Splunk Search

Community Activity

	How to create eval to divide counts by auditType? Hi - I am a relatively novice Splunk user. I am looking at implict vs explicit audit events and looking to do a calcu... by Megz Explorer in Splunk Search 05-18-2022 0 5	0	5
	How to calculate latencies between jobs? Hi ,I need to find the time difference between two events, these events are when a job on our server starts running a... by Aqawelska Observer in Splunk Search 05-18-2022 0 1	0	1
	How to define multiple search or subsearch to merge all relevant information about alerts? Hello, Help me please. I'd like to define multiple search or subsearch to merge all relevant information about alerts... by gszabo Explorer in Splunk Search 05-18-2022 0 6	0	6
	Problem about auto extract fields Hi Community,I dealt with csv files before, splunk would auto extracted so many fields, shown as figure 1.But today, ... by cecilia_cheng1 Explorer in Splunk Search 05-18-2022 0 3	0	3
	How to write a Regex to search globally? below is the data which has multiple features for a single item. I want to write a regex which could search all occur... by onthakur Explorer in Splunk Search 05-18-2022 0 2	0	2
	How to feed regex results of a query into another query? My current Splunk regex query10.66.189.62 -- -- -[17/May/2022:05:59:16--0400]--502- "POST /astra/sliceHTTP/1.1" req_l... by crucifier_0 Explorer in Splunk Search 05-18-2022 0 4	0	4
	Is it possible to add a condition in this relative time? Even with timepicker the result count doesn't change hello I count events in a single panel from a relative time like below As you can see, I search only events between 7... by jip31 Motivator in Splunk Search 05-17-2022 0 5	0	5
	Are there any policy on Splunk would block REST API searches? i am trying to search over REST API, seeing "All Time searches don't adhere to Splunk best practices" Error. Any pol... by sunilr8 New Member in Splunk Search 05-17-2022 0 1	0	1
	Is it possible to run query returned from Rest? I am working on something to return our alerts from rest functions. What I want to do is allow users to historically ... by SMM10 Explorer in Splunk Search 05-17-2022 0 5	0	5
	How to populate field values from one lookup table to another? I am trying to pull two fields from the lookup_ims lookup table and depending on the user entered I want to populate ... by Italy1358 Path Finder in Splunk Search 05-17-2022 0 3	0	3
	How to adjust search to remove and add user to lookup table via dashboard? I have created a dashboard that allows you to enter a user and their information then write all of it to a lookup tab... by Italy1358 Path Finder in Splunk Search 05-17-2022 0 2	0	2
	How to search field from log1 in to match in log2 and display field in log1 and log2 in table? Hello Everyone. I wonder if anyone could help me with a report I'm trying to make. Below is my sample logs format. lo... by tgmvt03 Engager in Splunk Search 05-17-2022 0 2	0	2
	How to do a regex for break an url after the fourth slash? hello I try to do a regex for break an url after the fourth slash https://xxxx/yyyy/test could you help please? by jip31 Motivator in Splunk Search 05-17-2022 0 17	0	17
	How to display data for every sunday of last 3 weeks in the given date and time range? Say suppose we have data for the below date and time range, i want to pick only sunday's date and display the last 3 ... by srujana96 Explorer in Splunk Search 05-17-2022 0 4	0	4
	How to extract a field from my raw data using rex? In my splunk logs, i have 2 IPs in 1 field name. I want to extract both IPs create a new field as IP1 & IP2. Please h... by alexspunkshell Contributor in Splunk Search 05-16-2022 0 2	0	2
	How to rewrite the id with a type value of 2 to the id value with a type value of 1 for data with the same axid value? Hi experts, Could you please advise me about SPL? Given the data below, I would like to rewrite the id with a type va... by tehong Explorer in Splunk Search 05-16-2022 0 2	0	2
	How to create a search that will show other fields like dest_bunit with the port? This search will display port numbers from the Endpoint datamodel \| tstats 'summariesonly ' count from datamodel=EndP... by jregexsaurus Engager in Splunk Search 05-16-2022 0 2	0	2
	How to put a chart and a single value in a same row? Hi, I have a chart to display value by time. Then I calculate the average of the value. I want to display the avg nex... by Julia1231 Communicator in Splunk Search 05-16-2022 0 8	0	8
	How to remove [] in Json format data? I have a field properties.policies in json format field value: [{"fieldname":"fieldvalue","fieldname":"fieldvalue",... by vikram1583 Explorer in Splunk Search 05-16-2022 0 2	0	2
	Is there an easy way to remove a section of string from a field? I want to get an alert and run it but there are items I wanted to remove. \| rest "/servicesNS/-/-/saved/searches" \|... by SMM10 Explorer in Splunk Search 05-16-2022 0 1	0	1
	How to get token value and _time value from a single dropdown in a dashboard? How can I pull 3 tokens from a single dropdown search? - I would like our users to select the case_idz, and have the ... by gwalford Path Finder in Splunk Search 05-16-2022 0 1	0	1
	How to create a Splunk Allowlist Dashboard? I am trying to create a dashboard for an allowlist. Basically the user should be able to fill in the required fields ... by Italy1358 Path Finder in Splunk Search 05-16-2022 0 1	0	1
	How to Modify Field to exclude field not needed? Hi,Can anyone help me how can I change the field of my query to exclude those with PRODUCED labelsquery: index="hcg_p... by jakeoftrades Explorer in Splunk Search 05-16-2022 0 1	0	1
	How to stats events for solving this problem please? helloI stats events after 2 eventstats command like this \| eventstats sum(netp) as "netp1" by site \| eventstats sum... by jip31 Motivator in Splunk Search 05-16-2022 0 21	0	21
	Invalid authorization - Code 3 - Why Splunk Zendesk Integration failing? Hi All, I've stumbled on a very frustrating problem. I've created a HEC token to use in Zendesk so that Zendesk ca... by greekleo89 Loves-to-Learn Everything in Splunk Search 05-16-2022 0 0	0	0