Splunk Search

Community Activity

Is there a way to not do expansion of sourcetype? I execute a search with this ... index=foo sourcetype=wineventlog field=value ... In the search.log I am seeing a... by fredclown Builder in Splunk Search 06-23-2022 0 1	0	1
How to create search to filter on a field after rex extraction? Hello, I need to create a search that will display results based on a specific value.My issue is that the following s... by yanisA Explorer in Splunk Search 06-23-2022 0 1	0	1
How do I get over conditional functions formatting? Hello community, like to ask for support to get over conditional formatting. I have 3 different products in a group. ... by Stives Explorer in Splunk Search 06-23-2022 0 8	0	8
Why when using transaction to calculate duration after a dedup doesnt return values wanted? Hi All, I am new to splunk and not a developer so first up apologies for any poor syntax or coding practices. What am... by stuwoodward Engager in Splunk Search 06-23-2022 0 2	0	2
How to create a list to collect "well-knowed process"? Hi, I'm doing a project and I've installed Splunk Trial Enterprise on a server and Universal Forwarder on other three... by raffaelecervino Engager in Splunk Search 06-23-2022 0 4	0	4
How to achieve readable date format for scatter plot x-axis? I have the below query, I need the scatter point visualization for this. time on the x axis and the build duration o... by Ishan Loves-to-Learn in Splunk Search 06-23-2022 0 0	0	0
How to extract the short description from incoming event? Hi Everyone, I have a field called as TriggeredMessage coming in an event in Splunk and I want to extract the short d... by Splunk4 Explorer in Splunk Search 06-23-2022 1 14	1	14
How can I count my logins by a field? I have this query and I want to count how many logins were made by id, like if a person logged in 3 times I just want... by rebecalopes241 New Member in Splunk Search 06-22-2022 0 1	0	1
How to extract and download a field of array from an event? I have an event which is constructed like the following: { name: string, time: string, duration: string, ... by hantaliu Loves-to-Learn Lots in Splunk Search 06-22-2022 0 1	0	1
Failed eval command from sub search numerical results- Any suggestions? Hello gurus I'm trying to return a percentage from the results of sub searches. The value User_count and Device_count... by Seawheels51 Path Finder in Splunk Search 06-22-2022 0 2	0	2
Why us extracted field not shown in the search? Hi, I went to the search of my own app I created a extracted field using the wizard. Once created, I go to Settings-... by corti77 Contributor in Splunk Search 06-22-2022 0 5	0	5
Why is Splunk not ignoring field with NOT in subsearch? this is my query earliest=-15m latest=now index=** host="*" LOG_LEVEL=ERROR OR LOG_LEVEL=FATAL OR logLevel=ERROR OR ... by deepakgarg1373 Loves-to-Learn Lots in Splunk Search 06-22-2022 0 15	0	15
Need Help with Splunk Query Hello Splunkers,I need help with Network Security Group flow logs where each of the tuples should be a single event ... by nilbak88 Explorer in Splunk Search 06-22-2022 0 6	0	6
How to join data on my two sources (A and B) on the fields? Hi, I need to join data on my 2 source A and B on the fields "Workitems_URL" and "Work Item URL" In source B, there ... by boxmetal Path Finder in Splunk Search 06-22-2022 0 3	0	3
Exclude multiple events based on a common field Hi All, Below are 2 sets of raw events from my DDOS appliance. The sets are separated based on the eventID field. ... by neerajs_81 Builder in Splunk Search 06-22-2022 0 4	0	4
How do you tabulate a percentage of field value in a table? My search shows each website category and the number of times each category was visited. What I would like to create... by DEAD_BEEF Builder in Splunk Search 06-22-2022 0 3	0	3
Extracting a specific message from a changing field Hi everyone. I am a new user to Splunk. Recently, I have met some trouble with trying to extract a certain message ou... by Michael_Scott Explorer in Splunk Search 06-21-2022 0 4	0	4
How to create alarms when count = 0? How can i create an alarm when a location goes down? index=internal sourcetype=abc\| timechart span=5m count(linecoun... by ashidhingra Path Finder in Splunk Search 06-21-2022 0 3	0	3
How do I Pass all Stats Values retrieved from a Query into a new Query? I am using the query below to gather all the request IDs of when an error occurs when calling an api. It provides a l... by Callum_f Explorer in Splunk Search 06-21-2022 0 6	0	6
Is there a way to edit the output given by sub search? I have a sub query that gives the output example below Sub Query [ search index=prod_diamond sourcetype=CloudWatch_... by Callum_f Explorer in Splunk Search 06-21-2022 0 3	0	3
How do I write a lookup after a lookup is search matches? Hi, am working on a lookup in a lookup. i have the following search: index=* source="*WinEventLog:Security" EventCode... by HansNL Loves-to-Learn in Splunk Search 06-21-2022 0 5	0	5
How to Access Application specific lookup when multiple have the same name? Hi,Is there a way to target which application lookup you want to use?Lets say there are 3 applications, A, B and C, ... by bdunstan Path Finder in Splunk Search 06-21-2022 0 2	0	2
Help with Splunk Regex Hi Team - Need your expertise in Regex. The below is the rawlog i need to extract the Date and time the only unique... by kc_prane Communicator in Splunk Search 06-21-2022 0 7	0	7
Why is tstats not displaying all expected hosts? We are about to open up a Splunk ticket for this issue, but figured we'd check with the community first. Problem: The... by BLACKBEARCO Explorer in Splunk Search 06-21-2022 0 3	0	3
What's wrong with this case statement? When I add this case statement to my search, all results for Severity are "Other". What did I miss?\| eval Severity=ca... by mistydennis Communicator in Splunk Search 06-21-2022 0 10	0	10