Splunk Search

Community Activity

Which permission do I need to share sourcetype with users? Hey everyone and I hope your having a great day!I have configured a custom field extraction in the Splunk search app ... by test2001 Observer in Splunk Search 06-08-2022 0 0	0	0
How to remove closing bracket "]" from my data? Data looks like src:10.124.4.151] and i want to remove this bracket and data should look like 10.124.4.151 I am try ... by R_M Loves-to-Learn in Splunk Search 06-08-2022 0 2	0	2
How to count the number of sessions with more than one intent? I'm trying to count the number of sessions (known as sessionId) that have more than 2 intents. (An intent is a field ... by KyleMcDougall Path Finder in Splunk Search 06-08-2022 0 9	0	9
How to specify the time frame in a search? Hello,How would I specify the time frame in a search to provide me the events between 7am - 5pm weekdays and all resu... by troy44112 Explorer in Splunk Search 06-07-2022 0 2	0	2
How to measure by-host "imbalance"? Gurus I have an infoblox query that simply measures total amount of queries over a certain period by host for a given... by stucky101 Engager in Splunk Search 06-07-2022 0 10	0	10
How to exclude events if results from entire day returns zero? I need to exclude events from a timechart only if they fulfill 2 conditions:the field returns 0 for ALL events in the... by dzyfer Path Finder in Splunk Search 06-07-2022 0 1	0	1
Why are historical events not showing up in searches? I needed to restart my Splunk instance on our heavy forwarder the other day. After restarting, I am unable to search ... by amoore12 Explorer in Splunk Search 06-07-2022 1 20	1	20
Throttling resetting suppresions I'm getting a bit annoyed at throttling for each, as although it works - it has a habit of resetting itself if I need... by donelliot Path Finder in Splunk Search 06-07-2022 0 0	0	0
How to extract 50A720 or 816851using \| rex field=name mode=sed "s/816851/"? The data i have is 816851-567-7554080981706881 50A720 -123-8150015922249983 816851-567-1135131573613120816851-567-006... by ashidhingra Path Finder in Splunk Search 06-07-2022 0 4	0	4
How to get aggregate information from lookup table and return to outer dbxquery? Hi, I have a table as the main search using dbxquery below:\| dbxquery connection=my_connection query="SELECT id, star... by grantmeng Loves-to-Learn Lots in Splunk Search 06-07-2022 0 6	0	6
How to calculate dates in splunk? again i wanted to list difference in dates between two periods and i have this code \| eval LPD = strptime(LastPickupD... by ositaumeozulu Explorer in Splunk Search 06-07-2022 0 4	0	4
How to measure the server down time based on host and server status? Sample Event: sent=1 received=0 packet_loss=100 min_ping=NA avg_ping=NA max_ping=NA jitter=NA return_code=1 dest=SHTC... by ShamGowda Loves-to-Learn Lots in Splunk Search 06-07-2022 0 6	0	6
How to pass result of one query to input as filed for another query? I'm trying to pass the result of one query to as input field for another query. Please see the below screen shots and... by kiran007 Explorer in Splunk Search 06-07-2022 0 4	0	4
How to use predicate expression in search? Hi everybody,My data is: A = 10, B= 20, C = 30.the fomular that I use is: result = A/(B+C) but I have to verify, the ... by Julia1231 Communicator in Splunk Search 06-07-2022 0 1	0	1
How to extract common values from a multi-value field for different event times. Hi All,I have a multi-value field as shown below-_time field_test2022-05-13 04:36... by ashishdhinwa Engager in Splunk Search 06-07-2022 0 3	0	3
How to calculate dates in my search? Sorry team to bother you again, i have a code that is giving me issues \| eval InT = (strptime('LastPickupDate',"%m-%d... by ositaumeozulu Explorer in Splunk Search 06-07-2022 0 2	0	2
How to write a search query for disk partition I/O (as a pie chart) from Unix TA, which is onboarding Linux data. How to write a search query for disk partition I/O (as a pie chart) from Unix TA, which is onboarding Linux data. Any... by Mariusz Engager in Splunk Search 06-07-2022 0 0	0	0
Extract all regex matches as a list in each log Input:Message ID... tt_1 ... tt_2 ... tt_9 ... tt_3 ... by nagulan_s Loves-to-Learn Everything in Splunk Search 06-07-2022 0 9	0	9
How to convert multiples data field using xyseries and sort data Month wise? Hi, My data is in below format I am trying to add the total of all the columns and show it as below Please help me ... by Ashwini008 Builder in Splunk Search 06-07-2022 0 4	0	4
Is it possible to leverage view used by other app that doesn't exist in splunkjs/mvc? Hi, I am trying to create a splunk app that mimics as much of the Search and Report functionality as possible with so... by rnelson30 Engager in Splunk Search 06-07-2022 0 3	0	3
Why is splunk not detecting All Files during search? Hi, im currently facing problem where splunk can detect all my files in directory but when doing searching, splunk ca... by aamirulh New Member in Splunk Search 06-06-2022 0 1	0	1
How to edit my regex to remove all text before ":" if there is more than one Hello Team, Splunkers, I am working on a correlation search and need to use a regex expression to strip all text bef... by nikolaevnz Engager in Splunk Search 06-06-2022 0 2	0	2
How to use an evaluated field in search command? Could you please let me know how to use an evaluated field in search command index=main sourcetype="access_combined" ... by biju_babu Explorer in Splunk Search 06-06-2022 0 6	0	6
How to create a kvpair from two automatically extracted JSON arrays? I'm in a situation where by sourcetype, I'm already having a nested JSON array broken into 2 fields: DeviceProperties... by mjones414 Contributor in Splunk Search 06-06-2022 0 2	0	2
Is it possible to get dropdown token display name and value? Hi I have a dropdown in my dashboard studio which has some static values like TokenName: appName Display NameValueAp... by biju_babu Explorer in Splunk Search 06-06-2022 0 4	0	4