Splunk Search

Community Activity

	Best way to extract _raw to a host OS of a SH programatically We have a 3rd party pulling AWS logs as far back as AWS holds onto logs. However, we want to be able to go back furth... by cybersecnutant Explorer in Splunk Search 05-05-2022 0 1	0	1
	Can a report be created using metadata/any other data to list all the fields that are available by index and sourcetype? Is there a way to create a report using metadata or any other data to list all the fields that are available by index... by PatelAshish83 Engager in Splunk Search 05-05-2022 0 5	0	5
	Missing transaction caused by multisearch / subsearch Hi allI have a riddle. Query A and query B does not collect the same events and I don’t understand why.Query A) resul... by p4085f9 Engager in Splunk Search 05-05-2022 0 2	0	2
	How to do Conditional Searches? Is there a way to do a search like this; If Eventid=1111 only do these statements elseif Eventid=2222 only d... by secphilomath New Member in Splunk Search 05-05-2022 0 3	0	3
	How to add a column that sums values while keeping the values column Hello I have data that looks like this : Name \| Type \| Value ------------------------------------------ Name1 \| Type... by Newser703 Explorer in Splunk Search 05-05-2022 0 1	0	1
	How to add totals to xyseries table? We are working to enhance our potential bot-traffic blocking and would like to see every IP that has hit AWS cloudfro... by swengroeneveld Explorer in Splunk Search 05-05-2022 0 2	0	2
	How to create a search for response time to be calculated? I have 2 events 1) request event 2) response event I need response time to be calculated (i.e) request event time - r... by VijaySrrie Builder in Splunk Search 05-05-2022 0 6	0	6
	How to create a search to combine inputlookup and search? Hi, I want to compare the count of calls obtained in a day with the target in lookup csv, for example: input csv: hea... by doniv Loves-to-Learn Lots in Splunk Search 05-05-2022 0 6	0	6
	How to convert the 24hrs time to 12hrs time and show the difference in -ve sign indication? i have the 2 values let's sayexpected time= 6:00:00completion time= 08:32:44and the expected output should be the dif... by srujana96 Explorer in Splunk Search 05-04-2022 0 2	0	2
	How to use single value comparison with trend arrow in splunk? I am preparing a SNOW incident trend which should showcase the percentage of tickets reduced/increased in current mon... by sanjubaba Path Finder in Splunk Search 05-04-2022 0 1	0	1
	publish yesterday's data from today's date I want to get QID list from yesterday’s published data. For that I'm using PUBLISHED_DATETIME field with yesterday’s... by martin61 Engager in Splunk Search 05-04-2022 0 1	0	1
	How to count events for all users in a lookup table, even if some users return no results? I have a lookup table that lists all users along with their department like so: email department -----... by gfisbeck Explorer in Splunk Search 05-04-2022 0 7	0	7
	Why are there missing results using different Search query codes? So i have this: (index=* OR index=_*) (index="GA2014" EventCode=4625) \| dedup RecordNumber \| rename Account_Name ... by bogdan_nicolesc Communicator in Splunk Search 05-04-2022 0 0	0	0
	How to use a second index as a lookup for a value in the first index? Hello my fellow Splunkers,i am trying to use a second index as a lookup for a field in the first index index=products... by manhalmoussa Explorer in Splunk Search 05-04-2022 0 3	0	3
	How to use the Results of a Lookuptable in a Search Query? Hello,So I have been working on this for a few days, looking at numerous Splunk responses but have yet to find someth... by XJabs Explorer in Splunk Search 05-04-2022 0 6	0	6
	How to display multiple values of different field names in one column table? Hi everyone, I am new to Splunk and I have been trying to do a complex report that I haven't been able to solve so p... by cesar_tomas Explorer in Splunk Search 05-04-2022 0 1	0	1
	Is it possible to combine multiple table views into one stats table? Hi, I have a dashboard with multiple table views from different indexes and just wondered if it is possible to combin... by joe06031990 Communicator in Splunk Search 05-04-2022 0 1	0	1
	How to convert C# Splunk.Client _raw field to a readable format? I extracted the _raw field and recieved values looking like - \xB9k?\x93\xE8\xC6\. How could I convert this to readab... by robertpurpose Explorer in Splunk Search 05-04-2022 0 0	0	0
	How to do field Extraction for Complex Data Structure? Hello, I have source files with very inconsistent/ complex events/data structure. I wrote field extraction (inline) c... by SplunkDash Motivator in Splunk Search 05-04-2022 0 2	0	2
	How do I extract all fields from userdata? How do I extract all fields from userdata? accept=application/json, timestamp=1651243086870} OutboundWebHookPayloa... by siksaw33 Path Finder in Splunk Search 05-04-2022 0 8	0	8
	How to merge search from 2 different sources? Hello, I would like to do a search to filter some result matching my conditions and then use a common ID field to com... by aymane96 Engager in Splunk Search 05-04-2022 0 4	0	4
	How to divide field value to 2 fields? Hi I requested to exclude 2 values from one field value. I mean for each event I have "file_name", that written in t... by ednk Explorer in Splunk Search 05-04-2022 0 3	0	3
	Why unable to run certificate package version query for forwarders? Unable to perform the following search provided by Splunk to check forwarder certificate package version: index=_inte... by x3ncrypt Loves-to-Learn Everything in Splunk Search 05-04-2022 0 2	0	2
	Why do joined search returns a different results everytime I hit a search? Hello,I am trying to join two searches for see, same hash exists on the other index as well. Below is my search, the ... by Woodpecker Path Finder in Splunk Search 05-04-2022 0 3	0	3
	How to transform nested json into separate rows? Given json with hashes \| makeresults \| eval _raw="{\"yes\":true,\"no\":false,\"a\":{\"x\":0,\"y\":0,\"z\":0},\"c... by nvwls New Member in Splunk Search 05-03-2022 0 2	0	2