Splunk Search

Community Activity

	Need Help with Splunk Query Hello Splunkers,I need help with Network Security Group flow logs where each of the tuples should be a single event ... by nilbak88 Explorer in Splunk Search 06-22-2022 0 6	0	6
	How to join data on my two sources (A and B) on the fields? Hi, I need to join data on my 2 source A and B on the fields "Workitems_URL" and "Work Item URL" In source B, there ... by boxmetal Path Finder in Splunk Search 06-22-2022 0 3	0	3
	Exclude multiple events based on a common field Hi All, Below are 2 sets of raw events from my DDOS appliance. The sets are separated based on the eventID field. ... by neerajs_81 Builder in Splunk Search 06-22-2022 0 4	0	4
	How do you tabulate a percentage of field value in a table? My search shows each website category and the number of times each category was visited. What I would like to create... by DEAD_BEEF Builder in Splunk Search 06-22-2022 0 3	0	3
	Extracting a specific message from a changing field Hi everyone. I am a new user to Splunk. Recently, I have met some trouble with trying to extract a certain message ou... by Michael_Scott Explorer in Splunk Search 06-21-2022 0 4	0	4
	How to create alarms when count = 0? How can i create an alarm when a location goes down? index=internal sourcetype=abc\| timechart span=5m count(linecoun... by ashidhingra Path Finder in Splunk Search 06-21-2022 0 3	0	3
	How do I Pass all Stats Values retrieved from a Query into a new Query? I am using the query below to gather all the request IDs of when an error occurs when calling an api. It provides a l... by Callum_f Explorer in Splunk Search 06-21-2022 0 6	0	6
	Is there a way to edit the output given by sub search? I have a sub query that gives the output example below Sub Query [ search index=prod_diamond sourcetype=CloudWatch_... by Callum_f Explorer in Splunk Search 06-21-2022 0 3	0	3
	How do I write a lookup after a lookup is search matches? Hi, am working on a lookup in a lookup. i have the following search: index=* source="*WinEventLog:Security" EventCode... by HansNL Loves-to-Learn in Splunk Search 06-21-2022 0 5	0	5
	How to Access Application specific lookup when multiple have the same name? Hi,Is there a way to target which application lookup you want to use?Lets say there are 3 applications, A, B and C, ... by bdunstan Path Finder in Splunk Search 06-21-2022 0 2	0	2
	Help with Splunk Regex Hi Team - Need your expertise in Regex. The below is the rawlog i need to extract the Date and time the only unique... by kc_prane Communicator in Splunk Search 06-21-2022 0 7	0	7
	Why is tstats not displaying all expected hosts? We are about to open up a Splunk ticket for this issue, but figured we'd check with the community first. Problem: The... by BLACKBEARCO Explorer in Splunk Search 06-21-2022 0 3	0	3
	What's wrong with this case statement? When I add this case statement to my search, all results for Severity are "Other". What did I miss?\| eval Severity=ca... by mistydennis Communicator in Splunk Search 06-21-2022 0 10	0	10
	How to troubleshoot Server Error when searching for "java.lang." Hello, using Splunk version 8.1.3.Would you know why there’s a Server Error when we input the below search expression... by jmrtm44 Observer in Splunk Search 06-21-2022 0 3	0	3
	How to obtain data from one search and store it in a variable to search data in another search? My search is like this index = idx source = src data_stamp = A field1 = lol \| table Field2 --> This generates ... by paritoshs24 Path Finder in Splunk Search 06-21-2022 0 6	0	6
	How to pass the result of query1 to as a input string for the second query? Need to pass the result of query1 to as a input string for the second query. For the First query i'm getting output(x... by kiran007 Explorer in Splunk Search 06-21-2022 0 4	0	4
	Could someone provide guidance on Lag found in splunk universal forwarders? Hi Community, I have two separate Splunk installs: one is the 8.1.0 version and another one is 8.2.5 The older vers... by _pravin Contributor in Splunk Search 06-21-2022 0 8	0	8
	How to create column chart? I created this data table by "mvappend" command. dont have "_time" column and have only 3months records. MONTH itemA ... by SCSC Explorer in Splunk Search 06-20-2022 0 4	0	4
	How do I change the Date time format? Hi Team, I have query, result returned for "dateofBirth" filed is "yyyymmdd" like "19911021", can I format the value... by hungln9 Explorer in Splunk Search 06-20-2022 0 1	0	1
	SC4S: version 2 filter events not working Hi, I tried to filter events on version 2.30.0 based on v1.110.0 configuration, but it failed to dropped events in ve... by jomon_ng Observer in Splunk Search 06-20-2022 0 0	0	0
	How to Pull specific value from MV field? Hi All, I have a mv field with a bunch of different values. I want to learn how to pull specific values based on stri... by morgantay96 Path Finder in Splunk Search 06-20-2022 0 2	0	2
	Why is Lookup changing MV field to non MV? Hello I am a bit confused here but I have a search that runs and creates a multivalue field called "tags{}.name". Th... by morgantay96 Path Finder in Splunk Search 06-20-2022 0 4	0	4
	How to change setting for saved searches maxing out at 50k results? Hi Splunk Community, I am having a problem with saved searches not saving the full results. I have a saved search tha... by jpfrancetic Path Finder in Splunk Search 06-20-2022 0 2	0	2
	How to store this string in a variable and use it in any other index? index = "abc" required_field = "xx" \| table date - gives me a single string in the table. How can I store this string... by nikhilmalkari18 New Member in Splunk Search 06-20-2022 0 4	0	4
	how can i use like and not like in the same query? \| where like(RouteCode, "50%") AND !like(RouteCode, "503%")I am trying to show Routecode 501,2, -- anyother not 503. by ashidhingra Path Finder in Splunk Search 06-20-2022 0 1	0	1