Splunk Search

Community Activity

How do I change the Date time format? Hi Team, I have query, result returned for "dateofBirth" filed is "yyyymmdd" like "19911021", can I format the value... by hungln9 Explorer in Splunk Search 06-20-2022 0 1	0	1
SC4S: version 2 filter events not working Hi, I tried to filter events on version 2.30.0 based on v1.110.0 configuration, but it failed to dropped events in ve... by jomon_ng Observer in Splunk Search 06-20-2022 0 0	0	0
How to Pull specific value from MV field? Hi All, I have a mv field with a bunch of different values. I want to learn how to pull specific values based on stri... by morgantay96 Path Finder in Splunk Search 06-20-2022 0 2	0	2
Why is Lookup changing MV field to non MV? Hello I am a bit confused here but I have a search that runs and creates a multivalue field called "tags{}.name". Th... by morgantay96 Path Finder in Splunk Search 06-20-2022 0 4	0	4
How to change setting for saved searches maxing out at 50k results? Hi Splunk Community, I am having a problem with saved searches not saving the full results. I have a saved search tha... by jpfrancetic Path Finder in Splunk Search 06-20-2022 0 2	0	2
How to store this string in a variable and use it in any other index? index = "abc" required_field = "xx" \| table date - gives me a single string in the table. How can I store this string... by nikhilmalkari18 New Member in Splunk Search 06-20-2022 0 4	0	4
how can i use like and not like in the same query? \| where like(RouteCode, "50%") AND !like(RouteCode, "503%")I am trying to show Routecode 501,2, -- anyother not 503. by ashidhingra Path Finder in Splunk Search 06-20-2022 0 1	0	1
How to compare predefined fields against Splunk search query? And then for each mismatch in result? Hello All, I am new to Splunk. My Splunk index is already getting data from a Kafka source index=k_index sourcetype... by chandysir Explorer in Splunk Search 06-20-2022 0 5	0	5
How to use the second index to search missing fields Please see this search - i'm trying to add missing field values from another index to this search. index=1 earliest=-... by NewGhost Engager in Splunk Search 06-20-2022 0 4	0	4
Why is sourcetype pan:threat extracting incorrect fields? Hi all, so, on my es-security search head, this sourcetype is incorrectly parsing the user field. It is capturing all... by IngmarHicoz Engager in Splunk Search 06-20-2022 0 2	0	2
Help with query to notify when data ingestion is stopped Query to find when host is stopped, Here as mentioned in picture, the field _time stopped at the time , when the host... by smanojkumar Contributor in Splunk Search 06-20-2022 0 4	0	4
How to crete an alert to notify when host back to normal? I'm having a list of serve down and need to notify once its back to normal (up), This is the requirement, once the s... by smanojkumar Contributor in Splunk Search 06-20-2022 0 0	0	0
How to get All legend names to be displayed in Piechart View? ( \| stats count by app ) I have 30 apps to be displayed in a Piechart format. But in visualization i can view only 14... by vn_g Path Finder in Splunk Search 06-20-2022 0 11	0	11
How to replace a string with RegEx in search result I have my Sonicwall logfiles coming into Splunk. By searching this index I want to replace "dst" (Destination IP addr... by Dolfing Explorer in Splunk Search 06-20-2022 0 4	0	4
Is there a way calculate the duration between the status=holding and status=end also? Hi All, I am using transaction to group my DDOS appliance events based on a field called status which has values lik... by neerajs_81 Builder in Splunk Search 06-20-2022 0 1	0	1
How to group over multiple fields for stats? Hi, I'm able to get the response in a tabular format using the command: table clientName, apiMethod, sourceSystem, ht... by nmarun Explorer in Splunk Search 06-19-2022 0 6	0	6
How do you use value or capture groups as regex's curly bracket number parameter? In the code below, i want the explicit {5} to be replaced with a variable like {$session_length$}. Is this possible? ... by mschaaf Path Finder in Splunk Search 06-19-2022 1 18	1	18
How to combine the rows of a table? Hi All, I have logs like below in splunk. log1: "count":1, log2: gcg.gom.esb_159515.rg.APIMediation.Disp1.3.Rs.APIM3 ... by Mrig342 Contributor in Splunk Search 06-19-2022 0 4	0	4
How to Merge two query resultsets? I have two Searches and following are its result individually - index="myindex" <my search 1> \| table App Size Count ... by runiyal Path Finder in Splunk Search 06-19-2022 0 4	0	4
How do I select 2 lines in logs using regex? Hi, I am working on logs so the logs can be of just one line or multiple lines and if it is of one line I wanted to t... by badrinath Path Finder in Splunk Search 06-19-2022 0 1	0	1
Help with union not working Hello I'm running this query: \| union [ search host="puppet-01" OR host="jenkins-01" OR host="ANSIBLE-01" sour... by sarit_s Communicator in Splunk Search 06-19-2022 0 4	0	4
Implementation of logic in search to send an alert My requirements consists of lookup file, it consists of list of hosts, as it is the saved results of an alert, so the... by smanojkumar Contributor in Splunk Search 06-18-2022 0 3	0	3
How to create an Alert on disabled AD accounts being re-enabled? Does anyone have experience writing a query that can be used to alert on disabled AD accounts being re-enabled? I've ... by eblackburn Path Finder in Splunk Search 06-17-2022 0 2	0	2
Rex Field ... by jwursteisen Engager in Splunk Search 06-17-2022 0 4	0	4
How to combine data based on a common field? Hi all, i have some data task name, execution date, link uploaded earlier. Now i want to add some more data related t... by anooshac Communicator in Splunk Search 06-17-2022 0 6	0	6