Splunk Search

Community Activity

	Why won't eval substr is work with large string of 20k characters? Hi, I am new to Splunk. I just started using it last month. For me the below " \| eval error=substr(msg, 0, 1000) \| t... by RJDev Loves-to-Learn in Splunk Search 06-27-2022 0 8	0	8
	Why my Saved Search is not writing summary to 'stash' souretype? I am investigating a customer's concern that this particular search is not writing summary to 'stash' sourcetype. Th... by zacksoft_wf Contributor in Splunk Search 06-27-2022 0 3	0	3
	Why is one field not been extracted as expected? Hello everyone, I have an issue with one field let say foo These are the scenarios: 1. If I run a search just with t... by glpadilla_sol Path Finder in Splunk Search 06-27-2022 0 9	0	9
	How to create table columns from JSON? Hi, I have fields from a JSON file that are getting parsed like this: I'm struggling to find a way to turn those fi... by kackerman7 Loves-to-Learn in Splunk Search 06-27-2022 0 4	0	4
	How to implement Alerting the absence of events? Hello, team! I need your help with my search. I have a search which collects the list of ip-addresses, and next I ne... by bosseres Contributor in Splunk Search 06-27-2022 0 2	0	2
	How to remove blanks in a field in data entry Hi, I'm trying to remove blanks in a field when adding a csv file. In heavy-forwarder I have tried to use a regex in... by vprunera New Member in Splunk Search 06-27-2022 0 1	0	1
	How to achieve this Splunk regex query? This is the log i am getting in splunk msg: 2022-01-22 03:00:00.143 INFO 15 --- [ scheduling-1PurgeProcessCountTask :... by sbsinha04 New Member in Splunk Search 06-27-2022 0 4	0	4
	How to find the time difference in days between the _time of an event and the current time? Hi All, I might be over thinking this one, but since I've already used _time--> ...\| stats earliest(_time) as first_... by _gkollias Builder in Splunk Search 06-27-2022 0 7	0	7
	Field extration based on Event Type Hi I have created a custom Event type and I would like to perform some field extraction based on the new event type, ... by resparis New Member in Splunk Search 06-27-2022 0 3	0	3
	Issues with Field Extraction - Extracted Field Not Showing Up in Search Head (in search) Hello,I extracted a few numbers of fields through SPLUNK web interface (see below) using REGEX/REX (see below), all f... by SplunkDash Motivator in Splunk Search 06-27-2022 0 7	0	7
	Splunk Rest Query to see the definitions of all dashboards ( public & private ) Hi Team,We had couple of dashboards who created by ex-employees and existing team is unable to access them.Even we do... by splunkfriend123 Engager in Splunk Search 06-26-2022 0 4	0	4
	How to use rex max_match resulting in only unique values Hello, I am trying to get a list of values using max_match=5. However I need the results to only return unique val... by spencerneal Explorer in Splunk Search 06-26-2022 0 3	0	3
	Getting empty results when running search with particular fields using Java SDK Does anybody know why while I am able to get results when running query with any field in Splunk, I am getting empty... by john_dem8 Observer in Splunk Search 06-26-2022 0 8	0	8
	issues with Field Extraction-Showing Error Messages Hello,I have some issues with field extractions and getting error messages. Sample data, extraction codes (REGEX), an... by SplunkDash Motivator in Splunk Search 06-26-2022 0 3	0	3
	How do I Filter by ingested timestamp? Hi all, day1 splunker here. I'd like to use an ingested start and stop time in index BLUE and use it to range-filter... by Bob2k New Member in Splunk Search 06-26-2022 0 2	0	2
	Use the results of subsearch to rename those results with other name in new search Hi All, I have this data in index 1 inputactive IdleadgbehcfiI have this data in index 2 inputTESTpwrad1be2cf3ag4bh... by paritoshs24 Path Finder in Splunk Search 06-26-2022 0 4	0	4
	Splunk Search result- Can I change the x and y axis in time series? i need to combine the country count on daily bases If i am using count If i am using time series in time series ... by ut89shukla New Member in Splunk Search 06-25-2022 0 1	0	1
	Extracting the latest numeric value from the latest event to create a Gauge component in dashboard Hi Users, I have to create a gauge component to show the available memory in the system. As we know the gauge compone... by akotwale Engager in Splunk Search 06-25-2022 0 2	0	2
	How can I find events that contain non english words? Hi how can I find events that contain non english words? e.g i have log file that some lines contain germany or arabi... by indeed_2000 Motivator in Splunk Search 06-25-2022 0 11	0	11
	Rest Query to find out query along with no of execution times Hi Team, Is there any way to use REST syntax and retrieve the following.1. Rest Query to retrieve all unique searches... by splunkfriend123 Engager in Splunk Search 06-25-2022 0 4	0	4
	How to combine two search result with different fields in single dashboard? Hello,I have logs in two index, Index=flow_logFields required,src_ip, src_port, dest_ip, dest_port, network interface... by navb Loves-to-Learn in Splunk Search 06-24-2022 0 5	0	5
	How can we find out volume of logs queried in Splunk? How can we find out volume of logs queried in Splunk by kml_uvce Builder in Splunk Search 06-24-2022 0 3	0	3
	Why do some entries (of type search) have api_et, api_lt, and others have apiStartTime,apiEndTime? Hello, I am digging through my _audit index to see what searches people are running over time, but I am confused by t... by jason0 Path Finder in Splunk Search 06-24-2022 0 3	0	3
	How to create a Timechart that spans 1 week, starts from Monday 00:00 Hello, I couldn't find sufficient solution at documentation nor community. I have to setup timechart, where span=1w, ... by JacobWrdz Explorer in Splunk Search 06-24-2022 0 2	0	2
	Time Range Question I have doubts that this Saved Search may not be properly engineered and very taxing in terms of how time range is sp... by zacksoft_wf Contributor in Splunk Search 06-24-2022 0 4	0	4