Splunk Search

Community Activity

Using Concatenated Fields for With Wildcards for Searching Hey CommunityNeed guidance with below scenario.A user will provide an IP address as input. I want that last two octet... by pagnihot Path Finder in Splunk Search 06-30-2022 0 5	0	5
Splunk search REST API - Is there a way to search searches containing white space without error? Hi,I'm using splunk web to check some searches/alerts:1. \| rest /servicesNS/-/-/saved/searches/ splunk_server=local \|... by splunkmagu Explorer in Splunk Search 06-30-2022 0 1	0	1
How to create a report on storage growth with percentages? I have managed to pull together the following \| mstats max(_value) prestats=true WHERE metric_name="df.used" span=1mo... by SimonTurton New Member in Splunk Search 06-30-2022 0 1	0	1
Why are there Different results with "earliest" than with "earliest_time" when searching via API? Hello, I am running the following search via the API: search index=juniper sourcetype=juniper:junos:firewall "3389"\| ... by ymcardinal New Member in Splunk Search 06-30-2022 0 0	0	0
Index with one sourcetype - search performance / best practices Hello,I have created a few indexes, each containing data only from one source with one sourcetype.From a search perfo... by splunkmagu Explorer in Splunk Search 06-29-2022 0 6	0	6
Why does my sed replace command replace too much? I need some help figuring out why my sed replace command is replacing all of the text to the end of the event in Splu... by DempseyWilliams Explorer in Splunk Search 06-29-2022 0 5	0	5
How to work with nested Ifs and cases in a query? Hello, It's possible that I've had too long of a day, but I can't wrap my head around nesting many ifs. Is anyone wi... by mjon395 Explorer in Splunk Search 06-29-2022 0 2	0	2
How to compare the values of field for Remediate VA Report "Fixed" "Active Vulnerability" and "New Active"? I have a result of Vulneraries Scan of Quater1, Quater2 , Quarter3 and the remediate scan result of each Quarter ... ... by Rithekakan Path Finder in Splunk Search 06-29-2022 0 1	0	1
How to use Timechart Query? Hey guys , I need last 30 days stats for the use-cases that did not fire up on the ES console. Below is the query tha... by Sweet_Desire123 Engager in Splunk Search 06-29-2022 0 3	0	3
How to run multiple macros in the same search? Hi all! I'm trying to run multiple macros in the same search and eventually aggregate the results from each execution... by Raekmackbert Explorer in Splunk Search 06-29-2022 0 3	0	3
How do I hide a column in a table? Imagine a scenario where I need to have a hidden column in my table to serve a passing functionality. Example: I c... by dgomonov New Member in Splunk Search 06-29-2022 0 5	0	5
How to write query for including non business hours and weekends Hi ,I need a query for including non business hours and weekends by avinasa New Member in Splunk Search 06-29-2022 0 2	0	2
How to have Snap bin to last 5 minutes? I want my search to consider a 5 minute timeframe. I have a stats with a bin for a span of 5 minutes but when running... by SMM10 Explorer in Splunk Search 06-28-2022 0 2	0	2
How to create multiple value in single panel? Hi Team How to create multiple value in single panel dashboard. by jaibalaraman Path Finder in Splunk Search 06-28-2022 0 3	0	3
Why are my jobs' statuses stuck in "QUEUED" forever? I've got a role with more than 6 concurrency limit, and here is what I did: Step1. I submitted 6 concurrent jobs usi... by Z_Jacob Engager in Splunk Search 06-28-2022 1 4	1	4
How to merge two table without losing data and merge multiple rows with "," between each values? Hello, So I have 2 problems I have an alert that fire emails whenever FILE_NAME=FILE_ERROR, and when that happen, I h... by phamxuantung Communicator in Splunk Search 06-28-2022 0 3	0	3
Substring with value pairs, using format but remove variable names Hi,I have mail server logs where each mail has the MID number as identifier (for that mailserver =host, for that day)... by zolo Loves-to-Learn Lots in Splunk Search 06-28-2022 0 2	0	2
Why is website monitoring app not pulling data? we are using splunk cloud trying to monitor URL"s using website monitoring app but while checking its not showing lat... by sekhar463 Path Finder in Splunk Search 06-28-2022 0 0	0	0
How to remove "\n" character from string I have a serialized json string like below "{\n \"ID\": \"da419500-f6b4-11ec-8b49-025041000001\",\n \"Name\": \"splun... by guest_123 Engager in Splunk Search 06-28-2022 0 2	0	2
How to Collate Events By Matching String? Hi All, Im trying use Splunk to produce a table which will highlight the duration between the RUNNING event of one an... by ZCAMZ Loves-to-Learn Lots in Splunk Search 06-28-2022 0 1	0	1
Help with A table data with multiple JSON fields I need count of cloudfront-viewer-country and sec-ch-ua-platform for each OriginPlease help. Expected Result: If si... by shashaikhhh Explorer in Splunk Search 06-27-2022 0 3	0	3
How to get Daily average value of a field I have voltage data and want to get the average volts value per day for the last 7 days. This is where I left off fr... by jenkinsta Path Finder in Splunk Search 06-27-2022 0 2	0	2
Why won't eval substr is work with large string of 20k characters? Hi, I am new to Splunk. I just started using it last month. For me the below " \| eval error=substr(msg, 0, 1000) \| t... by RJDev Loves-to-Learn in Splunk Search 06-27-2022 0 8	0	8
Why my Saved Search is not writing summary to 'stash' souretype? I am investigating a customer's concern that this particular search is not writing summary to 'stash' sourcetype. Th... by zacksoft_wf Contributor in Splunk Search 06-27-2022 0 3	0	3
Why is one field not been extracted as expected? Hello everyone, I have an issue with one field let say foo These are the scenarios: 1. If I run a search just with t... by glpadilla_sol Path Finder in Splunk Search 06-27-2022 0 9	0	9