Splunk Search

Community Activity

Why does Xyseries drop duplicates? index=a host="b" source="0_R_S_C_ajf" OWNER=dw\|eval ODate=strptime(ODATE,"%Y%m%d")\|eval ODATE=strftime(ODate,"%Y-%m... by Veeru Path Finder in Splunk Search 07-15-2022 0 6	0	6
How to achieve field extraction to list domain admins from AD logs? I have been trying to extract a field to list domain admins from AD logs. The logs have all the admins starting with ... by ggilmore1 Explorer in Splunk Search 07-14-2022 0 8	0	8
How to transform above result into below table? index="dockerlogs" source="gps-request-processor-dev" OR source="gps-external-processor-dev" OR source="*gps-ar... by csahoo Explorer in Splunk Search 07-14-2022 0 1	0	1
How to achieve conditional eval/searchmatch or subsearch result based on the value of another field? I have a scenario where I am analyzing the format of a given string to determine what the name of the format is (e.g.... by mjones414 Contributor in Splunk Search 07-14-2022 0 3	0	3
How to add new fields to certain events via _meta? Hi Splunkers, I try to get a new internal field "_application" added to certain events. So i added a new field via th... by florianhh Explorer in Splunk Search 07-14-2022 0 3	0	3
Firewall logs going into separate index: Why the error "Searching - No results found. Try expanding the time range"? Hey everyone, I've got all our firewall logs going into separate index. When I perform a search just using the index ... by willspk Engager in Splunk Search 07-14-2022 0 1	0	1
Search Stats with _raw field Hello, In my search I'm trying to get a series of events (transact - which is in the _raw field) counted out by anoth... by mcscjlf Explorer in Splunk Search 07-14-2022 0 1	0	1
How to fix query to prevent Duplication of events when searching multi-value fields in Json using mvzip and mvexpand? Here is a reduced version of my JSON: {<!-- --> records: [ {<!-- --> errors: 4 name: name1 plugin: p1 t... by Marian Explorer in Splunk Search 07-14-2022 0 4	0	4
How to create a table with max and sum values I have a table like the below Category \| Time \| Count of string A \| t-5mins \| 18 A \| t-10mins \| 7 A \| t-15mins \|... by HelloItsMe76 Explorer in Splunk Search 07-14-2022 0 3	0	3
How to have multiple time series charts of multiple days' temperature measurements during the days stacked for 24 hours I want to compare the daily temperature measurements at the same period, but different days by a stacked temperature ... by yshen Communicator in Splunk Search 07-14-2022 0 2	0	2
How I can change color of the graph as per value Hi , I have created one graph for Success and failure result, but not able to change the color, How I can have the re... by Splunk3 Explorer in Splunk Search 07-14-2022 0 1	0	1
Remove segmenters in search (lispy) for Norwegian characters Hi folks. Whenever you do a search in Splunk you can review the lispy in search.log. For example, if I search for my ... by hettervik Builder in Splunk Search 07-14-2022 0 4	0	4
How to create aa chart using xyseries command syntax? Dears, i would like to create chart that contain two different x axis and one y axis using xyseries command but i cou... by Ahmedkhalil Communicator in Splunk Search 07-14-2022 0 3	0	3
How to get values from a Splunk field to particular decimals? Hi Team,I have a field like below :Cost :0.45655345534530.00004354634660.00213456677880.0000000005657I want to get va... by Poojitha Communicator in Splunk Search 07-14-2022 0 4	0	4
How to find comman value from multiple watchlist Hi below is one of the requirementI have multiple lookuptableexample number name lookuptable1 abc ... by akshayinnamuri Loves-to-Learn Lots in Splunk Search 07-14-2022 0 2	0	2
Can't get past subsearch limit I seem to be stuck with the 100 result limit for a subsearch. I've changed maxout= to 10000 in limits.conf (and resta... by msallman Explorer in Splunk Search 07-14-2022 3 5	3	5
Whats the splunk equivalent of SQL IN clause What is the Splunk equivalent of an SQL IN clause. I want to run a query where some field has a value which is presen... by jmc82 Explorer in Splunk Search 07-14-2022 5 14	5	14
Making sense of stats results for 1 source to multiple destination Hi All, I have this simple search that shows logins from same SRC IP to multiple Destination hosts. Can someone pls... by neerajs_81 Builder in Splunk Search 07-14-2022 0 4	0	4
How to find common values between two searches? I have two queries from the same set of index and app names using different search terms from which I am extracting a... by shyam_v New Member in Splunk Search 07-13-2022 0 2	0	2
Any idea about the query optimization with using join or subsearch? Hi, I am trying to get all events with two different kinds of objectname(A or B vs C) but with the same username and ... by mchuli934 Loves-to-Learn Lots in Splunk Search 07-13-2022 0 3	0	3
How to create custom fields from syslog? Hello, I have the following log: Month date time, ip address, host, [system] 2022 194 16:15:14 X01: Freq error: phas... by Splunky21 Explorer in Splunk Search 07-13-2022 0 4	0	4
How to achieve using Eval equals to a field from lookup? Need some help. I can't wrap my head around this. Need to lookup a csv which contains clientip, and compare against m... by solaced Explorer in Splunk Search 07-13-2022 0 2	0	2
How do I add Vertical headers in dashboards? I am trying to override the standard CSS to format table header in order to rotate the text by 90 degrees. I need thi... by marios_kstone Path Finder in Splunk Search 07-13-2022 0 4	0	4
Suspicious behaviour of splunk when index log file- Log only showing events from 12:00-23:59 Hi I have suspecious behaviour of splunk when index log file. here is the issue when I search through yesterday log ... by indeed_2000 Motivator in Splunk Search 07-13-2022 0 10	0	10
How can I create a chart with the range start and end date in the y-axis? Example data : start_date end_date batch_name 2017-11... by venkatsivab New Member in Splunk Search 07-13-2022 0 3	0	3