Splunk Search

Community Activity

	How to extract string after particular word? Hi, I have a line in the event like "/v1/locations/7b-cec6-4820-b699-ec" I need to extract 7b-cec6-4820-b699-ec, or... by labaningombam Explorer in Splunk Search 08-09-2022 0 2	0	2
	Is it possible to merge searches with same index but different host names? Hello, I have two searches with same index but different host names. Is it possible to have the results of both the s... by arshiarshi Explorer in Splunk Search 08-09-2022 0 11	0	11
	How would I calculate time difference between different events of a table? Hi All, i am using 2 searches combined via an append to get me data in the following format. Each row is a distinct ... by neerajs_81 Builder in Splunk Search 08-09-2022 0 8	0	8
	Maximun disk usage quota- Why are alerts not sending? Hello, I have a Splunk Cloud deployment and the alerts are not firing. I have searched for information and using the ... by bolopez Explorer in Splunk Search 08-09-2022 0 2	0	2
	How to club data from an index and a file to club? I am trying to club data from one source type with a search input from a formatted CSV file, however I can send only ... by srikanth_gurram New Member in Splunk Search 08-09-2022 0 3	0	3
	Problem with quota for splunk-system-user- Why does size of dispatch folder not correspond to searches in Jobs menu? Hi Splunkers, we had copied many searches to the search head node from indexer and now we have many errors like this:... by evelenke Contributor in Splunk Search 08-08-2022 0 2	0	2
	Combine separate fields to a single MV field? As far as I know using mvcommand only creates an MV field out of values from a single field. In a column for example.... by pbarbuto Path Finder in Splunk Search 08-08-2022 0 2	0	2
	Why is eval failing on joined data? I have the following search: index=sandbox document_type=test-collat-record-json_v2 \| where ((isnotnull(test_res... by laduran Explorer in Splunk Search 08-08-2022 0 2	0	2
	How to find results present in lookup table and not in custom index? Hi All,I have enquired about this problem earlier as well in Splunk community, thus, apologies for duplicate query.Ho... by Taruchit Contributor in Splunk Search 08-08-2022 0 12	0	12
	How to Search to show any new logs/indexes added to the environment within a period of time? I am creating a dashboard to show any new logs that are added to our environment within a period of time.For example ... by wgph96 Engager in Splunk Search 08-08-2022 0 1	0	1
	Help with Field Extraction - How draft the if condition to achieve following logic? I want to do a field extraction for my sourcetype under the Fields-> Calculated Fields section. Confused how to draft... by zacksoft_wf Contributor in Splunk Search 08-08-2022 0 1	0	1
	How to concatenate events from multiple hosts as single host? Hai All, we have events from different hosts with same name. any search query to add them in single host field please... by sekhar463 Path Finder in Splunk Search 08-08-2022 0 7	0	7
	How to to take a specific 'cell' result and assign it as a token? I have a query that returns multi-row and multi-column results. I want to be able to take a specific 'cell' result an... by lennys26 Communicator in Splunk Search 08-08-2022 0 2	0	2
	Struggling with Multi-series timechart- How to write this rex? Each Event contains 1-many Transaction Names with associated metrics as per the below example: 2022-08-03T08:47:49.45... by dmoberg Path Finder in Splunk Search 08-08-2022 0 5	0	5
	How to extract fields from Json from selected log and use it as table column? Hi all, I am new to Splunk. Right now I am trying to make a table out of a log, which contains different fields like ... by rnach Explorer in Splunk Search 08-07-2022 0 7	0	7
	Why is my stats count by command missing number of result? Hello, I have a csv file that have 209,946 rows of event as show After some query to apply some condition, as \|inp... by phamxuantung Communicator in Splunk Search 08-07-2022 0 2	0	2
	How to combine three different queries(condition) to create one email alert? 1st Query : StoreManagementAPI index=b2cforce sourcetype="sfdc:transaction_log__c" HasError__c=false Transaction_... by anna Explorer in Splunk Search 08-07-2022 0 4	0	4
	How do I search for Windows Servers Version (2008, 2012 etc)? Splunk Noob here. How do I search for Windows Servers Version (2008, 2012 etc)? Can this be done? by etorres Loves-to-Learn Lots in Splunk Search 08-07-2022 0 2	0	2
	Need REX Help - How do I table results? Hello, when i table the results the results are not matching exact with the next columns. what can i add to reslove ... by kc_prane Communicator in Splunk Search 08-07-2022 0 8	0	8
	How to artificially insert event based on an existing event value? Hello,I have a log file that admins can write when they start or stop their server maintenance.This is then jued to s... by alfredoh14 Explorer in Splunk Search 08-06-2022 0 2	0	2
	How filter results by custom start and end string in _raw? Hello,this is the first time i post here but I have learn alot from this website by just using google search. Situati... by alfredoh14 Explorer in Splunk Search 08-05-2022 0 3	0	3
	Is there something about a join that prevents me from doing evaluations? I am fairly new to Splunk but I come from a background of SQL databases and I may still be trying to do things in a "... by laduran Explorer in Splunk Search 08-05-2022 0 1	0	1
	How to extract a value between to identifiers? I'm looking for a way to extract a value from the middle of a sting. The value(green) I want is after the first under... by wantjoule Engager in Splunk Search 08-05-2022 0 1	0	1
	How to write regex to capture Windows 7 only? Hi all, I need to get the value Windows 7 from the below string . used something like OS[\n]+([^\n]+) , but then it c... by biswa2112 Engager in Splunk Search 08-05-2022 0 1	0	1
	How to get search data to be more than 12 months old? I am trying to run a search where I want my data to be more than 12 months old.However when I run this search, it bri... by Jay1234 Explorer in Splunk Search 08-05-2022 0 1	0	1