Splunk Search

Community Activity

	Combine separate fields to a single MV field? As far as I know using mvcommand only creates an MV field out of values from a single field. In a column for example.... by pbarbuto Path Finder in Splunk Search 08-08-2022 0 2	0	2
	Why is eval failing on joined data? I have the following search: index=sandbox document_type=test-collat-record-json_v2 \| where ((isnotnull(test_res... by laduran Explorer in Splunk Search 08-08-2022 0 2	0	2
	How to find results present in lookup table and not in custom index? Hi All,I have enquired about this problem earlier as well in Splunk community, thus, apologies for duplicate query.Ho... by Taruchit Contributor in Splunk Search 08-08-2022 0 12	0	12
	How to Search to show any new logs/indexes added to the environment within a period of time? I am creating a dashboard to show any new logs that are added to our environment within a period of time.For example ... by wgph96 Engager in Splunk Search 08-08-2022 0 1	0	1
	Help with Field Extraction - How draft the if condition to achieve following logic? I want to do a field extraction for my sourcetype under the Fields-> Calculated Fields section. Confused how to draft... by zacksoft_wf Contributor in Splunk Search 08-08-2022 0 1	0	1
	How to concatenate events from multiple hosts as single host? Hai All, we have events from different hosts with same name. any search query to add them in single host field please... by sekhar463 Path Finder in Splunk Search 08-08-2022 0 7	0	7
	How to to take a specific 'cell' result and assign it as a token? I have a query that returns multi-row and multi-column results. I want to be able to take a specific 'cell' result an... by lennys26 Communicator in Splunk Search 08-08-2022 0 2	0	2
	Struggling with Multi-series timechart- How to write this rex? Each Event contains 1-many Transaction Names with associated metrics as per the below example: 2022-08-03T08:47:49.45... by dmoberg Path Finder in Splunk Search 08-08-2022 0 5	0	5
	How to extract fields from Json from selected log and use it as table column? Hi all, I am new to Splunk. Right now I am trying to make a table out of a log, which contains different fields like ... by rnach Explorer in Splunk Search 08-07-2022 0 7	0	7
	Why is my stats count by command missing number of result? Hello, I have a csv file that have 209,946 rows of event as show After some query to apply some condition, as \|inp... by phamxuantung Communicator in Splunk Search 08-07-2022 0 2	0	2
	How to combine three different queries(condition) to create one email alert? 1st Query : StoreManagementAPI index=b2cforce sourcetype="sfdc:transaction_log__c" HasError__c=false Transaction_... by anna Explorer in Splunk Search 08-07-2022 0 4	0	4
	How do I search for Windows Servers Version (2008, 2012 etc)? Splunk Noob here. How do I search for Windows Servers Version (2008, 2012 etc)? Can this be done? by etorres Loves-to-Learn Lots in Splunk Search 08-07-2022 0 2	0	2
	Need REX Help - How do I table results? Hello, when i table the results the results are not matching exact with the next columns. what can i add to reslove ... by kc_prane Communicator in Splunk Search 08-07-2022 0 8	0	8
	How to artificially insert event based on an existing event value? Hello,I have a log file that admins can write when they start or stop their server maintenance.This is then jued to s... by alfredoh14 Explorer in Splunk Search 08-06-2022 0 2	0	2
	How filter results by custom start and end string in _raw? Hello,this is the first time i post here but I have learn alot from this website by just using google search. Situati... by alfredoh14 Explorer in Splunk Search 08-05-2022 0 3	0	3
	Is there something about a join that prevents me from doing evaluations? I am fairly new to Splunk but I come from a background of SQL databases and I may still be trying to do things in a "... by laduran Explorer in Splunk Search 08-05-2022 0 1	0	1
	How to extract a value between to identifiers? I'm looking for a way to extract a value from the middle of a sting. The value(green) I want is after the first under... by wantjoule Engager in Splunk Search 08-05-2022 0 1	0	1
	How to write regex to capture Windows 7 only? Hi all, I need to get the value Windows 7 from the below string . used something like OS[\n]+([^\n]+) , but then it c... by biswa2112 Engager in Splunk Search 08-05-2022 0 1	0	1
	How to get search data to be more than 12 months old? I am trying to run a search where I want my data to be more than 12 months old.However when I run this search, it bri... by Jay1234 Explorer in Splunk Search 08-05-2022 0 1	0	1
	Why do stats and tstats give different set of results? Hi All,I tried running the two SPLs below for same index and time range, but got two very different set of results: -... by Taruchit Contributor in Splunk Search 08-05-2022 0 5	0	5
	How to write query to detect too much blocked traffic to one single destination? I have created a query to detect too much blocked traffic to one single destination.Somehow this doesn't work. Help m... by Pooja_R Loves-to-Learn Lots in Splunk Search 08-05-2022 0 2	0	2
	Why won't this table show new field names? Based on what I've studied, I should be able to show a new field named item with a search such as the one below: inde... by firstname Explorer in Splunk Search 08-05-2022 0 1	0	1
	How to use rex to extract JSON text in "msg" keyValue pair? I have a json raw string from which I have to extract the "msg" key and pair value. Can you please assist. The log li... by kabSplunk Explorer in Splunk Search 08-05-2022 0 4	0	4
	Why are Display Values not found in search results but is in lookup table? I Have a look up file called dataset.csv which will have one field, dataset_namedataset1dataset2dataset3 I need to ... by nandhiniG Explorer in Splunk Search 08-05-2022 0 6	0	6
	Best way to turn large regex with labels into something manageable? Hello, I just started a new position where I've inherited management of large queries that need to be updated periodi... by jasmartin Explorer in Splunk Search 08-05-2022 0 3	0	3