Splunk Search

Community Activity

Combining And Analyzing Stats Across Events by Other Fields tl;dr I want to take a list of events, separately sum the fields "message_accounts" (accounts processed in the event)... by duggym122 Loves-to-Learn in Splunk Search 04-21-2022 0 2	0	2
In three related events, how do you avoid the one without a field value? Hello, I have a tricky question. I'm trying to count tickets by providers we have. I am using the parent and subtasks... by mrovirab Explorer in Splunk Search 04-21-2022 0 11	0	11
How to improve efficiency of a Splunk search? Hi All,One of my scheduled report is quite expensive.It runs everyday from Monday to Friday and results in 30 days wo... by nilbak88 Explorer in Splunk Search 04-21-2022 0 4	0	4
How to check the odd once out ( field < 1) field with 2 or more values? how to check the odd once out ( field < 1) field with 2 or more values Ex field = true ... by shreyasamin64 Explorer in Splunk Search 04-21-2022 0 1	0	1
How to capture multiple lines in rex HI all, I am trying to capture multiple lines between two strings in my log data. But so far have not been able to fi... by sid1808 Loves-to-Learn in Splunk Search 04-21-2022 0 3	0	3
How to merge two Splunk queries ? Hi All, I need help with Splunk Query for below scenario: Query 1:index =abc \| table src, dest_name, severity, actio... by nilbak88 Explorer in Splunk Search 04-21-2022 0 4	0	4
Enterprise Search: Can we delete or clone correlation searches in the Content Management section? Under the Content Management section, we only see the Enable and Disable options for the correlation searches. Is the... by danielbb Motivator in Splunk Search 04-21-2022 0 3	0	3
After installing license and restart , splunk is still reflecting the trial license of 500MB Hello Experts, I have splink enterprise up with trial version installed. The license group was trail license grou;p,... by divyaa New Member in Splunk Search 04-21-2022 0 2	0	2
How to write search with CASE and MATCH function? Hi peeps, I need help to fine tune this query; index=network sourcetype=ping\| eval pingsuccess=case(match(ping_statu... by syazwani Path Finder in Splunk Search 04-21-2022 0 3	0	3
Why does search with subsearch fail if earliest and latest is used? The following search does not produce any results: index=* earliest="04/19/2022:15:00:00" latest="04/19/2022:17:00:00... by FritzWittwer Path Finder in Splunk Search 04-21-2022 0 6	0	6
How to build a correlation search for direct web traffic without proxy? Hi Splunkers, I'm facing the following task: I have to build a correlation search that check users that go on a web ... by SIEMStudent Path Finder in Splunk Search 04-21-2022 0 1	0	1
How to write a Query to identify Splunk notable rule triggers with change in urgency? Hello, I am trying write a query to identify if any Splunk notable rule triggers with change in Urgency (i.e. from... by Manoj8888 Engager in Splunk Search 04-21-2022 0 1	0	1
Why does Splunk values() return swapped counts? I want to use the values() function because I want to group by fields. If I just use count by I get the correct resul... by Zoblou Engager in Splunk Search 04-21-2022 0 4	0	4
Why am I receiving this Error while using the \|rest in the splunk rest API? Hi Team, I am trying to run a search and get the searchId, I will use this searchId later to fetch the results. ... by smaran06 Path Finder in Splunk Search 04-20-2022 0 3	0	3
Need Help with Splunk Query- Titles in chart Hi, Can any one please help me with the query currently iam using " \| rename * AS \\|*\\| " but i don't want \ in t... by kc_prane Communicator in Splunk Search 04-20-2022 0 1	0	1
How to Color all my dynamic column to min max scale color? I would like to perform coloring in mindmidmax based on each column value. However, the column is dynamic, it is quit... by PeiYing15 Loves-to-Learn Everything in Splunk Search 04-20-2022 0 0	0	0
Using timechart to get count, why is returning null values as 0? Already using a query with below to get total number: \| timechart span=1d count What can I add to return, show a "0" ... by csquared Engager in Splunk Search 04-20-2022 1 2	1	2
How to connect consumers and providers based on ID between logs and display their server names too? I am hoping you could help me out with this query, as I am quite stuck.I want to be able to retrieve the name of the ... by ana Engager in Splunk Search 04-20-2022 0 2	0	2
How to join the indexes to show the changed information and the status of the PIR? I have 3 indexes that I need to join. One index is the changes that we have in created in our Service Management to... by servus_kkozoriz Engager in Splunk Search 04-20-2022 0 11	0	11
How to extract new field IP with regex? This is a log example: 2022-04-19 11:33:41 Local1.Info 10.0.6.1 Apr 19 12:34:20 FireboxM470_HA2 801002AA8CC3A Firebo... by Madys Engager in Splunk Search 04-20-2022 0 1	0	1
How to extract a field from my raw data using rex? Below is my raw logs. I want to extract "analystVerdict" & its corresponding result from raw logs. can someone please... by alexspunkshell Contributor in Splunk Search 04-20-2022 0 6	0	6
Why is iplocation showing incorrect data ? In my ES App, I have a rule where I noted some discrepancy regarding the source country for the src ip 112.196.162.... by zacksoft_wf Contributor in Splunk Search 04-20-2022 0 3	0	3
Extract the meaningful fields from the logs I want to get an API usage report per user and I am struggling with the Splunk Query for this, can someone please hel... by amitru Engager in Splunk Search 04-20-2022 0 1	0	1
Carrying tokens in another token that are prone to updates Hi All,the topic might sound very mystic but is actually rather straight forward.I have a timechart displaying the cu... by Software-Simian Path Finder in Splunk Search 04-20-2022 0 7	0	7
Eval () not creating a new field for timestamp extraction Hi All,In my raw events, there is a field called "dv_last_login_time" ( already indexed) as shown below that shows t... by neerajs_81 Builder in Splunk Search 04-20-2022 0 3	0	3