Splunk Search

Community Activity

	How to extract info from nested data with specific parameter? I need to extract the Activity Score and Application UXI Average but only when the Application Name is a certain na... by paulito Explorer in Splunk Search 04-13-2022 0 2	0	2
	How to add values from different Indexes? Hello, I would like to add values from a search in one index and then to the result of another search from a differ... by diegomedinar New Member in Splunk Search 04-13-2022 0 3	0	3
	PROPS Configuration for text file with header Hello,I have a text source file with header. Some sample events (first line is a header) and props that I wrote given... by SplunkDash Motivator in Splunk Search 04-13-2022 0 11	0	11
	How to proceed to get only the Status column in the request? Hello,I have the request which normally show 4 rows, I need to display only one row with only the Status column. ind... by kwy Loves-to-Learn in Splunk Search 04-13-2022 0 1	0	1
	How to use thousand comma separator for chart command? Hi Everyone, below is my query to use thousand comma separator: \|inputlookup abc.csv \| chart sum(field1) as field1 ... by ND Path Finder in Splunk Search 04-13-2022 0 1	0	1
	How to Extract fields with alphanumeric values? I have to extract the highlighted value as a single field in splunk. Any help. by inkedia Explorer in Splunk Search 04-13-2022 0 4	0	4
	How to Parse Json array with inner condition? I cant seem to find an example parsing a json array with no parent. Meaning, I need to parse: [{"key1":"value2}, {"ke... by ofer_s Loves-to-Learn in Splunk Search 04-13-2022 0 1	0	1
	Are there any public whitelist databases that can be used to filter good network traffic? i want to have an overview of malicious network traffic in my network and i decided to filter out all the "good" traf... by splunkboob Explorer in Splunk Search 04-13-2022 0 1	0	1
	How to a query so that all the values in quotes are replaced by a placeholder? Considering a field like : field=select id from table where id In ["123","12"] limit 1 field=select id from table wh... by yk010123 Path Finder in Splunk Search 04-12-2022 0 2	0	2
	Receiving timestamp parsing error I am trying to set timestamp for the event : ======== Sat Mar 19 16:33:08 2022 -05:00 LENGTH : '228' ACTION :[7] 'CO... by vjsplunk Loves-to-Learn Everything in Splunk Search 04-12-2022 0 5	0	5
	Why splunk Search returning duplicates? As shown below I have only two events present on my indexBut when i execute the below search queryindex = **** \|rex f... by karthi25 Path Finder in Splunk Search 04-12-2022 0 3	0	3
	How can I count values by a subgroup? I have the following data : ServiceMessageService1Hello worldService2Another messageService1Hello worldService1Some ... by yk010123 Path Finder in Splunk Search 04-12-2022 0 2	0	2
	How to compare field with current weeks Monday? These are ticket platform logs with field 'lastupdated' which contains time and date [2022-04-12 12:12:17.160000+00:0... by ojtoids Explorer in Splunk Search 04-12-2022 0 1	0	1
	How to compare two fields from two different source types? Hello everybody, This is actually my first post here so forgive me if I missed up or posted in the wrong section. I'm... by ahmed_aladwani Engager in Splunk Search 04-12-2022 0 1	0	1
	How to write a query for average TPS and average response time in a single table? Hi, I am trying to write a query that would get me the average TPS and average response time for services in the same... by mrigs13 Explorer in Splunk Search 04-12-2022 0 10	0	10
	How to get my splunk to open my last file explorer when I go to export some results? I have a dashboard setup that returns a few searches for my organization. When I click the export button underneath t... by bheptinstall Engager in Splunk Search 04-12-2022 0 2	0	2
	How to Remove Rows With "NULL"? Greetings Splunk Community, I am currently working on a search and I am trying to drop rows that have "NULL" in them.... by jpfrancetic Path Finder in Splunk Search 04-12-2022 0 1	0	1
	How to filter out event in Splunk -IP address search via CIDR Hey Team, I have some 150+ ip addresses in CIDR format (IE 96.24.0.0/16, etc) , i am getting my search result with on... by saurav47 Loves-to-Learn Lots in Splunk Search 04-12-2022 0 1	0	1
	How to combine 2 searches with same value and field name. I have 2 searches and I want to link 2 together in one table.The first search: index=very_big_index caseNumber=123456... by Allene139 Explorer in Splunk Search 04-12-2022 0 4	0	4
	How to search for group user activities based on Login Logout time? GentlemenMy raw events have a field called login_time which has values of format ( 2022-04-11 10:52:08 ) . This is t... by neerajs_81 Builder in Splunk Search 04-12-2022 0 6	0	6
	Splunk API - JSON Expecting value: line 1 column 1 (char 0) Hi Team, when I use curl - I am able to get the output in JSON format. But when I am trying to use requests module, I... by bijodev1 Communicator in Splunk Search 04-12-2022 0 7	0	7
	Compare results from lookup and search - with a twist! Hi all, New to splunk and i have seen that this has been asked many times but most of the results are based on matchi... by greekleo89 Loves-to-Learn Everything in Splunk Search 04-12-2022 0 9	0	9
	Merging data from 2 different sourcetypes Hi All, I have two sourcetypes in the same index, however the fields names are different but the value is same for t... by neerajs_81 Builder in Splunk Search 04-12-2022 0 3	0	3
	How to change from join command (executed twice) to stats command? Hi Experts!I am trying to REPLACE the join command to the stats command because the subsearch result exceeds 50000.Ho... by tehong Explorer in Splunk Search 04-11-2022 0 2	0	2
	How to Nullified a field Im trying to nullified data in "status" field for any value match as "InActive" based on accounttype . Appreciate h... by azleeshah Explorer in Splunk Search 04-11-2022 0 2	0	2