Splunk Search

Community Activity

Can someone help in how _time is derived and how to derive correct ingested timestamp? Hi Team, I am ingesting job logs to SPlunk and below is one of the job log (job ran on 27th June) which was ingested ... by Karthikeyan Engager in Splunk Search 07-05-2022 0 4	0	4
Extracting fields doesn't extract the same information I'm sorting through web traffic and I'm trying to extract what device users are using from the user agent. However, w... by jhilton90 Path Finder in Splunk Search 07-05-2022 0 1	0	1
How to Combine similar fields? Hey all,I have a summary table that shows these values and there are also some common values. ProcessError Succes... by din98 Explorer in Splunk Search 07-05-2022 0 3	0	3
How to find failure rate for each separate event type? I am trying to find the failure rate for individual events. Each event has a result which is classified as a success... by MScottFoley Path Finder in Splunk Search 07-05-2022 0 4	0	4
Query to hide chart from alert by nanginenisreeka New Member in Splunk Search 07-05-2022 0 1	0	1
How to find tolerant match between two events? I want to know how long will tolerant match takes to give the result between the event requested and the event resp... by avi7326 Path Finder in Splunk Search 07-05-2022 0 5	0	5
How can I restrict Splunk to search only for first day of every month for last 6 months? by rk1165 Loves-to-Learn Lots in Splunk Search 07-05-2022 0 7	0	7
What is the different between "bin span=5m" vs "timechart span=5m"? HiWhat is the different between "bin span=5m" vs "timechart span=5m"?I mean it is better to use bin span then use tim... by indeed_2000 Motivator in Splunk Search 07-05-2022 0 5	0	5
Help to assign values in increment order to each values in a field It should assign values to each values in the specific field, if the same query executes at second time, it should s... by smanojkumar Contributor in Splunk Search 07-04-2022 0 7	0	7
How to create a chart from output of index and dataset? All, I have an index with some fields like appId and responsetime. I also have a dataset where the appId is same, but... by AmitSampat Loves-to-Learn Lots in Splunk Search 07-04-2022 0 2	0	2
How to prioritize one entry over another in search? SO I have a data set User Vehicle User_a CarUser_b CarUser_a MotorBikeUser_c MotorBikeUser_d CarU... by DaveBunn Path Finder in Splunk Search 07-04-2022 0 3	0	3
Is there any way to speed up timecharts counting events per day? Hi, I need to validate que total number of events received each day from my sources to find gaps during the last 60 d... by JohnnyMnemonic Explorer in Splunk Search 07-04-2022 0 1	0	1
How to ingest UPS devices data into Splunk Cloud? we have some devices for Power Distribution Units and UPS"s for DC teamplanning to ingest into splunk to monitoris an... by sekhar463 Path Finder in Splunk Search 07-04-2022 0 2	0	2
Why am I unable to search in field? Hello All, I have a problem with my search. The following search works: index=test_index sourcetype=test_sourcetype... by karina25 Engager in Splunk Search 07-04-2022 0 2	0	2
How to remove unwanted row base on condition of column data? Hi, I am new in Splunk, if I want to remove the display of all column field for T9_LotID_LaneA,T9_LotID_LaneB,T9_Lot... by 324981 Explorer in Splunk Search 07-03-2022 0 5	0	5
How to compare logs from two different sources and create a table out of it? Hi All, I have two set of logs in two different sources in splunk, one containing the predefined list of VPNs and Que... by Mrig342 Contributor in Splunk Search 07-02-2022 0 3	0	3
Search for a field not containing a specific pattern. I have two indexed fields, FieldX and FieldY. I want to search for all instances of FieldX that contain 'ABC' where F... by tdismukes Engager in Splunk Search 07-02-2022 2 7	2	7
How to List records where a field contains a specific string? I have an index: an_index , there's a field with URLs - URL/folder/folder I only want to list the records that cont... by nlxtasy69 Engager in Splunk Search 07-02-2022 0 4	0	4
How to extract mutiple value from json Hi,I want to extract judgments to a fields from "37.0.10.15" and "47.105.153.104",Is there any way it can do that?{"d... by zhenqi Explorer in Splunk Search 07-02-2022 0 4	0	4
Where did the test data go in the SPL tutorial? In going through the SplunkCloud SPL tutorial, we are told to upload California drought data into Splunk, and we crea... by SplunkAdmin69 Engager in Splunk Search 07-01-2022 0 5	0	5
Why does predict command not predict? Hi everyone, i need help to understand why i'm wrong and how to fix the problem. I've a lookup table in which is stor... by perryd Engager in Splunk Search 07-01-2022 0 4	0	4
How to Count multiple fields in histogram? I have rows in the form: IDField1Field2Field3 And I would like to create a histogram that shows the values of all t... by rpecka Explorer in Splunk Search 07-01-2022 0 3	0	3
How to trigger an alert when a metric is wrong on 3 consecutive spans? Hi everyone, I have a search on approval success rates : stats count as TOTAL,count(eval(criteria)) as APPROVED \| eva... by FBachelin Engager in Splunk Search 07-01-2022 0 3	0	3
Help with JSON regex replace Command:rex mode=sed "s/\"name":\s\"[^\"]+\"/"name":"###############"/g"Regex seems to work fine in Regex101 However,... by ballen1 Explorer in Splunk Search 07-01-2022 0 4	0	4
How to expand/extract multivalue fields line by line? Hi!I have 3 multivalue fields (max. 3 values per field) and I want to expand/extract them to single values. Data look... by timo258 Explorer in Splunk Search 07-01-2022 0 8	0	8