Splunk Search

Community Activity

	When SQL set data is sent to Splunk via sql scripts, do you use sql syntax or do you utilize Splunk query linguistics? This is just a question for my learning. When SQL set data is sent to Splunk via sql scripts, do you use sql syntax ... by reneedeleon Engager in Splunk Search 08-10-2022 0 2	0	2
	Why is my join not working? Basically my query should search an index for an ip in the last 4 hours and return 1 event.Then it should left join o... by leftinnerouter Explorer in Splunk Search 08-10-2022 0 6	0	6
	How to get Mstats sum by time? Hi Team, I'm new to Splunk and will need some help in getting this query total sum by timestamp as we are not explici... by pancham Explorer in Splunk Search 08-10-2022 0 1	0	1
	Possible to show all values from same field name with different values from one Event? Hi, I'm trying to make my query show all the different values from one field (Product) that it is showing in the Even... by FGAnders Explorer in Splunk Search 08-10-2022 0 4	0	4
	What is the best way to filter results for two queries with big data sets? Hello, trying to create visualization that will show results from KV_Store used as filter and then query index. Basic... by jbanAtSplunk Communicator in Splunk Search 08-10-2022 0 2	0	2
	Why are events duplicating when running \| collect command using output_format=hec? HI I am facing issue when running collect command event are double in new index test \| collect index=test_1 outpu... by Pavankumar Loves-to-Learn Lots in Splunk Search 08-10-2022 0 0	0	0
	How to filter on 'count' without losing original results? I am trying to build an Alert which will trigger whenever one of our AWS-hosted Active Directory domains get replacem... by ttovarzoll Path Finder in Splunk Search 08-09-2022 0 7	0	7
	How to remove duplicates from the table? Hi community,I have table like below -ClientError_codeError Resultsabc10032abc10033abc10131abc10273abc10275abc10132ab... by wanda619 Path Finder in Splunk Search 08-09-2022 0 6	0	6
	Can a lookup be recreated and use the existing lookup definition? The scenario is, A lookup csv has become unreadable. A lookup definition exists for it. The lookup was deleted and r... by leftinnerouter Explorer in Splunk Search 08-09-2022 0 1	0	1
	Does Rex in splunk support variable in regular expression? Does Rex in splunk support variable in regular expression ? For example, user could input a text from UI, usually I... by Tao_Zeng Explorer in Splunk Search 08-09-2022 0 5	0	5
	How to remove duplicates? Client Error Error Results Error ResultsPrevious week Percent of Total PercentDifference abc 1003 2 0 12.5 ... by wanda619 Path Finder in Splunk Search 08-09-2022 0 2	0	2
	How to pull latest values for every 4 hours time interval? Hello, I'm trying to pull the latest values for every 4 hours in a day ie., latest values between the time00:00:00 t... by bnikhil0584 Explorer in Splunk Search 08-09-2022 0 3	0	3
	How to do a multi line field extraction? I want to extract package line as individual results,tried rex "Linux\ssystem\s\:\s+(?<packages>.+)", but that is jus... by satyaallaparthi Communicator in Splunk Search 08-09-2022 0 7	0	7
	How do I show in table, when a field is greater than 1, to exclude it? Hi guys, I have a query that works and gives me table such as below. What I wanted to do was when count of values i... by aikn061 Explorer in Splunk Search 08-09-2022 0 1	0	1
	How to achieve complex filtering on MVFields? I am attempting to build a search that pulls back all logs that have a value in a multi-value field but do not have o... by ett Engager in Splunk Search 08-09-2022 0 2	0	2
	How do I merge two rows coming from different macros? Hi All,I am appending two macros to generate the following result set using append command. The 1st row comes from o... by neerajs_81 Builder in Splunk Search 08-09-2022 0 5	0	5
	How to dynamically pass as parameters all host matching a specific query: index=* host=myserver? Hi all,I have just downloaded the app "SSL Certificate lookup" from splunk base and it's working fine. with following... by Julien22 Explorer in Splunk Search 08-09-2022 0 6	0	6
	Extract a field from a field in splunk? I have a field names "code_value" which has the values as follows code_value ABC-123 JHLIK ABC-456 LKJF ABC-781 klkl... by pavanae Builder in Splunk Search 08-09-2022 0 2	0	2
	How to extract string after particular word? Hi, I have a line in the event like "/v1/locations/7b-cec6-4820-b699-ec" I need to extract 7b-cec6-4820-b699-ec, or... by labaningombam Explorer in Splunk Search 08-09-2022 0 2	0	2
	Is it possible to merge searches with same index but different host names? Hello, I have two searches with same index but different host names. Is it possible to have the results of both the s... by arshiarshi Explorer in Splunk Search 08-09-2022 0 11	0	11
	How would I calculate time difference between different events of a table? Hi All, i am using 2 searches combined via an append to get me data in the following format. Each row is a distinct ... by neerajs_81 Builder in Splunk Search 08-09-2022 0 8	0	8
	Maximun disk usage quota- Why are alerts not sending? Hello, I have a Splunk Cloud deployment and the alerts are not firing. I have searched for information and using the ... by bolopez Explorer in Splunk Search 08-09-2022 0 2	0	2
	How to club data from an index and a file to club? I am trying to club data from one source type with a search input from a formatted CSV file, however I can send only ... by srikanth_gurram New Member in Splunk Search 08-09-2022 0 3	0	3
	Problem with quota for splunk-system-user- Why does size of dispatch folder not correspond to searches in Jobs menu? Hi Splunkers, we had copied many searches to the search head node from indexer and now we have many errors like this:... by evelenke Contributor in Splunk Search 08-08-2022 0 2	0	2
	Combine separate fields to a single MV field? As far as I know using mvcommand only creates an MV field out of values from a single field. In a column for example.... by pbarbuto Path Finder in Splunk Search 08-08-2022 0 2	0	2