Splunk Search

Community Activity

How to resolve error: Problem replicating config (bundle) to search peer. failed; error="Cannot resolve hostname". Problem replicating config (bundle) to search peer ' hostname:8089 ', Upload bundle="/SPLUNK/splunk/var/run/EF6-16xxx... by Sirius_27 Explorer in Splunk Search 07-12-2022 0 1	0	1
How to take an average of a time log? Hello peeps,Currently I have a list of processing times. And I am trying to create a dashboard that shows the average... by amaralt808 Path Finder in Splunk Search 07-12-2022 0 7	0	7
How to find same values in different sources? Our login page is developed by team1 and the main home page (After login) is developed by team2. The event logs from ... by Momgineer Engager in Splunk Search 07-12-2022 0 5	0	5
How to replace Unique Values? Hello, I have several events in the _raw field that add a unique identification number. I would like to replace thes... by mcscjlf Explorer in Splunk Search 07-12-2022 0 4	0	4
Is it possible to Search within a table on a dashboard? I have created a dashboard panel which displays events from a firewall log. Importantly, this panel is intended to s... by JunkyardDog New Member in Splunk Search 07-12-2022 0 1	0	1
How to Convert time format? Hi, i need to write a query that converts time format from minutes to format Xh Xmin Xs my query \| eval finish... by Edwin1471 Path Finder in Splunk Search 07-12-2022 0 1	0	1
How to Add multiple field values for the matching value of another field I want to create a query, that would combine all the duration values into one by adding them for each Time Date. The... by Edwin1471 Path Finder in Splunk Search 07-12-2022 0 3	0	3
CISCO ESA - simple search email query (sender, recipient,subject) Hi,I have Splunk 8.1.4 with Splunk Add-on for CISCO ESA 1.5.0. I also have the old app Cisco Secuirty Suite that eve... by corti77 Contributor in Splunk Search 07-12-2022 0 1	0	1
How to display search with multiple lookup? [SOLVED] HelloI have several lookups and I would like to display the details on a date range but I can't really do itI have tr... by brad_ Engager in Splunk Search 07-12-2022 0 4	0	4
How to use (event-)stats and calculations to predict how many unique customers do I have by product group Hi everyone, basically I am trying to count how many unique customers I had in a period and that worked well with d... by nord_nikon Engager in Splunk Search 07-12-2022 0 2	0	2
Is there any reason why syntax highlighting is not working by default for splunk logs? Is there any reason why syntax highlighting is not working by default for splunk logs?. While clicking on the Syntax ... by vjsplunk Loves-to-Learn Everything in Splunk Search 07-11-2022 0 1	0	1
Why were some events removed by Timeliner when they were missing _time? Hi, When I run a search against an index in smart/verbose mode, I am getting the below error with zero results, "Some... by bsanjeeva Explorer in Splunk Search 07-11-2022 0 0	0	0
How to exclude last 2 parts of the URL in Splunk? I have a URL as below 1.aa/bb/cc/dd 2.nbcn/hbd/hvhd/hbxn Need to regular expression to get the below output 1.aa/bb... by bharath999 Observer in Splunk Search 07-11-2022 0 3	0	3
Can Splunk read inside a file and filter based on a word inside? Hi all.I want to create an alert for hosts file modification.Found the build in one here on the forums but I would li... by NizanCohen Explorer in Splunk Search 07-11-2022 0 4	0	4
How to calculate Raw data for API endpoints and count? I don't have a ton of experience with Splunk yet but I've been asked to find API endpoints (which appear to be in our... by mcscjlf Explorer in Splunk Search 07-11-2022 0 3	0	3
How to write timechart output that drops most recent week but keeps in the initial query? I have a query that must search 9 weeks of data, and then applies a filter against a single field (dv_opened_at) look... by tlmayes Contributor in Splunk Search 07-11-2022 0 5	0	5
How to display pool down on two cluster server? index=idx_rdap source="f5" "member" "RO1B4-0JLSM4000S" "/Common/pool_d2i_*gkrgkl" \| rex field=member "\/Common\/(... by elmadi_fares Loves-to-Learn Everything in Splunk Search 07-11-2022 0 3	0	3
How to Pull Unique Records from JSON I have read a lot of different threads and docs but still having trouble pulling what I need out of the below JSON. E... by morgantay96 Path Finder in Splunk Search 07-10-2022 0 9	0	9
Setting up Enterprise Security as a SOC detection- Alert Investigation Hi all, I am currently configuring Splunk Enterprise Security for Alerts. I have a doubt in the implementation of thi... by Yadukrishnan Explorer in Splunk Search 07-09-2022 0 1	0	1
I need a different way to join two searches Hi, I know this is a hot topic and there is answers everywhere, but i couldn't figure out by my self what to do. Sudd... by rodolfotva Engager in Splunk Search 07-09-2022 0 2	0	2
Is there a way to get Sum BytesSent by IP? I need to get the list of the IPs that have generated the most outgoing traffic. When the query is generated I find t... by splunkcol Builder in Splunk Search 07-09-2022 0 2	0	2
How can i find difference b/w each MV Item? How can i find difference b/w each MV Item? So far i was able to do only one difference ... by reverse Contributor in Splunk Search 07-08-2022 1 9	1	9
Help with stats count comma delimited field Hello all, I have an event that looks similar to the following: field_A="US", field_B="true", field_C="AB/CD,XYZ, <>D... by mebra1 Loves-to-Learn in Splunk Search 07-08-2022 0 8	0	8
How to select one of two event fields in stats? Hi, I have two event fields with the same name "timestamp". I just want to display (in stats) the "timestamp" field ... by user33 Path Finder in Splunk Search 07-08-2022 0 2	0	2
Multiline field search: How to print multiple events? In logs there are multiple lines printed like below and I want to print all of them in a table but my search query o... by jimish Explorer in Splunk Search 07-08-2022 0 2	0	2