Splunk Search

Community Activity

How to search the table by the range set of size in the input? I want to search file by range of size assigned in the input but I'm not sure how.Example: I pick 50M in the choices ... by jobamnavarro Loves-to-Learn Lots in Splunk Search 07-28-2022 0 7	0	7
How to add dynamic timewrap to dashboard? Hello everyone, I want to be able to have a dynamic timewrap option on my dashboard. Based on the user input (of spe... by SShalaka Engager in Splunk Search 07-27-2022 0 7	0	7
How to separate data into groups of how often they appear? Looking to create a chart that can separate results into groups of how often they appear in a time range. We're look... by msage Path Finder in Splunk Search 07-27-2022 0 1	0	1
Sorting multi-series column chart by count field Not sure why this is so perplexing, but or the life of me I can't get this to sort how I want. The following chart... by Cuyose Builder in Splunk Search 07-27-2022 0 4	0	4
How to use tstats count as output to eval subsearch? Have a search that returns emails of interest (possibly malicious). Trying to add a subsearch that will return a coun... by bradw2021 Engager in Splunk Search 07-27-2022 0 5	0	5
How to compare different host fields? I have two host. I need to compare the fields values. Field names are same for both the host. by Surhol New Member in Splunk Search 07-27-2022 0 1	0	1
How to use NOT in subsearch to find orders in search but not the other? First, let me explain my intention:I am attempting to create a query that would notify our team of a “stuck order”. ... by scaparelli Explorer in Splunk Search 07-27-2022 1 7	1	7
How to add colors to a table for dynamic columns? Hi I am producing a table with time as the column header. However i can only use hour not the full date as i have to ... by robertlynch2020 Influencer in Splunk Search 07-27-2022 0 13	0	13
Why am I still seeing old data? Splunk data retention period is for 7 days. But i could still see 2 years back data now. I am not sure why? Can anyo... by Santosh2 Path Finder in Splunk Search 07-26-2022 0 7	0	7
Why SPL syntax highlighting not working correctly? Hi, I've created this rather complicated piece of SPL. To make it a bit more understandable I added some comment line... by Hoekb03 Explorer in Splunk Search 07-26-2022 1 3	1	3
Why are the time modifiers not working for union command? Hello everyone, The time modifiers don't seem seem to work for this search, am I doing something wrong? \|union [sea... by SShalaka Engager in Splunk Search 07-26-2022 0 1	0	1
Why are date_ fields missing? What happened to the date_wday, date_hour, and the others? Am I going nuts, waking from a dream where they used to ... by mykol_j Communicator in Splunk Search 07-26-2022 1 5	1	5
How to optimize very slow searching JSON events? I am searching a new source of json data sent to Splunk (over HEC), and it is very, very slow. Searching over just th... by gn694 Communicator in Splunk Search 07-26-2022 0 4	0	4
How to split single multivalue event into multiple multivalue events? Hello everyone !I'm trying to split a single multivalue event into multiple multivalue events. Here is my base search... by ERFFFFF Explorer in Splunk Search 07-26-2022 0 4	0	4
How to find total execution time for multiple events? Hey all,I have a summary table that shows these values. Each error log and log in the 'Total logs' column (which cont... by din98 Explorer in Splunk Search 07-26-2022 0 5	0	5
How to get columns associated with max value of specific column in 30 minute time window? Hello everyone, I have following type of data to analyze: timestampendpointexecutionTime08:12/products0.308:20/produc... by nowakgft Engager in Splunk Search 07-26-2022 0 2	0	2
How do I alter my search for multi (2) line chart that shows as one big line to show "Running" and "Stopped"? Hello Splunk Community, I have the following search command: index="myIndex" host="myHost" myScript Running OR Sto... by Bleepie Communicator in Splunk Search 07-26-2022 0 4	0	4
Am I taking the correct steps for monitoring active directory and analyzing user accounts? Good morning allplease i'm in a big das that i can't solve it: i'm a student and i'm preparing my graduation projec... by hichem_khalfi Path Finder in Splunk Search 07-26-2022 0 11	0	11
How to create a weekly report comparing changes in Domain Controllers' Operating System Type and Version? Hello All, I would like to be able to track down any and every configuration change on our monitored DC, AD etc. I ne... by DanAlexander Communicator in Splunk Search 07-26-2022 0 6	0	6
Is there an alternative command for the timeshift(Sumo logic ) in splunk? Hi Everyone,I need to migrate the report from sumo logic to splunk . In sumo logic report we have time compare option... by Vikasreddys Engager in Splunk Search 07-25-2022 0 1	0	1
How to search for and get all values of a field which occurred, but without the timestamps? I only want to know for field methodName=XYZAll the methodNames that occurred. I do not want the timestamps for each ... by likejudo Loves-to-Learn in Splunk Search 07-25-2022 0 6	0	6
What are some best practices to import data from an Oracle database table (not database logs)? I have a very large Oracle database table that is being used as a log sink for an application. There is high transact... by scottrudy Engager in Splunk Search 07-25-2022 0 1	0	1
How to Capture optional fields? rex command im using: (?:\w+\s\:\s)(?<command>[^\;]+)?\;\s(?<Datainput>[^\s]+)\s\;\s(?<Extra>[^\s]+) Data 1) command... by JohnnyTsunami New Member in Splunk Search 07-25-2022 0 1	0	1
Why is mvexpand not working on lookup? Hello, I am trying to create dashboard input based on lookup table. I have simple lookup with monitor name and list o... by GersonGarcia Path Finder in Splunk Search 07-25-2022 0 5	0	5
Is there any controls to limit the size of a user search? Is there any controls to limit the size of a user search? The use case is Splunk Cloud and limiting a search, if it d... by rbal_splunk Splunk Employee in Splunk Search 07-25-2022 0 1	0	1