Splunk Search

Community Activity

Why does time difference between two time stamps in a single event come out null? Team, Time difference between end_task_date and start_task_date is coming null. Could you please take a look below an... by kapoorsumit2020 Loves-to-Learn Everything in Splunk Search 04-06-2022 0 1	0	1
How to extract an unescaped value? I have the following data : query="select field from table where (status!="Y") and ids.id IN ["123","145"] limit 5... by yk010123 Path Finder in Splunk Search 04-06-2022 0 1	0	1
How to timechart count as variance from moving average This seems to me like it should be super simple (looker, tableau, etc) but I've been working at this for almost 2 day... by robempire New Member in Splunk Search 04-06-2022 0 1	0	1
How to remove data after the first period? Hi Splunk Community, I am trying to remove the data in a field after the first period. my field looks like this: 2461... by jpfrancetic Path Finder in Splunk Search 04-06-2022 0 2	0	2
How to merge events and show in tabular format? Hello Splunkers , I am trying to see if I can merge the following events and show in a tabular format sample event 1:... by vrmandadi Builder in Splunk Search 04-06-2022 0 4	0	4
How to create a Search for "DBX - Input Performance - Input Jobs Median Duration Time" for a DB Input? Hello, We had an issue where where a DB Input we have fell behind in fetching the events. We seen that a few days ag... by mninansplunk Path Finder in Splunk Search 04-06-2022 0 2	0	2
Help with subsearch eval function with where clause Hi All, I want help to use where clause in eval command: below is lookup data: ID expense year 1 10 202... by ND Path Finder in Splunk Search 04-06-2022 0 3	0	3
How to export search results into a text file using search Hi, I am exploring some options for exporting data into text file from Splunk. I have a scheduled saved search which ... by mbasharat Builder in Splunk Search 04-06-2022 0 6	0	6
Help on basic questions about a by clause hi sorry for this question but I have difficulties to understand why a by clause with 3 conditions retrieve less even... by jip31 Motivator in Splunk Search 04-06-2022 0 1	0	1
How to pass a cancellation token as an argument to cancel the search? Hi, I'm using the .NET SDK and I cannot find how to pass a cancellation token as an argument to cancel the search. Is... by david_blanco Engager in Splunk Search 04-06-2022 0 3	0	3
How to get stats count by day? Need my SPL to count records, for previous calendar day: by Fats120 Loves-to-Learn Lots in Splunk Search 04-06-2022 0 9	0	9
How to combine results to display in a pie chart? Hello Community, I am having issues combining results to display in a pie chart - I tried a few things such as mvappe... by Yy4pb Explorer in Splunk Search 04-06-2022 0 4	0	4
Remove record from Query1 if present in Query2 I have 2 Splunk Queries First Query will return the Employee ID of the Active and Retired Employees.Second Query will... by ngautam760 Engager in Splunk Search 04-06-2022 0 3	0	3
How to set the BREAK_ONLY_BEFORE? I am not sure of how to set the BREAK_ONLY_BEFORE I have tried the below setting.. all my logs are of log4j form... by neha22 Explorer in Splunk Search 04-06-2022 0 5	0	5
Why are new field extractions not showing up in search (verbose mode)? Hello dears, I deleted my custom field which I created before but still extract in search results. Also, I'm trying a... by corehan Explorer in Splunk Search 04-06-2022 1 2	1	2
How to search with variables from lookup csv? Let's say I have a search and a very basic lookup table (csv). What I want to achieve is to use the values in the tab... by fishmong3r Explorer in Splunk Search 04-06-2022 0 4	0	4
Why the result of the timechart command for a specific hour is different than the result of the stats command? hello I use 2 similar searc In the first I timechart the results \| bin _time span=1h \| stats count as Pb by tu... by jip31 Motivator in Splunk Search 04-06-2022 0 7	0	7
How to do time conversion during search runtime? Hi Team, We got an requirement to create a report based on the accessed time present in the logs here in the logs the... by anandhalagaras1 Contributor in Splunk Search 04-06-2022 0 11	0	11
How to fill in 0 for dates when we have missing values in the chart? I am using below query to fill in 0 for dates when we have missing value and get those dates on the chart. But this ... by anu1729 Loves-to-Learn Lots in Splunk Search 04-06-2022 0 5	0	5
How to compare new and existing data Hi, I have a field name VULN in index=ABC sourcetype=XYZ. We need to know, if new VULN show up in 48hrs of data compa... by mbasharat Builder in Splunk Search 04-05-2022 0 4	0	4
Parsing not working as expected New to splunk, need your help.Data:4/5/2022 9:02 PM \| Audit \| hi user \| something.MoveFiles \| Copied File from C:\hel... by a508184 Explorer in Splunk Search 04-05-2022 0 2	0	2
How to add a non existing field in tstats command? Hello, I looking for options to add a non-existing field in tstats command. The scenario is the field doesn't exist.... by whitefang1726 Path Finder in Splunk Search 04-05-2022 0 2	0	2
How to create a search that finds the average of the last three bins? I have an search where I need to find the average of the last three bins. Example: On my time filter I select an rang... by kishan2356 Explorer in Splunk Search 04-05-2022 0 1	0	1
How to rename the sourcetype without involving our vendor at the point of ingest so that I can perform field extraction? We have a cloud instance of Splunk and a vendor whose forwarders we do not control sending data to our instance. I am... by ekolseth Loves-to-Learn in Splunk Search 04-05-2022 0 1	0	1
Why is TimeChart assigning values from spanned table? Hello All, I have a really simple search, while it works, I'd like to do some operations on that data: index=xxxx... by michaelhaedt Explorer in Splunk Search 04-05-2022 0 7	0	7