Splunk Search

Community Activity

	Merging data from 2 different sourcetypes Hi All, I have two sourcetypes in the same index, however the fields names are different but the value is same for t... by neerajs_81 Builder in Splunk Search 04-12-2022 0 3	0	3
	How to change from join command (executed twice) to stats command? Hi Experts!I am trying to REPLACE the join command to the stats command because the subsearch result exceeds 50000.Ho... by tehong Explorer in Splunk Search 04-11-2022 0 2	0	2
	How to Nullified a field Im trying to nullified data in "status" field for any value match as "InActive" based on accounttype . Appreciate h... by azleeshah Explorer in Splunk Search 04-11-2022 0 2	0	2
	Why am I getting an error when perform split with "\" delimiter username to split - domain\user expected result for user2 field - domain ... by azleeshah Explorer in Splunk Search 04-11-2022 0 2	0	2
	How to write Stats count by hourly trend list? Hello dears, Can i list search result with stat count like hourly trend ? Example; Hour : 00:00 EventCount: 10 Hour :... by corehan Explorer in Splunk Search 04-11-2022 0 5	0	5
	How to create a search with week to week comparison of counts by SrcCountry Hi, I am new to splunk. Currently using this query to get the count index=* SrcCountry=* \| stats count by SrcCountry.... by will09222 New Member in Splunk Search 04-11-2022 0 1	0	1
	How can I filter all events to exclude this string? Hi, I have an index of log events and I have been asked to exclude all events with a certain string in it. The String... by POR160893 Builder in Splunk Search 04-11-2022 0 4	0	4
	How to split events in multiline raw data and extract fields? I have some data and I am trying to extract fields from multi line raw data. TIMESTAMP=23-12-2021,Eligible_to_be_... by vangal_sandeep New Member in Splunk Search 04-11-2022 0 2	0	2
	How to extract fields from JSON data and create a table using fields? 2022-04-11 05:46:26 POST /BestMarket.Internal.Market.Transactions/MarketTransactionService ContractName="BestMarket.... by Kisame27 Explorer in Splunk Search 04-11-2022 0 1	0	1
	How to Get the list of success values in 'If' condition? Hi, I need list of all the successful events details in the 'If' condition. For those successful list I need to extra... by kiran007 Explorer in Splunk Search 04-11-2022 0 4	0	4
	Simple search not working but search for NOT != does work. Hi All,I hope someone can enlighten me with this seemingly simple problem.I have this very simple search return 32 ro... by KeithH Communicator in Splunk Search 04-11-2022 0 6	0	6
	How to convert a field value of single line to displayed as multilines? Hi Splunkers, I have defined a filed as follows using eval condition \| eval body = "Sample Example :-" . " -... by pavanae Builder in Splunk Search 04-10-2022 0 2	0	2
	How to Round in a stats command? Hi, I'm trying to round the average of my response_time but still getting undesirable results (all the decimal places... by ebs Communicator in Splunk Search 04-10-2022 0 7	0	7
	Could you please help me with using REX/REGEX inside eval? Hi Could you please help me with using REX/REGEX inside eval? Here is what I'm trying to do \| makeresults \| eval Use... by usscommunity Loves-to-Learn Lots in Splunk Search 04-09-2022 0 2	0	2
	Splunk search error "Indexers error Could not load lookup=LOOKUP-XXXX " I cant find these LOOKUP anywhere I have created a lookup for a threat feed CSV file we are using. After deleting all the Lookup CSV files and removing... by aamer86 Path Finder in Splunk Search 04-09-2022 0 1	0	1
	What is wrong with my tstats command? This search works fine but is slow: host=host1 sourcetype="WinEventLog:Security" EventCode=5156 \| timechart span=1d... by wcooper003 Communicator in Splunk Search 04-08-2022 0 7	0	7
	How to create cumulative field for duplicated results? I have the following events in splunk: company,name,email,status Acme,John Doe,john.doe@example.com,inactive Comp... by JChris_ Path Finder in Splunk Search 04-08-2022 0 4	0	4
	How to view host disk encryption status I need a query to view disk encryption (DAR) of all my hosts, be it Bit Locker, LUKS, etc.index=* host=* \| ???Thank y... by dfiore42 New Member in Splunk Search 04-08-2022 0 1	0	1
	Help to convert date using strftime Currently I have a field holding a Julian date. I am trying to convert it using strftime but i'm having issues. Date ... by Marco_Develops Path Finder in Splunk Search 04-08-2022 0 2	0	2
	Why is my Search not returning results? Here's the text string from the log I'm searching: store license for Store 1234562022-04-07 19:17:44,360 ERROR path n... by jymmitch Path Finder in Splunk Search 04-08-2022 0 12	0	12
	How to search two reports when one report doesn't have a timestamp? Hi Team, There is a two reports one report(1st report) has timestamp other report(2nd report) doesn't have timesta... by Borntowin Loves-to-Learn Everything in Splunk Search 04-08-2022 0 3	0	3
	Regex for extracting a xml node from a xml feild Hello Expert,Please help me arrive on a regex to extract a xml node in a xml field.I have a field value like below<Re... by ssekar Engager in Splunk Search 04-08-2022 0 4	0	4
	How to set up a search to Retrieve Office 365 audit event property retrieval? I'm trying to set up a search to return Office 365 role change events for specific roles, such as the Global Administ... by JohnMoeVita New Member in Splunk Search 04-08-2022 0 1	0	1
	How do I find the time events have been sent in for the last 3 days? How do I find the time events have been sent in for the last 3 days. I want to see the time 53 different events came ... by Fats120 Loves-to-Learn Lots in Splunk Search 04-08-2022 0 10	0	10
	Why is Search not working but search for NOT != does work? Hi All, I am doing a very simple search over All Time of: index=index=orafin sourcetype=ORAFIN2 It retur... by KeithH Communicator in Splunk Search 04-07-2022 0 1	0	1