Splunk Search

Community Activity

Extract the meaningful fields from the logs I want to get an API usage report per user and I am struggling with the Splunk Query for this, can someone please hel... by amitru Engager in Splunk Search 04-20-2022 0 1	0	1
Carrying tokens in another token that are prone to updates Hi All,the topic might sound very mystic but is actually rather straight forward.I have a timechart displaying the cu... by Software-Simian Path Finder in Splunk Search 04-20-2022 0 7	0	7
Eval () not creating a new field for timestamp extraction Hi All,In my raw events, there is a field called "dv_last_login_time" ( already indexed) as shown below that shows t... by neerajs_81 Builder in Splunk Search 04-20-2022 0 3	0	3
Why am I getting No results when when using "stats"? I'm attempting to run a query and I've run into a really weird situation where if I run a query with "head 10 \| field... by Liran Observer in Splunk Search 04-19-2022 0 3	0	3
How to format 86401 seconds as 24:00:01 I am trying to display a duration result to a dashboard and when I try to use the function to convert seconds to HH:M... by SammyDavis Explorer in Splunk Search 04-19-2022 3 13	3	13
Quick SPL help with Windows Logs! Good day all,I come to seek guidance from the experts My team and I have been tasked with creating an alert that wil... by dfurtaw Path Finder in Splunk Search 04-19-2022 0 1	0	1
How to omit consecutive same results and remove it? Hello Splunkers, I have a query where I did a \|stats values(abc) as abc command over time .I got the below results .... by vrmandadi Builder in Splunk Search 04-19-2022 0 13	0	13
How to write Field Extractions from Complex/inconsistence Event Structure Hello, I have events with complex/inconsistence data structure. Need to extract field 2 values under 2 different fiel... by SplunkDash Motivator in Splunk Search 04-19-2022 0 1	0	1
How to get the percentage increase of threshold value and to build a dashboard out of it? To get the percentage increase of threshold value and to build a dashboard out of it to show as red if it is increase... by PavanSeerapu Explorer in Splunk Search 04-19-2022 0 2	0	2
Data model _time field format We are trying to create a data model with a custom _time field. We created the data model, and added a calculated fie... by BernardEAI Communicator in Splunk Search 04-19-2022 0 1	0	1
How to use Transaction command with two extracted join fields? I have two Splunk queries, each of which uses the _rex command to extract the join field. Example: QUERY 1 inde... by jbrenner Path Finder in Splunk Search 04-19-2022 0 3	0	3
How to Monitor Java Application MEM/CPU/DISK usage with splunk? Hi How can I monitor java applications with splunk, I try nmon but it only give whole java process, not specific pid!... by indeed_2000 Motivator in Splunk Search 04-19-2022 0 3	0	3
How to extract key-value pairs from log and visualize them My logs are in the format: My-Application Log: Some-Key= 99, SomeOtherKey= 231, SomeOtherKey2= 1231, Some Different K... by arnavkumarsaxen Explorer in Splunk Search 04-19-2022 0 6	0	6
How to create a conditional graph depending on input parameter? Hello, so I have an input on my dashboard page of either month"01-2022,02-2022" and also quarter"Q1-2022". So dependi... by jinishshah Explorer in Splunk Search 04-19-2022 0 9	0	9
How to write array within array for million records? Hey Team,I have Million records to search for.Record Structure is given below.My requirement is to get length of aVal... by gheribhai1234 Engager in Splunk Search 04-19-2022 0 13	0	13
How to derive earliest and latest from the subquery? index=app1 [search index=app1 "orderid"\| fields id] How do I modify the above query wherein "search index=app1 "order... by msg4sunil Path Finder in Splunk Search 04-18-2022 0 8	0	8
I want to specify a field which contains time as earliest and another field as latest so that my spl will be executed.. I want to specify a field that contains time as earliest and another field as latest so that my spl will be executed ... by bapun18 Communicator in Splunk Search 04-18-2022 0 2	0	2
How to do a field extraction of a field that already exists? Gentlemen,We are on Splunk Cloud.In my raw events coming from AWS , splunk by default shows a field called "category"... by neerajs_81 Builder in Splunk Search 04-18-2022 0 4	0	4
Why am I unable to search uploaded lookup tables on SHC? I’m receiving an error whenever I try to view any csv lookup tables I have uploaded into my search head cluster (v8.1... by jking81 Explorer in Splunk Search 04-18-2022 0 2	0	2
Is there a way to reverse the order of automatic start/end values used for bucket creation when working with timechart? Does anyone know of a way to reverse the order of the automatic start/end values used for bucket creation when workin... by bcwlk Explorer in Splunk Search 04-18-2022 0 7	0	7
How to use a trailing space in a string in a search? Hi all, I want to set a condition "credential.helper= ", notice there is a trailing space after the "=". What I want... by humblelearner Observer in Splunk Search 04-18-2022 0 2	0	2
How can I remove entries from an existing lookup table? I have a lookup table from which I need to remove a couple of lines. How can I do it? by ddrillic Ultra Champion in Splunk Search 04-18-2022 0 3	0	3
How to suppress an alert where x=y? Don't show a result where the src_ip is X and dest_ip is Y index=test host=test source=test conn_state=sf \| ev... by Qerro Loves-to-Learn in Splunk Search 04-18-2022 0 2	0	2
Why is there an error while using linear regression in Splunk? Hi, I need to use Linear Regression to predict network volumes at the moment.The index I am using has a number of cat... by POR160893 Builder in Splunk Search 04-18-2022 0 0	0	0
Is it possible to convert transaction to stats? We have the following command that works well - \| transaction job_name startswith=STARTING keeporphans=true Is i... by danielbb Motivator in Splunk Search 04-18-2022 0 2	0	2