Splunk Search

Community Activity

	With 10 blocks of lines, what is the Splunk command to get only 3 line where line starts from keyword ERROR? Block: 2022-02-14 02:30:00,046 [Worker-3] DEBUG User job started2022-02-14 02:30:00,063 [Worker-3] DEBUG Calling impo... by anitha123gnana Loves-to-Learn Lots in Splunk Search 05-02-2022 0 12	0	12
	I have a problem completing training Hi this is what appears to me when I try to complete the training:Denied PersonDue to U.S. export compliance requirem... by AHAD_ABDULLAH Observer in Splunk Search 05-02-2022 0 2	0	2
	How to compare the values with the time and host? Team,I am having a query which would result as below. _timeHostNameversion3/2/2022 15:22:04 PM3car2483/1/2022 15:21... by Anud Path Finder in Splunk Search 05-01-2022 0 6	0	6
	Could someone help on transpose command? hello I transpose events like this \| eval time=strftime(_time,"%H:%M") \| sort time \| fields - _time _span _orig... by jip31 Motivator in Splunk Search 05-01-2022 0 12	0	12
	Why the field is shown by extraction of another field but not found by search? Hi, as I create an extraction field with regex, the field match is shown correct. I can check the regex on https://re... by alval New Member in Splunk Search 05-01-2022 0 1	0	1
	How to match a sequence of events in Splunk? Hello,My SPL expertise are limited. I'm trying to write a search which matches a sequence of events.I'm working with ... by BlueTeam77 New Member in Splunk Search 05-01-2022 0 1	0	1
	How can I find values present in one table but not in other without subsearch? I have to prepare reporting dashboards in Splunk for which I used this query until now: field1=GTIN_RECEIVED field2... by bhavyajain Engager in Splunk Search 04-30-2022 0 2	0	2
	How to add + or - before a percentage? hello I use the search below in order to calculate a percentage But I need to add + if s > s2 and - if s2 < s How to ... by jip31 Motivator in Splunk Search 04-30-2022 0 4	0	4
	How can I rename items with SPL query? Hello Splunkers, How can i rename all the OrderNumber1, OrderNumber2, OrderNumber3 as OrderNumber. And Country1, Coun... by uagraw01 Motivator in Splunk Search 04-30-2022 0 6	0	6
	Is it possible to round the current time in a quarter of hour ( quarter superior)? Hi Is it possible to round the current time in a quarter of hour ( quarter superior) For exemple if its 9h56 i would ... by jip31 Motivator in Splunk Search 04-30-2022 0 9	0	9
	How to filter search result using a multi field lookup table? So, I am trying to use a lookup table spammer.cvs to filter out results from my search but can't get the filtering lo... by edhealea Path Finder in Splunk Search 04-29-2022 0 4	0	4
	How to create a chart of the error rate over time? Hi, I would like to create a chart of the error rate over time. I have data that shows status= DOWNLOAD_COMPLETE an... by tmtcollins Explorer in Splunk Search 04-29-2022 0 2	0	2
	Could someone aid with this Regex Regex for From: FA.south dam.australia-mb.ccjbhneed to get only: ccjbh by shreyasamin64 Explorer in Splunk Search 04-29-2022 0 4	0	4
	Is there a way to search for a comma in Splunk query? is there away we can search for a , to find multi locale or multi country basically instead of the underlined index=... by siksaw33 Path Finder in Splunk Search 04-29-2022 0 2	0	2
	How to get subset of lines from log Hi,We have requirement where we have to get the start till end log of one process and when we get the log we can see ... by Splunklearning2 New Member in Splunk Search 04-29-2022 0 5	0	5
	How to extract events from logs Hi All, I have number of events with error srtring in event.I need to fetch al the events with error string except... by vineela Path Finder in Splunk Search 04-29-2022 0 1	0	1
	Correlate events from different indexes with different field names & values Hi, how can i correlate events from different indexes when both( field names and values) are different ?For example:... by neerajs_81 Builder in Splunk Search 04-29-2022 0 11	0	11
	Why is my Splunk query not working for certain time range? i have a query to pull out stats and counts based on incoming applictiond and request path it gave me stats when i t... by ram_splunk New Member in Splunk Search 04-28-2022 0 1	0	1
	How to search for an id where its column values does not include a certain value Hi everyone, I am new to SPLUNK and I am trying to search for distinct IDs where its PRODUCT column does not include ... by amanda_dg Engager in Splunk Search 04-28-2022 0 9	0	9
	How retrieve value of second matching word? In a log if there are two similar words with different value , how to retrieve value of second word using regex ? Exa... by Aks_PC_20 Engager in Splunk Search 04-28-2022 0 7	0	7
	How can I optimize my search to run faster? Hello Splunkers While running the attached query, results are populating very slow. From that query i want to achieve... by uagraw01 Motivator in Splunk Search 04-28-2022 0 5	0	5
	How to display only the result corresponding to the current time? hello From the search below, I need to display only the result corresponding to the current time It means that if it'... by jip31 Motivator in Splunk Search 04-28-2022 0 2	0	2
	How to search multiple values using wildcard in a field? I am producing some stats in splunk but I want to extract data for about 10 uri_method instead of 100s currently disp... by nbhat Explorer in Splunk Search 04-28-2022 0 4	0	4
	Bad passwords logged in the DC Netlogon logs: Bad passwords logged in the DC Netlogon logs:for a specific account name: index=cim sourcetype=netlogon host=dc "0... by Bis Loves-to-Learn Lots in Splunk Search 04-28-2022 0 0	0	0
	How to find time between similar events? Hello, We are looking to create a search that will return when two similar events occur within 1 second of each other... by dl-it-serveradm Engager in Splunk Search 04-28-2022 0 3	0	3