Splunk Search

Community Activity

	Struggling with Multi-series timechart- How to write this rex? Each Event contains 1-many Transaction Names with associated metrics as per the below example: 2022-08-03T08:47:49.45... by dmoberg Path Finder in Splunk Search 08-08-2022 0 5	0	5
	How to extract fields from Json from selected log and use it as table column? Hi all, I am new to Splunk. Right now I am trying to make a table out of a log, which contains different fields like ... by rnach Explorer in Splunk Search 08-07-2022 0 7	0	7
	Why is my stats count by command missing number of result? Hello, I have a csv file that have 209,946 rows of event as show After some query to apply some condition, as \|inp... by phamxuantung Communicator in Splunk Search 08-07-2022 0 2	0	2
	How to combine three different queries(condition) to create one email alert? 1st Query : StoreManagementAPI index=b2cforce sourcetype="sfdc:transaction_log__c" HasError__c=false Transaction_... by anna Explorer in Splunk Search 08-07-2022 0 4	0	4
	How do I search for Windows Servers Version (2008, 2012 etc)? Splunk Noob here. How do I search for Windows Servers Version (2008, 2012 etc)? Can this be done? by etorres Loves-to-Learn Lots in Splunk Search 08-07-2022 0 2	0	2
	Need REX Help - How do I table results? Hello, when i table the results the results are not matching exact with the next columns. what can i add to reslove ... by kc_prane Communicator in Splunk Search 08-07-2022 0 8	0	8
	How to artificially insert event based on an existing event value? Hello,I have a log file that admins can write when they start or stop their server maintenance.This is then jued to s... by alfredoh14 Explorer in Splunk Search 08-06-2022 0 2	0	2
	How filter results by custom start and end string in _raw? Hello,this is the first time i post here but I have learn alot from this website by just using google search. Situati... by alfredoh14 Explorer in Splunk Search 08-05-2022 0 3	0	3
	Is there something about a join that prevents me from doing evaluations? I am fairly new to Splunk but I come from a background of SQL databases and I may still be trying to do things in a "... by laduran Explorer in Splunk Search 08-05-2022 0 1	0	1
	How to extract a value between to identifiers? I'm looking for a way to extract a value from the middle of a sting. The value(green) I want is after the first under... by wantjoule Engager in Splunk Search 08-05-2022 0 1	0	1
	How to write regex to capture Windows 7 only? Hi all, I need to get the value Windows 7 from the below string . used something like OS[\n]+([^\n]+) , but then it c... by biswa2112 Engager in Splunk Search 08-05-2022 0 1	0	1
	How to get search data to be more than 12 months old? I am trying to run a search where I want my data to be more than 12 months old.However when I run this search, it bri... by Jay1234 Explorer in Splunk Search 08-05-2022 0 1	0	1
	Why do stats and tstats give different set of results? Hi All,I tried running the two SPLs below for same index and time range, but got two very different set of results: -... by Taruchit Contributor in Splunk Search 08-05-2022 0 5	0	5
	How to write query to detect too much blocked traffic to one single destination? I have created a query to detect too much blocked traffic to one single destination.Somehow this doesn't work. Help m... by Pooja_R Loves-to-Learn Lots in Splunk Search 08-05-2022 0 2	0	2
	Why won't this table show new field names? Based on what I've studied, I should be able to show a new field named item with a search such as the one below: inde... by firstname Explorer in Splunk Search 08-05-2022 0 1	0	1
	How to use rex to extract JSON text in "msg" keyValue pair? I have a json raw string from which I have to extract the "msg" key and pair value. Can you please assist. The log li... by kabSplunk Explorer in Splunk Search 08-05-2022 0 4	0	4
	Why are Display Values not found in search results but is in lookup table? I Have a look up file called dataset.csv which will have one field, dataset_namedataset1dataset2dataset3 I need to ... by nandhiniG Explorer in Splunk Search 08-05-2022 0 6	0	6
	Best way to turn large regex with labels into something manageable? Hello, I just started a new position where I've inherited management of large queries that need to be updated periodi... by jasmartin Explorer in Splunk Search 08-05-2022 0 3	0	3
	How to search Items in a Lookup Table NOT present in Index? Hi all - Relatively new to Splunk and have already attempted a number of methods from forums to perform this search t... by djn12313 Explorer in Splunk Search 08-05-2022 0 10	0	10
	How to filter specific events from use case? Hi All, We have turned on the Use Case - ESCU 0365 Authentication Failures Alert We need this turned on in order to a... by AidanMarkSmith Observer in Splunk Search 08-05-2022 0 1	0	1
	Local Admin: How to check if a user has not been added and NOT removed within a time period? Hi what would be the best way to check if after a user has been added to a group, they have not been removed from the... by beastpc Loves-to-Learn in Splunk Search 08-05-2022 0 1	0	1
	How to calculate difference between timestamps of two successive logs? Hi , Can you please help me to write a query for calculating the difference in time for two simultaneous logs? I want... by mansi New Member in Splunk Search 08-05-2022 0 1	0	1
	How to write query to exclude the logs having src_ip starting with either 10 or 172? I have this query in Splunk which gets me the src_ip along with different fields for the particular UserId. But i w... by biswa2112 Engager in Splunk Search 08-05-2022 0 1	0	1
	How to write rex to get "domain.com"? I have field user-agent like thisuser-agent="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTM... by f_666dhn Explorer in Splunk Search 08-05-2022 0 1	0	1
	Help writting and fixing a rex query Hello,I have a raw data that go like this ... in[ 60: ]<3034> in[ 62: ]<10> in[ 62: ]<EC_CARDVER> ... I want to extr... by phamxuantung Communicator in Splunk Search 08-04-2022 0 2	0	2