Splunk Search

Community Activity

	How to use thousand comma separator for chart command? Hi Everyone, below is my query to use thousand comma separator: \|inputlookup abc.csv \| chart sum(field1) as field1 ... by ND Path Finder in Splunk Search 04-13-2022 0 1	0	1
	How to Extract fields with alphanumeric values? I have to extract the highlighted value as a single field in splunk. Any help. by inkedia Explorer in Splunk Search 04-13-2022 0 4	0	4
	How to Parse Json array with inner condition? I cant seem to find an example parsing a json array with no parent. Meaning, I need to parse: [{"key1":"value2}, {"ke... by ofer_s Loves-to-Learn in Splunk Search 04-13-2022 0 1	0	1
	Are there any public whitelist databases that can be used to filter good network traffic? i want to have an overview of malicious network traffic in my network and i decided to filter out all the "good" traf... by splunkboob Explorer in Splunk Search 04-13-2022 0 1	0	1
	How to a query so that all the values in quotes are replaced by a placeholder? Considering a field like : field=select id from table where id In ["123","12"] limit 1 field=select id from table wh... by yk010123 Path Finder in Splunk Search 04-12-2022 0 2	0	2
	Receiving timestamp parsing error I am trying to set timestamp for the event : ======== Sat Mar 19 16:33:08 2022 -05:00 LENGTH : '228' ACTION :[7] 'CO... by vjsplunk Loves-to-Learn Everything in Splunk Search 04-12-2022 0 5	0	5
	Why splunk Search returning duplicates? As shown below I have only two events present on my indexBut when i execute the below search queryindex = **** \|rex f... by karthi25 Path Finder in Splunk Search 04-12-2022 0 3	0	3
	How can I count values by a subgroup? I have the following data : ServiceMessageService1Hello worldService2Another messageService1Hello worldService1Some ... by yk010123 Path Finder in Splunk Search 04-12-2022 0 2	0	2
	How to compare field with current weeks Monday? These are ticket platform logs with field 'lastupdated' which contains time and date [2022-04-12 12:12:17.160000+00:0... by ojtoids Explorer in Splunk Search 04-12-2022 0 1	0	1
	How to compare two fields from two different source types? Hello everybody, This is actually my first post here so forgive me if I missed up or posted in the wrong section. I'm... by ahmed_aladwani Engager in Splunk Search 04-12-2022 0 1	0	1
	How to write a query for average TPS and average response time in a single table? Hi, I am trying to write a query that would get me the average TPS and average response time for services in the same... by mrigs13 Explorer in Splunk Search 04-12-2022 0 10	0	10
	How to get my splunk to open my last file explorer when I go to export some results? I have a dashboard setup that returns a few searches for my organization. When I click the export button underneath t... by bheptinstall Engager in Splunk Search 04-12-2022 0 2	0	2
	How to Remove Rows With "NULL"? Greetings Splunk Community, I am currently working on a search and I am trying to drop rows that have "NULL" in them.... by jpfrancetic Path Finder in Splunk Search 04-12-2022 0 1	0	1
	How to filter out event in Splunk -IP address search via CIDR Hey Team, I have some 150+ ip addresses in CIDR format (IE 96.24.0.0/16, etc) , i am getting my search result with on... by saurav47 Loves-to-Learn Lots in Splunk Search 04-12-2022 0 1	0	1
	How to combine 2 searches with same value and field name. I have 2 searches and I want to link 2 together in one table.The first search: index=very_big_index caseNumber=123456... by Allene139 Explorer in Splunk Search 04-12-2022 0 4	0	4
	How to search for group user activities based on Login Logout time? GentlemenMy raw events have a field called login_time which has values of format ( 2022-04-11 10:52:08 ) . This is t... by neerajs_81 Builder in Splunk Search 04-12-2022 0 6	0	6
	Splunk API - JSON Expecting value: line 1 column 1 (char 0) Hi Team, when I use curl - I am able to get the output in JSON format. But when I am trying to use requests module, I... by bijodev1 Communicator in Splunk Search 04-12-2022 0 7	0	7
	Compare results from lookup and search - with a twist! Hi all, New to splunk and i have seen that this has been asked many times but most of the results are based on matchi... by greekleo89 Loves-to-Learn Everything in Splunk Search 04-12-2022 0 9	0	9
	Merging data from 2 different sourcetypes Hi All, I have two sourcetypes in the same index, however the fields names are different but the value is same for t... by neerajs_81 Builder in Splunk Search 04-12-2022 0 3	0	3
	How to change from join command (executed twice) to stats command? Hi Experts!I am trying to REPLACE the join command to the stats command because the subsearch result exceeds 50000.Ho... by tehong Explorer in Splunk Search 04-11-2022 0 2	0	2
	How to Nullified a field Im trying to nullified data in "status" field for any value match as "InActive" based on accounttype . Appreciate h... by azleeshah Explorer in Splunk Search 04-11-2022 0 2	0	2
	Why am I getting an error when perform split with "\" delimiter username to split - domain\user expected result for user2 field - domain ... by azleeshah Explorer in Splunk Search 04-11-2022 0 2	0	2
	How to write Stats count by hourly trend list? Hello dears, Can i list search result with stat count like hourly trend ? Example; Hour : 00:00 EventCount: 10 Hour :... by corehan Explorer in Splunk Search 04-11-2022 0 5	0	5
	How to create a search with week to week comparison of counts by SrcCountry Hi, I am new to splunk. Currently using this query to get the count index=* SrcCountry=* \| stats count by SrcCountry.... by will09222 New Member in Splunk Search 04-11-2022 0 1	0	1
	How can I filter all events to exclude this string? Hi, I have an index of log events and I have been asked to exclude all events with a certain string in it. The String... by POR160893 Builder in Splunk Search 04-11-2022 0 4	0	4