Splunk Search

Community Activity

How to search in UTC and of the format yyyy-mm-ddThh:mm:ss.SSSZ? On searching with the criteria, earliest="07/04/2021:09:48:00" latest="07/04/2021:09:48:59" searches in my local time... by msg4sunil Path Finder in Splunk Search 04-16-2022 0 1	0	1
How to limit the host name coming in the output as only one entry and not multiple times in props.conf? My sample events are like this event 1 My name is Ethan [host="asw.pbrfinance.sdo.dgr.com"] My address is 46e 91 st ... by ethanthomas Path Finder in Splunk Search 04-16-2022 0 1	0	1
How to use lookup output to use as another lookup file name? Hi, I've been trying to use the output from a lookup as input to another lookup. In the first lookup i have the name ... by rita_25 Loves-to-Learn in Splunk Search 04-15-2022 0 1	0	1
How to display search directly into visualization tab HI. When we use table in a search rather than going to events it goes to the statistics tab automatically. I would ... by Pat Path Finder in Splunk Search 04-15-2022 0 1	0	1
How to display timechart for certain time period without being affected by earliest? Im using a search query to search for data in "all time" but want to display timechart only for last 60 days. If i tr... by ojtoids Explorer in Splunk Search 04-15-2022 0 5	0	5
How to detect a % difference in how often an event happened in x period vs the previous period? Hi, I'm trying to figure out how to detect if one of our ecommerce integrations has an error and the transactions dr... by nicholmikey Explorer in Splunk Search 04-15-2022 0 3	0	3
More efficient way to search besides macros? Right now I have a lot of macros to help with reports, dashboards and knowledge items in general. We do not really us... by SMM10 Explorer in Splunk Search 04-15-2022 0 2	0	2
How to extract Timestamp using strptime? Hello! I can't manage to get Splunk to extract the following timestamp at import. 2015-12-01 00:00:00+00 Could you he... by thefoque Observer in Splunk Search 04-15-2022 0 1	0	1
How to correct timechart after upgrading timechart [stats count \| eval range="$timeRange$" \| eval search=case(range=="-6h", "span=30m ", range=="-1d", "span=1... by Jaylon Loves-to-Learn Lots in Splunk Search 04-15-2022 0 3	0	3
How to parse a string with special format into objects or variables? Hi there, I have trying to use spath to try to extract fields inside a string. Currently, the string has this format.... by jvdev New Member in Splunk Search 04-15-2022 0 1	0	1
Creating a new field depending on wildcard search Hi I know this is probably an easy one but I'm new and need some help.I have the following Field Called "Account Name... by ajdyer2000 Path Finder in Splunk Search 04-15-2022 0 2	0	2
How to convert splunk api response to dataframe pandas? Hi Everyone, thanks to "kamlesh_vaghela" for helping me with importing the userid into the search query. But I am hav... by bijodev1 Communicator in Splunk Search 04-14-2022 0 3	0	3
How to combine JSON elements in array? I have created a query similar to the below host=nftHost index=paymeNowsource="\\\\epamjhost\Logs\*" \| rex "(Message ... by jbourne89 Explorer in Splunk Search 04-14-2022 0 8	0	8
How to calculate failure percentage? I am trying to create a dashboard which shows % availability over a set period of time. I am trying to calculate all ... by Rgru Engager in Splunk Search 04-14-2022 0 4	0	4
How to compare search results with lookup? Hello, everyone! During search I got table like this timehostuseractionresult12:24:06host1Alexaction1success12:48:32h... by bosseres Contributor in Splunk Search 04-14-2022 0 5	0	5
How to find the difference between the max value and the min value in the multi-value field combined by transaction? I want to find the difference between the maximum value and the minimum value in the multi-value field that has been ... by Msugiyama Path Finder in Splunk Search 04-14-2022 0 4	0	4
How to extract the whole string based on substring? I have a record that results because it matches a particular sub string. Now, I want to extract the whole string the ... by vastav_n New Member in Splunk Search 04-14-2022 0 4	0	4
How to limit dashboard view based on User's IP address? Hi,I have a dashboard and I need to limit the view of this dashboard to people with certain IP addresses.Is this poss... by POR160893 Builder in Splunk Search 04-13-2022 0 3	0	3
How to fill empty field values to 0 in Splunk ? I have data in below format in Splunk where I extracted this as Brand,Files,Size. Now at some places, where size is... by nilbak1 Communicator in Splunk Search 04-13-2022 1 15	1	15
How to add percentages to all the fields? \| lookup local=true ipasncidr_def CIDR as dest_ip output Organization \| lookup src_eonid_name.csv SRC_EONID OUTPUT "... by inkedia Explorer in Splunk Search 04-13-2022 0 2	0	2
How to create a search to join 2 csv files? Hello, I have 2 CSVs in my splunk: Alert.csv having below columns and data: Alert_Header Alert_type Date JNA/athe... by jinishshah Explorer in Splunk Search 04-13-2022 0 3	0	3
Heavy Forwarder Search i have a need to search the HWF for the apps that are currently used frequently and also which apps are sending data ... by fmcgheeSplunk Splunk Employee in Splunk Search 04-13-2022 0 1	0	1
How to extract info from nested data with specific parameter? I need to extract the Activity Score and Application UXI Average but only when the Application Name is a certain na... by paulito Explorer in Splunk Search 04-13-2022 0 2	0	2
How to add values from different Indexes? Hello, I would like to add values from a search in one index and then to the result of another search from a differ... by diegomedinar New Member in Splunk Search 04-13-2022 0 3	0	3
PROPS Configuration for text file with header Hello,I have a text source file with header. Some sample events (first line is a header) and props that I wrote given... by SplunkDash Motivator in Splunk Search 04-13-2022 0 11	0	11