Splunk Search

Community Activity

How can I exclude a value if it is equal or less than the number of char? I need to exclude the field values if it is less than or equal to 8 characters. For eg: In the field abc, I have the ... by innoce Path Finder in Splunk Search 04-07-2022 1 2	1	2
How to extract more logs after searching for particular string? Hi All, I would like to extract more logs after searching for particular string. Eg., I want to search with string "M... by mfshravan New Member in Splunk Search 04-06-2022 0 0	0	0
How to trim the unusual brackets from url? Hi all,I have some value under src fields as below, but it has some problems. For example, actually <1b5a.4.d576d0e8-... by Woodpecker Path Finder in Splunk Search 04-06-2022 0 3	0	3
How to convert time from an upload csv to Splunk readable format I have a csv file that I upload through Lookup Editor which have a Time column in this format15/06/2021 14:35:00I wan... by phamxuantung Communicator in Splunk Search 04-06-2022 0 4	0	4
How to build a timechart to show endpoint response time over a 95 Percentile? Hello, I have 3 fields from which I need to build a line chart on a Time series. ServerTime Endpoint ResponseTime ... by jprovenzale Explorer in Splunk Search 04-06-2022 0 4	0	4
Why does time difference between two time stamps in a single event come out null? Team, Time difference between end_task_date and start_task_date is coming null. Could you please take a look below an... by kapoorsumit2020 Loves-to-Learn Everything in Splunk Search 04-06-2022 0 1	0	1
How to extract an unescaped value? I have the following data : query="select field from table where (status!="Y") and ids.id IN ["123","145"] limit 5... by yk010123 Path Finder in Splunk Search 04-06-2022 0 1	0	1
How to timechart count as variance from moving average This seems to me like it should be super simple (looker, tableau, etc) but I've been working at this for almost 2 day... by robempire New Member in Splunk Search 04-06-2022 0 1	0	1
How to remove data after the first period? Hi Splunk Community, I am trying to remove the data in a field after the first period. my field looks like this: 2461... by jpfrancetic Path Finder in Splunk Search 04-06-2022 0 2	0	2
How to merge events and show in tabular format? Hello Splunkers , I am trying to see if I can merge the following events and show in a tabular format sample event 1:... by vrmandadi Builder in Splunk Search 04-06-2022 0 4	0	4
How to create a Search for "DBX - Input Performance - Input Jobs Median Duration Time" for a DB Input? Hello, We had an issue where where a DB Input we have fell behind in fetching the events. We seen that a few days ag... by mninansplunk Path Finder in Splunk Search 04-06-2022 0 2	0	2
Help with subsearch eval function with where clause Hi All, I want help to use where clause in eval command: below is lookup data: ID expense year 1 10 202... by ND Path Finder in Splunk Search 04-06-2022 0 3	0	3
How to export search results into a text file using search Hi, I am exploring some options for exporting data into text file from Splunk. I have a scheduled saved search which ... by mbasharat Builder in Splunk Search 04-06-2022 0 6	0	6
Help on basic questions about a by clause hi sorry for this question but I have difficulties to understand why a by clause with 3 conditions retrieve less even... by jip31 Motivator in Splunk Search 04-06-2022 0 1	0	1
How to pass a cancellation token as an argument to cancel the search? Hi, I'm using the .NET SDK and I cannot find how to pass a cancellation token as an argument to cancel the search. Is... by david_blanco Engager in Splunk Search 04-06-2022 0 3	0	3
How to get stats count by day? Need my SPL to count records, for previous calendar day: by Fats120 Loves-to-Learn Lots in Splunk Search 04-06-2022 0 9	0	9
How to combine results to display in a pie chart? Hello Community, I am having issues combining results to display in a pie chart - I tried a few things such as mvappe... by Yy4pb Explorer in Splunk Search 04-06-2022 0 4	0	4
Remove record from Query1 if present in Query2 I have 2 Splunk Queries First Query will return the Employee ID of the Active and Retired Employees.Second Query will... by ngautam760 Engager in Splunk Search 04-06-2022 0 3	0	3
How to set the BREAK_ONLY_BEFORE? I am not sure of how to set the BREAK_ONLY_BEFORE I have tried the below setting.. all my logs are of log4j form... by neha22 Explorer in Splunk Search 04-06-2022 0 5	0	5
Why are new field extractions not showing up in search (verbose mode)? Hello dears, I deleted my custom field which I created before but still extract in search results. Also, I'm trying a... by corehan Explorer in Splunk Search 04-06-2022 1 2	1	2
How to search with variables from lookup csv? Let's say I have a search and a very basic lookup table (csv). What I want to achieve is to use the values in the tab... by fishmong3r Explorer in Splunk Search 04-06-2022 0 4	0	4
Why the result of the timechart command for a specific hour is different than the result of the stats command? hello I use 2 similar searc In the first I timechart the results \| bin _time span=1h \| stats count as Pb by tu... by jip31 Motivator in Splunk Search 04-06-2022 0 7	0	7
How to do time conversion during search runtime? Hi Team, We got an requirement to create a report based on the accessed time present in the logs here in the logs the... by anandhalagaras1 Contributor in Splunk Search 04-06-2022 0 11	0	11
How to fill in 0 for dates when we have missing values in the chart? I am using below query to fill in 0 for dates when we have missing value and get those dates on the chart. But this ... by anu1729 Loves-to-Learn Lots in Splunk Search 04-06-2022 0 5	0	5
How to compare new and existing data Hi, I have a field name VULN in index=ABC sourcetype=XYZ. We need to know, if new VULN show up in 48hrs of data compa... by mbasharat Builder in Splunk Search 04-05-2022 0 4	0	4