Splunk Search

Community Activity

How to calculate duration? Hi, I try to calculate the duration I have extracted 2 fields, start_time and end_time -- I believe both times shoul... by edwinmae Path Finder in Splunk Search 06-03-2022 0 2	0	2
How to use a field outside of map as map's search query? I have a field called query that's like so:(index="abc" OR index="def") (host="ghi" OR host="jkl") (sourcetype="mno" ... by yaharga Path Finder in Splunk Search 06-03-2022 0 7	0	7
How to create Search for orphaned assets from a lookup - reverse wildcard? Hi, I am working on a way to find an orphaned asset based on asset inventory I have in a lookup, which looks somethin... by KMoryson Explorer in Splunk Search 06-03-2022 0 4	0	4
Reg - How do I extract username? Hi All, I'm trying to extract the username from the _raw field using regex, how do I extract the username. The u... by Sasti Engager in Splunk Search 06-03-2022 0 6	0	6
How to search with Splunk eval using a different search results to populate field value Hopefully I can explain this in a way where it can be understood and fingers crossed answered. I have a search that ... by michael92956 New Member in Splunk Search 06-03-2022 0 1	0	1
How to extract only first word from a field value? Hi I need to extract only name values (first word value eg:james) from the below Name filed I tried with rex field=N... by sashib Explorer in Splunk Search 06-03-2022 0 4	0	4
Help generating a choropleth map using geom command Hi There, I am trying to generate a choropleth map of US using the following command :\| iplocation final_ip\|search Co... by heavenisreal Loves-to-Learn Lots in Splunk Search 06-02-2022 0 5	0	5
How to change the result of my stats count? Hi guys, I'm a Splunk beginner and I'm having some trouble making a specific query. I have a health check log, I want... by juliop3p Explorer in Splunk Search 06-02-2022 0 1	0	1
Splunk geom: How do I showcase only US on the choropleth map for the dashboard ? Hi There, How do I showcase only US on the choropleth map for the dashboard? That is the dashboard panel should have ... by heavenisreal Loves-to-Learn Lots in Splunk Search 06-02-2022 0 0	0	0
How to retrieve the final value from the last instance of a field? Hello, I'm trying to pull the final value for a product name. In a single event, we make multiple calls to an API for... by KyleMcDougall Path Finder in Splunk Search 06-02-2022 0 1	0	1
How to Determine total time duration (deduplicated) for overlapping events? To start - I was suggested this solution, but despite the fact that the question is very similar the answer marked as... by dw_jcro Loves-to-Learn Lots in Splunk Search 06-02-2022 0 5	0	5
Why am I not receiving the confirmation SMS or alerts SMS? Hey guys, I hope you're doing well, I didn't receive the SMS verification code or SMS alters on the Splunk on-call... by MatBav New Member in Splunk Search 06-02-2022 0 0	0	0
Return only the first matching event Is there any way to make Splunk stop a search once it has found the first event matching your search? limit=1 in the... by blurblebot Communicator in Splunk Search 06-02-2022 1 3	1	3
How can I get counts for yesterday and last week? Hi Splunkers, I am stuck at how can I get counts for Yesterday and Last week. so ask is when select relative time fro... by dpatel01 Loves-to-Learn in Splunk Search 06-02-2022 0 2	0	2
How to find the difference in field values between two lookups Hello all, I had a question that I have been trying to figure out how to address within a concise SPL query. I have ... by Jasper Loves-to-Learn Lots in Splunk Search 06-02-2022 0 2	0	2
Is there a way to change the order of the "stack_trace" attribute? Is there a way to change the order of the "stack_trace" attribute, so it shows up last within the log message ? by aroc725 Loves-to-Learn in Splunk Search 06-02-2022 0 6	0	6
What am I doing wrong with my stats table? Hi I have table like this: name color status jack red fail jack blue ... by indeed_2000 Motivator in Splunk Search 06-02-2022 0 18	0	18
How to calculate count and percentage of fields? hi need to calculate count and percentage of fields. orginal post here, the main issue is fields contain space or bal... by indeed_2000 Motivator in Splunk Search 06-02-2022 0 1	0	1
Extracting data from Json key value(containing no array), using transpose and outer join I have json in following format. { "timestamp": "1625577829075", "debug": "true", "A_real": { "Sig1": { ... by ruhibansal Explorer in Splunk Search 06-02-2022 0 4	0	4
How to correct the time in the "elapsed_Time" field? index="SOMETHING" earliest=-30d@d\| stats earliest(_time) as action_StartTime latest(_time) as action_EndTime\| eval e... by saurabhbdwj Engager in Splunk Search 06-02-2022 0 2	0	2
How to optimize this search ? Hi,I have an SPL, which should exclude the ip values from 4 lookups. So i tried it with a subsearch approach. But thi... by Woodpecker Path Finder in Splunk Search 06-01-2022 0 1	0	1
How does Splunk calculate Time to Triage? How does Splunk calculate Time to Triage, what data does it use? e.g. time an event occurred and time the event was p... by -Chris- Observer in Splunk Search 06-01-2022 0 3	0	3
Why do I need a \| when using a macro with a generating command? I have a macro that starts with a search command. When I ran it, I noticed I was getting a different number of resul... by cvg1wby Explorer in Splunk Search 06-01-2022 0 2	0	2
Help with a simple search I am trying to do a search where by: index=firewall (src_ip=172.16.0.0/12) dest_ip!(172.16.0.0/12) \| table src_ip ... by agallegos Engager in Splunk Search 06-01-2022 0 3	0	3
Why is search for multiple Windows events failing? I am running Splunk Enterprise and am trying to create a dashboard panel "Events" search string that pulls multiple W... by Robert11 Path Finder in Splunk Search 06-01-2022 0 6	0	6