Splunk Search

Community Activity

How to troubleshoot Server Error when searching for "java.lang." Hello, using Splunk version 8.1.3.Would you know why there’s a Server Error when we input the below search expression... by jmrtm44 Observer in Splunk Search 06-21-2022 0 3	0	3
How to obtain data from one search and store it in a variable to search data in another search? My search is like this index = idx source = src data_stamp = A field1 = lol \| table Field2 --> This generates ... by paritoshs24 Path Finder in Splunk Search 06-21-2022 0 6	0	6
How to pass the result of query1 to as a input string for the second query? Need to pass the result of query1 to as a input string for the second query. For the First query i'm getting output(x... by kiran007 Explorer in Splunk Search 06-21-2022 0 4	0	4
Could someone provide guidance on Lag found in splunk universal forwarders? Hi Community, I have two separate Splunk installs: one is the 8.1.0 version and another one is 8.2.5 The older vers... by _pravin Contributor in Splunk Search 06-21-2022 0 8	0	8
How to create column chart? I created this data table by "mvappend" command. dont have "_time" column and have only 3months records. MONTH itemA ... by SCSC Explorer in Splunk Search 06-20-2022 0 4	0	4
How do I change the Date time format? Hi Team, I have query, result returned for "dateofBirth" filed is "yyyymmdd" like "19911021", can I format the value... by hungln9 Explorer in Splunk Search 06-20-2022 0 1	0	1
SC4S: version 2 filter events not working Hi, I tried to filter events on version 2.30.0 based on v1.110.0 configuration, but it failed to dropped events in ve... by jomon_ng Observer in Splunk Search 06-20-2022 0 0	0	0
How to Pull specific value from MV field? Hi All, I have a mv field with a bunch of different values. I want to learn how to pull specific values based on stri... by morgantay96 Path Finder in Splunk Search 06-20-2022 0 2	0	2
Why is Lookup changing MV field to non MV? Hello I am a bit confused here but I have a search that runs and creates a multivalue field called "tags{}.name". Th... by morgantay96 Path Finder in Splunk Search 06-20-2022 0 4	0	4
How to change setting for saved searches maxing out at 50k results? Hi Splunk Community, I am having a problem with saved searches not saving the full results. I have a saved search tha... by jpfrancetic Path Finder in Splunk Search 06-20-2022 0 2	0	2
How to store this string in a variable and use it in any other index? index = "abc" required_field = "xx" \| table date - gives me a single string in the table. How can I store this string... by nikhilmalkari18 New Member in Splunk Search 06-20-2022 0 4	0	4
how can i use like and not like in the same query? \| where like(RouteCode, "50%") AND !like(RouteCode, "503%")I am trying to show Routecode 501,2, -- anyother not 503. by ashidhingra Path Finder in Splunk Search 06-20-2022 0 1	0	1
How to compare predefined fields against Splunk search query? And then for each mismatch in result? Hello All, I am new to Splunk. My Splunk index is already getting data from a Kafka source index=k_index sourcetype... by chandysir Explorer in Splunk Search 06-20-2022 0 5	0	5
How to use the second index to search missing fields Please see this search - i'm trying to add missing field values from another index to this search. index=1 earliest=-... by NewGhost Engager in Splunk Search 06-20-2022 0 4	0	4
Why is sourcetype pan:threat extracting incorrect fields? Hi all, so, on my es-security search head, this sourcetype is incorrectly parsing the user field. It is capturing all... by IngmarHicoz Engager in Splunk Search 06-20-2022 0 2	0	2
Help with query to notify when data ingestion is stopped Query to find when host is stopped, Here as mentioned in picture, the field _time stopped at the time , when the host... by smanojkumar Contributor in Splunk Search 06-20-2022 0 4	0	4
How to crete an alert to notify when host back to normal? I'm having a list of serve down and need to notify once its back to normal (up), This is the requirement, once the s... by smanojkumar Contributor in Splunk Search 06-20-2022 0 0	0	0
How to get All legend names to be displayed in Piechart View? ( \| stats count by app ) I have 30 apps to be displayed in a Piechart format. But in visualization i can view only 14... by vn_g Path Finder in Splunk Search 06-20-2022 0 11	0	11
How to replace a string with RegEx in search result I have my Sonicwall logfiles coming into Splunk. By searching this index I want to replace "dst" (Destination IP addr... by Dolfing Explorer in Splunk Search 06-20-2022 0 4	0	4
Is there a way calculate the duration between the status=holding and status=end also? Hi All, I am using transaction to group my DDOS appliance events based on a field called status which has values lik... by neerajs_81 Builder in Splunk Search 06-20-2022 0 1	0	1
How to group over multiple fields for stats? Hi, I'm able to get the response in a tabular format using the command: table clientName, apiMethod, sourceSystem, ht... by nmarun Explorer in Splunk Search 06-19-2022 0 6	0	6
How do you use value or capture groups as regex's curly bracket number parameter? In the code below, i want the explicit {5} to be replaced with a variable like {$session_length$}. Is this possible? ... by mschaaf Path Finder in Splunk Search 06-19-2022 1 18	1	18
How to combine the rows of a table? Hi All, I have logs like below in splunk. log1: "count":1, log2: gcg.gom.esb_159515.rg.APIMediation.Disp1.3.Rs.APIM3 ... by Mrig342 Contributor in Splunk Search 06-19-2022 0 4	0	4
How to Merge two query resultsets? I have two Searches and following are its result individually - index="myindex" <my search 1> \| table App Size Count ... by runiyal Path Finder in Splunk Search 06-19-2022 0 4	0	4
How do I select 2 lines in logs using regex? Hi, I am working on logs so the logs can be of just one line or multiple lines and if it is of one line I wanted to t... by badrinath Path Finder in Splunk Search 06-19-2022 0 1	0	1