Splunk Search

Community Activity

Help with stats count comma delimited field Hello all, I have an event that looks similar to the following: field_A="US", field_B="true", field_C="AB/CD,XYZ, <>D... by mebra1 Loves-to-Learn in Splunk Search 07-08-2022 0 8	0	8
How to select one of two event fields in stats? Hi, I have two event fields with the same name "timestamp". I just want to display (in stats) the "timestamp" field ... by user33 Path Finder in Splunk Search 07-08-2022 0 2	0	2
Multiline field search: How to print multiple events? In logs there are multiple lines printed like below and I want to print all of them in a table but my search query o... by jimish Explorer in Splunk Search 07-08-2022 0 2	0	2
How to filter out one field events base on other field with two events? Hi All,I have this report My requirement is only show in table those event that do not have the Plugin Name = "TL... by Rithekakan Path Finder in Splunk Search 07-08-2022 0 1	0	1
Can I index into array in my search to pull two specific displayName and result values out and use stats command? Hello folks, I'm trying to write a drill-down search for a correlation search in Enterprise Security, and I'm having ... by meliaolsen Loves-to-Learn Lots in Splunk Search 07-08-2022 0 2	0	2
How do I convert Duration field in sec to day Hr Min Sec? Base query: index=jenkins* teamcenter \|search event_tag=job_event \|search build_url=TC_Active \|where isnotnull(job_... by Abhineet Loves-to-Learn Everything in Splunk Search 07-08-2022 0 7	0	7
How to filler a Field base on other two field? host="SPL-SH-DC" sourcetype="ABCSW"......\| search "Plugin Name" != "TLS Version 1.1 Protocol Deprecated" AND Port != ... by Rithekakan Path Finder in Splunk Search 07-08-2022 0 8	0	8
Make sure Value from one specific event is not in any other events I can't wrap my head around how to do this search. It's like I need an array or variable.Example Data:HostnameStorag... by splunk219783 Path Finder in Splunk Search 07-08-2022 0 8	0	8
How can I use * in eval if statement? \| eval RouteLatency = if (Name="ABC" AND HTTP="https://.net..com*" , bckLatency ,RouteLatency ) by ashidhingra Path Finder in Splunk Search 07-08-2022 0 2	0	2
How to convert the time in raw data to different timezone? I have the raw data where i need to convert the time in raw data to particular time zoneexample:if the time contains ... by Veeru Path Finder in Splunk Search 07-08-2022 0 10	0	10
Why am I unable to extract cookie field? So I'm trying to extract a field called "secureToken=tokenvalue" from our akamai logs. However when I try to extract ... by jhilton90 Path Finder in Splunk Search 07-08-2022 0 9	0	9
How do I list machines that do not match my search? How do I list machines that do not match my search?"if" my script runs, a message is sent to splunk. The script runs ... by cwheeler33 Explorer in Splunk Search 07-07-2022 0 2	0	2
SplunkPhantom: Could not load JSON from CEF parameter: Error Code: Error code unavailable. Error Message: Expecting ',' Could not load JSON from CEF parameter: Error Code: Error code unavailable. Error Message: Expecting ',' delimiter: l... by Manojsai_3 New Member in Splunk Search 07-07-2022 0 0	0	0
Case-insensitve sort Is there a way that I can sort some data alphabetically where the values are case insensitive? Currently, it sorts a... by atornes Path Finder in Splunk Search 07-07-2022 1 5	1	5
How to Combine Multiple Data Sources in Pie Chart Visualization? I have a data sources that shows if an order was resolved as fraudulent (data="resolutions") and in a different data... by devanoverstock Explorer in Splunk Search 07-07-2022 0 6	0	6
Why is the Splunk app not displaying? Hi Team, The below screen shot in prod environment Splunlk App displaying app when ever select , but dev environment... by parnika171017 New Member in Splunk Search 07-07-2022 0 0	0	0
How to compare Sum of event counts per day until bow()? Hello, I want to compare event counts for indexes to evaluate if there is unexpected changes in logging. In order t... by MarcusBB Explorer in Splunk Search 07-07-2022 0 2	0	2
Help with data enrichment Hi everyone! I would appreciate your help with the following search, I can't find how to do that, I need to add the ... by Danielle_marks Explorer in Splunk Search 07-07-2022 0 4	0	4
Recursive macro invocation fails- Is there a different solution besides defining all possible list values? Hi everyone, I have the following issue: within a search and a data field I find values like this: db2_stat = "1,3:8"... by eherbst63 Explorer in Splunk Search 07-07-2022 0 2	0	2
Compare Different Fields in Different Events New to Splunk and banging my head against the wall with this problem for over a day now. Please help...Need to compar... by lgsplunks Explorer in Splunk Search 07-07-2022 0 4	0	4
How to get dynamic inputs through a query in Dashboard studio? Hi, I am trying to implement a dynamic input dropdown using a query in the dashboard studio.The code I am using is as... by _pravin Contributor in Splunk Search 07-07-2022 0 4	0	4
Stats Count Field To Include 0 For each Bin period I’m trying to get a count for activity on around 10 different APIs.The search is:index=api_logs \| bin span=5min _time... by sssplunker Engager in Splunk Search 07-07-2022 0 4	0	4
Splunk DBConnect use the SQL WITH statement Can Splunk DBConnect use the SQL WITH statement? WITH TABLE_BASE AS (-- this section is the base query and matches th... by robjackson Path Finder in Splunk Search 07-06-2022 0 1	0	1
Remove field values from one multi-valued field which values are present in another multi-valued field Remove field values from one multi-valued field which values are present in another multi-valued fieldLooking for som... by VatsalJagani SplunkTrust in Splunk Search 07-06-2022 0 5	0	5
What is the "correlate" function doing behind the scenes I am trying to use the correlate command in Splunk but keep receiving "1.0" or other numbers as the correlation value... by spogtrop Explorer in Splunk Search 07-06-2022 0 4	0	4