? As far as I know using mvcommand only creates an MV field out of values from a single field. In a column for example.... by pbarbuto Path Finder in Splunk Search 08-08-2022 0 2	0	2
	Why is eval failing on joined data? I have the following search: index=sandbox document_type=test-collat-record-json_v2 \| where ((isnotnull(test_res... by laduran Explorer in Splunk Search 08-08-2022 0 2	0	2
	How to find results present in lookup table and not in custom index? Hi All,I have enquired about this problem earlier as well in Splunk community, thus, apologies for duplicate query.Ho... by Taruchit Contributor in Splunk Search 08-08-2022 0 12	0	12
	How to Search to show any new logs/indexes added to the environment within a period of time? I am creating a dashboard to show any new logs that are added to our environment within a period of time.For example ... by wgph96 Engager in Splunk Search 08-08-2022 0 1	0	1
	Help with Field Extraction - How draft the if condition to achieve following logic? I want to do a field extraction for my sourcetype under the Fields-> Calculated Fields section. Confused how to draft... by zacksoft_wf Contributor in Splunk Search 08-08-2022 0 1	0	1
	How to concatenate events from multiple hosts as single host? Hai All, we have events from different hosts with same name. any search query to add them in single host field please... by sekhar463 Path Finder in Splunk Search 08-08-2022 0 7	0	7