Splunk Search

Community Activity

How to create a 14 day search for specific time range (02:00 - 06:00) only? How to create a 14 day search for specific time range (02:00 - 06:00) only? by ashidhingra Path Finder in Splunk Search 07-19-2022 0 5	0	5
How to extract a Multi-Valued Field? I've imported a .csv that has many fields, but the only one I care about has multiple values in it. pluginText: <plu... by Minasdad Path Finder in Splunk Search 07-19-2022 0 11	0	11
How to match field values with multivalue field? I have a data with two fields: User and Account Account is a field with multiple values. I am looking for a search th... by Skysurfer Explorer in Splunk Search 07-19-2022 0 10	0	10
How to pivot convert in Splunk? Hi, I habe a table after using stats: \| stats values(durationSum) as duration by Fauf Station. How can I convert it ... by zoe Path Finder in Splunk Search 07-19-2022 0 2	0	2
TimeChart Percent Query - How to Sort on specific field count Hello Experts, I am stuck with a timechart % query and I want to sort basis a field count and not the default sort on... by beriwalnishant Path Finder in Splunk Search 07-19-2022 0 13	0	13
Error in 'similarity' command: External search command exited unexpectedly with non-zero error code 9 index="main" source="all_digikala1.csv" \| table title price \| map search="search index=main source=all_sites1.csv \|... by soheil115 Engager in Splunk Search 07-18-2022 0 0	0	0
How to covert Duration in String to seconds? Hi Team, I have time in below two formats and I want to convert them to minutes. How can I do this Format 1 1 Hour10... by smaran06 Path Finder in Splunk Search 07-18-2022 0 4	0	4
Can you use a wild character in a Multiselect? Hi In a MultiSelect is there any way to us a wild character? My Data XYC_123 EOD_1234 EOD_23232 EOD_343434 aassss_... by robertlynch2020 Influencer in Splunk Search 07-18-2022 0 3	0	3
How to extract JSON array contents to lookup table? I've got a JSON array I ingest that I want to extract certain fields from to save into a lookup table. Here's an exam... by AlanMoen Explorer in Splunk Search 07-18-2022 0 6	0	6
How to add currency symbol to pie chart hover text? Is there a way to show currency symbol after the value? Like $393.26 by waldenwang9966 Loves-to-Learn in Splunk Search 07-18-2022 0 5	0	5
How to achieve top 10 src_ip's along with top 10 urls for each src_ip? I'm trying to run a query to figure out the top 10 src_ip's along with their top 10 urls visited. When I try the belo... by jhamot23 Engager in Splunk Search 07-18-2022 0 4	0	4
How to clean up query for top 10 urls of top users? I'm currently building a query that reports the top 10 urls of the top 10 users. Although my current query works, I w... by tayvionp Explorer in Splunk Search 07-18-2022 0 4	0	4
Suggestions for Tenable .csv field extraction Within the tenable:sc:vuln sourcetype there is a particular field "PluginText" that has a value for hardware serial n... by Minasdad Path Finder in Splunk Search 07-18-2022 0 3	0	3
How do I modify x-axis values to display date only for each column? Hi, how can I modify x-axis in order to display date only for each column. query \| eval finish_time_epoch = strftim... by Edwin1471 Path Finder in Splunk Search 07-18-2022 0 1	0	1
How to add field from a lookup in an index search and displaying the result Hello, I have a lookup on which we have two columns, one with the computer name and the other with the OS version. Wh... by darphboubou Explorer in Splunk Search 07-18-2022 0 10	0	10
Host field missing in events coming from a particular machine- How do I find host field information? I am not able to find the host field information for the events coming from a particular machine. This is related to... by sambitmahantaes Explorer in Splunk Search 07-18-2022 0 7	0	7
How to concatenate Dynamic multivalue fields to single value fields? Hi all, I have events coming in that have multivalue fields, but not always the same fields are multivalue. I want al... by wealot Explorer in Splunk Search 07-18-2022 0 2	0	2
How to convert at InfluxDB SQL query to a Splunk SPL search? We have a FIG (fluentD/InfluxDB/Grafana) setup in which we want to change the IG part to Splunk. We have several das... by registration9 New Member in Splunk Search 07-17-2022 0 2	0	2
Is there any way to use all returned values under a certain field in a search? Let's say I have a multivalue fieldA and a fieldB. I know you can do something like "\| where field=value" in a search... by cxm0u4e Engager in Splunk Search 07-17-2022 0 2	0	2
Why are Tokens not getting recalculated on changing the form value? Hi team, As per my requirement, on changing a particular form element [Token 1] , a set of other tokens [Token2,Token... by Ashwin3 Engager in Splunk Search 07-17-2022 0 2	0	2
How to try to search for new MFA factors with DUO? I'm trying to find any new MFA factors(DUO) used by any user in the past X days in order to create an alert. As an e... by JR_Akaviri Engager in Splunk Search 07-17-2022 0 1	0	1
How to compare and generate percentage from two lookup fields? file1.csv and file2.csv with a common field of "Tests". Wanting to compare File2 field "Tests" against file1.csv fiel... by Minasdad Path Finder in Splunk Search 07-17-2022 0 2	0	2
How to Extract multiple 10-digit numbers from field2 Hi, Novice splunker here. My search only extracts 1st 10-digit number and my data contains atleast 4 or more 10-digi... by Gzee Engager in Splunk Search 07-17-2022 0 1	0	1
How to calculate time difference from 2022-07-14T09:05:08.21-04:00 format Good Day,I need help to calculate the time difference for field "@timestamp" containing time format 2022-07-14T09:05:... by DPOIRE Path Finder in Splunk Search 07-15-2022 0 16	0	16
How to implement alert that need to consider state of past alert? I need to first issue an alert for overheat temperature 24 hours in advance for the affected locations, for their for... by yshen Communicator in Splunk Search 07-15-2022 1 3	1	3