Splunk Search

Community Activity

	Is there a way to edit the output given by sub search? I have a sub query that gives the output example below Sub Query [ search index=prod_diamond sourcetype=CloudWatch_... by Callum_f Explorer in Splunk Search 06-21-2022 0 3	0	3
	How do I write a lookup after a lookup is search matches? Hi, am working on a lookup in a lookup. i have the following search: index=* source="*WinEventLog:Security" EventCode... by HansNL Loves-to-Learn in Splunk Search 06-21-2022 0 5	0	5
	How to Access Application specific lookup when multiple have the same name? Hi,Is there a way to target which application lookup you want to use?Lets say there are 3 applications, A, B and C, ... by bdunstan Path Finder in Splunk Search 06-21-2022 0 2	0	2
	Help with Splunk Regex Hi Team - Need your expertise in Regex. The below is the rawlog i need to extract the Date and time the only unique... by kc_prane Communicator in Splunk Search 06-21-2022 0 7	0	7
	Why is tstats not displaying all expected hosts? We are about to open up a Splunk ticket for this issue, but figured we'd check with the community first. Problem: The... by BLACKBEARCO Explorer in Splunk Search 06-21-2022 0 3	0	3
	What's wrong with this case statement? When I add this case statement to my search, all results for Severity are "Other". What did I miss?\| eval Severity=ca... by mistydennis Communicator in Splunk Search 06-21-2022 0 10	0	10
	How to troubleshoot Server Error when searching for "java.lang." Hello, using Splunk version 8.1.3.Would you know why there’s a Server Error when we input the below search expression... by jmrtm44 Observer in Splunk Search 06-21-2022 0 3	0	3
	How to obtain data from one search and store it in a variable to search data in another search? My search is like this index = idx source = src data_stamp = A field1 = lol \| table Field2 --> This generates ... by paritoshs24 Path Finder in Splunk Search 06-21-2022 0 6	0	6
	How to pass the result of query1 to as a input string for the second query? Need to pass the result of query1 to as a input string for the second query. For the First query i'm getting output(x... by kiran007 Explorer in Splunk Search 06-21-2022 0 4	0	4
	Could someone provide guidance on Lag found in splunk universal forwarders? Hi Community, I have two separate Splunk installs: one is the 8.1.0 version and another one is 8.2.5 The older vers... by _pravin Contributor in Splunk Search 06-21-2022 0 8	0	8
	How to create column chart? I created this data table by "mvappend" command. dont have "_time" column and have only 3months records. MONTH itemA ... by SCSC Explorer in Splunk Search 06-20-2022 0 4	0	4
	How do I change the Date time format? Hi Team, I have query, result returned for "dateofBirth" filed is "yyyymmdd" like "19911021", can I format the value... by hungln9 Explorer in Splunk Search 06-20-2022 0 1	0	1
	SC4S: version 2 filter events not working Hi, I tried to filter events on version 2.30.0 based on v1.110.0 configuration, but it failed to dropped events in ve... by jomon_ng Observer in Splunk Search 06-20-2022 0 0	0	0
	How to Pull specific value from MV field? Hi All, I have a mv field with a bunch of different values. I want to learn how to pull specific values based on stri... by morgantay96 Path Finder in Splunk Search 06-20-2022 0 2	0	2
	Why is Lookup changing MV field to non MV? Hello I am a bit confused here but I have a search that runs and creates a multivalue field called "tags{}.name". Th... by morgantay96 Path Finder in Splunk Search 06-20-2022 0 4	0	4
	How to change setting for saved searches maxing out at 50k results? Hi Splunk Community, I am having a problem with saved searches not saving the full results. I have a saved search tha... by jpfrancetic Path Finder in Splunk Search 06-20-2022 0 2	0	2
	How to store this string in a variable and use it in any other index? index = "abc" required_field = "xx" \| table date - gives me a single string in the table. How can I store this string... by nikhilmalkari18 New Member in Splunk Search 06-20-2022 0 4	0	4
	how can i use like and not like in the same query? \| where like(RouteCode, "50%") AND !like(RouteCode, "503%")I am trying to show Routecode 501,2, -- anyother not 503. by ashidhingra Path Finder in Splunk Search 06-20-2022 0 1	0	1
	How to compare predefined fields against Splunk search query? And then for each mismatch in result? Hello All, I am new to Splunk. My Splunk index is already getting data from a Kafka source index=k_index sourcetype... by chandysir Explorer in Splunk Search 06-20-2022 0 5	0	5
	How to use the second index to search missing fields Please see this search - i'm trying to add missing field values from another index to this search. index=1 earliest=-... by NewGhost Engager in Splunk Search 06-20-2022 0 4	0	4
	Why is sourcetype pan:threat extracting incorrect fields? Hi all, so, on my es-security search head, this sourcetype is incorrectly parsing the user field. It is capturing all... by IngmarHicoz Engager in Splunk Search 06-20-2022 0 2	0	2
	Help with query to notify when data ingestion is stopped Query to find when host is stopped, Here as mentioned in picture, the field _time stopped at the time , when the host... by smanojkumar Contributor in Splunk Search 06-20-2022 0 4	0	4
	How to crete an alert to notify when host back to normal? I'm having a list of serve down and need to notify once its back to normal (up), This is the requirement, once the s... by smanojkumar Contributor in Splunk Search 06-20-2022 0 0	0	0
	How to get All legend names to be displayed in Piechart View? ( \| stats count by app ) I have 30 apps to be displayed in a Piechart format. But in visualization i can view only 14... by vn_g Path Finder in Splunk Search 06-20-2022 0 11	0	11
	How to replace a string with RegEx in search result I have my Sonicwall logfiles coming into Splunk. By searching this index I want to replace "dst" (Destination IP addr... by Dolfing Explorer in Splunk Search 06-20-2022 0 4	0	4