Splunk Search

Community Activity

	Need Help with Splunk Alert I need help with below splunk query index=XXX_XXX_XXX \| eval job_status=if( 'MSGTXT' = "ABEND","ko","ok") \| where... by Amit79 Loves-to-Learn Everything in Splunk Search 01-21-2025 0 1	0	1
	Limit to first 10 counts Hello community,I am having a problem displaying a graph. I have an index that contains incidents from several monito... by Rajaion Path Finder in Splunk Search 01-21-2025 0 3	0	3
	How to Check the times from 2 Events and alert if over 15 mins So I have an Index which contains the following"Starting iteration"on 1 event and "Stopping iteration" on another eve... by LizAndy123 Path Finder in Splunk Search 01-21-2025 0 7	0	7
	Use Lookup Table with IP addresses to search in Splunk and find hostnames that match the IPs I have a lookup table with a bunch of IP addresses (ipaddress.csv) and a blank column called hostname. I would like t... by Obsidian_RS400 New Member in Splunk Search 01-21-2025 0 1	0	1
	Given variable as value of field and not token I have such a search and it works fine but not in Dashboard! index=unis \| search sarch \| eval name = coalesce(C_... by woodman2 Loves-to-Learn Everything in Splunk Search 01-21-2025 0 5	0	5
	Splunk searches does not return expected values even though the data is completed Hi, We recently migrated from a standalone Search Head to a clustered one. However, we are having some issue running ... by josephp Loves-to-Learn Everything in Splunk Search 01-21-2025 0 3	0	3
	Need stats count per host and process_name Right now a have a table list with fields populated where one process_name is repeating across multiples hosts with s... by deckard1984 Engager in Splunk Search 01-21-2025 0 3	0	3
	Logs are showing raw, how do I get them to show as highlighted? When I click on the raw log and back out of it it shows up as highlighted. How do I default the sourcetype/source to ... by bryhoffman Explorer in Splunk Search 01-21-2025 0 4	0	4
	search with sub search doesnt get the correct defined time range Hey, lately i was working on an SPL and wondered why this aint working. This is simplified index IN(anonymized_inde... by splunkinator53 Explorer in Splunk Search 01-20-2025 0 4	0	4
	Howto escape double quote in regex when using rex I have the following regex that I (currently) use at search time (it will be a field extraction once I get it ironed ... by jmartens Path Finder in Splunk Search 01-20-2025 0 3	0	3
	Loop through splunk search for multiple values I want to get the below search executed and display the results in a table for all comma separated values that gets p... by anmohan0 Explorer in Splunk Search 01-19-2025 0 3	0	3
	Using Machine Learning Toolkit to detect auth abuse Hello,I’m trying to tune Machine Learning Toolkit in order to detect authentication abuse on a web portal (based upon... by patpro Path Finder in Splunk Search 01-19-2025 0 0	0	0
	How can we show events prior to the one that matches the criteria? We have a case where we can search and find events that match the search criteria. The client would like to see the e... by danielbb Motivator in Splunk Search 01-19-2025 0 3	0	3
	How to refresh multiselect options with Javascript (re-execute the mutliselect search) We have a custom dashboard in Splunk that has a few filters, one of which is a multiselect. This dashboard allows use... by Afterimage Engager in Splunk Search 01-17-2025 0 3	0	3
	Search using IF statement Hi All, Could you please help me with " if "query to search a condition is true then need to display some values f... by tech_soul New Member in Splunk Search 01-16-2025 0 4	0	4
	List of the indexes that do not have attached a self-storage Hi,I'm trying to get a query for a table containing all the indexes that do not have a self storage attached, but I c... by esteban593 Explorer in Splunk Search 01-16-2025 0 4	0	4
	Use Case for Privileged Users, SPL Question I'm trying to create a search in which the following should be done: - look for a user creation process (ID 4720) - ... by avoelk Communicator in Splunk Search 01-16-2025 0 3	0	3
	Why does tstats command alter time stamps when I run it by _time? I am wondering why tstats command alters time stamps when I run it by _time. \| tstats values(text_len) as text_len v... by LIS Path Finder in Splunk Search 01-16-2025 0 8	0	8
	Monitoring email status Hi everyone!My goal is to create an alert to monitor in ALL saved search if there's any email that no longer exist (m... by nonno_pinto Explorer in Splunk Search 01-16-2025 0 1	0	1
	Make table column header indicate the sort order of data in underlying search results? I want the sort indicators (up/down arrowheads) in table visualization column headings to reflect the default sort or... by Graham_Hanningt Builder in Splunk Search 01-16-2025 0 7	0	7
	Decode base64 into any charset Is there a command or app that will decode base64 and detect the correct charset to output to?Currently, I'm currentl... by antoniolamonica SplunkTrust in Splunk Search 01-15-2025 0 1	0	1
	how to search in array inside a foreach loop This is an example of the structure of my data and the query I am currently using. I have tried around 10 different s... by mrsampson Explorer in Splunk Search 01-15-2025 0 11	0	11
	Splunk Cloud: How to Collect Data in JSON Format from Splunk Cloud? Hello everyone,I'm trying to collect data in JSON format from Splunk Cloud, and I understand that one of the options ... by franraf180 Engager in Splunk Search 01-15-2025 0 1	0	1
	Help with conditional event count. Hi, I have json data structured as follows: { "payload": { "status": "ok", # or "degraded" } } I'm trying t... by AFKunc Explorer in Splunk Search 01-15-2025 0 6	0	6
	How to write a search to get the week number of the month from the given _time? We need to extract the week number of the month for matching the SLA. Have SLA such as 2nd or 4th week of a month. So... by prachisaxena Explorer in Splunk Search 01-14-2025 0 6	0	6