Splunk Search

Community Activity

Guidance Needed for Integrating Citrix NetScaler with Splunk Enterpris Hi everyone,I’m new to working with Citrix NetScaler and need assistance with integrating it into Splunk Enterprise. ... by Amira Explorer in Splunk Search 01-02-2025 0 1	0	1
Why are the results of set diff and join different? Each of the two lookups has URL information.And I queried it like this: 1) \| set diff [\| inputlookup test.csv] [\| ... by munang Path Finder in Splunk Search 01-01-2025 1 7	1	7
How to use the regex matched variables from the first search into the other search to get all matching results Hi All,I am searching UiPath Orchestrator Logs in Splunk as following: index="<indexname>" source = "user1" OR source... by sarathi125 Explorer in Splunk Search 01-01-2025 0 9	0	9
Is there a way to have a "sliding window" time span in a non real time search? I need to get the amount of users per web product every 5 minutes, grouped by 15 second bins. However, I need those ... by amalober Explorer in Splunk Search 12-31-2024 1 6	1	6
Is it possible to use streamstats over a 3 minute window over a 9 minute search to pick up three consecutive events? Hi I have an ask to create an alert that must trigger if there are more than 50 '404' status codes in a 3 min period.... by becksyboy Contributor in Splunk Search 12-31-2024 0 3	0	3
How to solve indexing issue? Can someone give some steps on this issue Push Unnecessary: manager-apps and master-apps are both populated. There c... by Kberko471 New Member in Splunk Search 12-31-2024 0 2	0	2
Using Time Range with Bin SplunkersI'm trying to detect when a user fails GT 5 times in time range of one hour for last 24h, and i have the spl... by CyberWolf Path Finder in Splunk Search 12-30-2024 0 2	0	2
HI Team , i want to extract 8.9 value from this string " service error rate 50x 8.976851851851853". can you please help " service error rate 50x 8.976851851851853"field = " service error rate 50x 8.976851851851853"need to extract 8.9 val... by Hemant_h Engager in Splunk Search 12-30-2024 0 1	0	1
How to ignore minor breakers when searching for a term? I've been attempting to see if it's possible to search for a term while ignoring all minor breakers that may or may n... by dtaylor Path Finder in Splunk Search 12-29-2024 0 5	0	5
Filter out all elements of a list which match the first element I'm a bit stumped on this problem. Before I jump into the issue, there's a couple of restrictions:I'm working in an e... by BG_Splunk Explorer in Splunk Search 12-28-2024 0 5	0	5
Help generating table I'm new to Splunk and trying to display table in the below format after reading data from json. Could someone help me... by Thulasiraman Explorer in Splunk Search 12-27-2024 0 11	0	11
Not coming values for message.backendCalls.responseCode field in below query When trying to fetch values using below query then its not showing result in statistics, Reason is i want to fetch me... by r_s01 Explorer in Splunk Search 12-25-2024 0 1	0	1
How do you parse two time formats in Splunk? The first time format is Fri Dec 21 11:17:30 2018 the other one is 2018-12-21T11:17:31.051061 I was wondering how... by bobojesus Engager in Splunk Search 12-23-2024 0 14	0	14
How to find empty indexes in Splunk Cloud? I'm trying to create an alert that looks through a given list of indexes and triggers an alert for each index showing... by StephenD1 Path Finder in Splunk Search 12-23-2024 0 8	0	8
Time comparison different results in search and dashboar Dear expertsWhy is the following line \| where my_time>=relative_time(now(),"-1d@d") AND my_time<=relative_time(now(),... by Ste Path Finder in Splunk Search 12-23-2024 0 6	0	6
How to compare events from two sourcetypes in the same index without using join I am trying to track file transfers from one location to another. Flow: Files are copied to File copy location -> Tar... by t_splunk_d Path Finder in Splunk Search 12-22-2024 0 4	0	4
How to generate a regular expression on a URL to capture a resource path and end on a optional parameter? Hi all, I am looking for some help for the following use case. I have a series of endpoints represented by full URL... by bcatwork Path Finder in Splunk Search 12-22-2024 0 6	0	6
How to write a search to find if a field contains a valid IPv4 or IPv6 address? Hi all, as a splunk newbie I'm not sure what direction to go with the following. Basically I have two Interesting fi... by hcastell Path Finder in Splunk Search 12-22-2024 0 5	0	5
How to extract ip address using regex? index="testd" \| rex field=_raw "Remote host:(?.*):" \|dedup Remotehost \|stats count by Remotehost My events: Remote... by karthi2809 Builder in Splunk Search 12-22-2024 0 4	0	4
Upgrade to 5.x, some of my existing searches are taking longer to return results. Not as many scheduled searches are running on time. Could fetch_remote_search_log setting be a factor? After upgrading to 5.x, I noticed that some of my searches are taking a longer time to return results than prior. Sea... by Ellen Splunk Employee in Splunk Search 12-22-2024 1 2	1	2
How to send hard coded message as an email from Splunk Hi Everyone,I need to send a hard coded message to the users just before every daylight savings of the year saying "D... by devsru Explorer in Splunk Search 12-21-2024 0 5	0	5
Concatenating values from one field How can we concatenate values from one field and put it in a new variable with commas.e.g If I run a search , I get n... by Sailesh6891 Engager in Splunk Search 12-20-2024 0 6	0	6
eval in stats with max Hi at all,I have a data structure like the following: title1 title2 title3 title4 value and I need to group by titl... by gcusello SplunkTrust in Splunk Search 12-20-2024 0 11	0	11
Account locked there is a user lets say ABC and I want to check why his AD account is locked . by SN1 Path Finder in Splunk Search 12-20-2024 0 6	0	6
timechart count and stats count are not matching I am using same index for both stats disctinctcount and timechart distinctcount. But the results from timechart is al... by anooshac Communicator in Splunk Search 12-20-2024 0 1	0	1