Splunk Search

Community Activity

AWS Config data in Splunk I am trying to query AWS config data in Splunk to identify the names of all S3 buckets in AWS. Is there a way to writ... by amitshrigoel Explorer in Splunk Search 01-13-2025 0 3	0	3
Two syslogs usually together but need to report when only one is seen I have two log messages "%ROUTING-LDP-5-NSR_SYNC_START" and "%ROUTING-LDP-5-NBR_CHANGE" which usually accompany each ... by rish_raw New Member in Splunk Search 01-11-2025 0 2	0	2
Correlating values in different index Hi,I have two indexes - "cart" and "purchased" . In "cart" index there is a field "cart_id" and in "purchased" there ... by Souradip11 Explorer in Splunk Search 01-11-2025 0 2	0	2
Export Logs from Zabbix to Splunk Dashboard via API on Button Click Is it possible to create a button in a Splunk dashboard that, when clicked, runs a script to export logs from Zabbix ... by rohithvr19 Loves-to-Learn Everything in Splunk Search 01-11-2025 0 5	0	5
How Do I Exclude Data Based On An Event? Hello Everyone, I am hoping someone can help me out as I have exhausted everything I can think of and cannot seem to ... by Wagzillion Observer in Splunk Search 01-10-2025 0 6	0	6
expiry notification use case Hi All, I have designed a splunk query: \| inputlookup Expiry_details_list.csv \| lookup SupportTeamEmails.csv Applicat... by avi123 Explorer in Splunk Search 01-10-2025 0 1	0	1
Results from Collect command not writing to index? Hi everyone, I recently took over a project by someone who is no longer with my employer. He made several scheduled s... by Aroot002 Path Finder in Splunk Search 01-10-2025 0 7	0	7
how to find difference of two field value(string) and assign it to new field HI allI have a scenario where i have to find the difference of two field value (string) for examplefileda="raj", "rah... by rajsplunk Explorer in Splunk Search 01-10-2025 0 8	0	8
Can a search string dynamically build commands, and then run them? My use case: I want to create a timechart of the number (count) of requests to a system, split by "connection type": ... by Graham_Hanningt Builder in Splunk Search 01-10-2025 0 15	0	15
calculate percentage in a chart over day Hi,I am using a search Mysearch \|eval Guest=if(sid=22,BOT,Others) \| convert timeformat="%Y-%m-%d" ctime(_time) AS dat... by Souradip11 Explorer in Splunk Search 01-10-2025 0 4	0	4
Trying to check and set values conditionally but below query is giving error Trying to check and set values conditionally but below query is giving errorError :-Error in 'eval' command: Fields c... by r_s01 Explorer in Splunk Search 01-10-2025 0 4	0	4
Convert duration time to number integer I have this search, where I get the duration and I need to convert it to integer:Example: Min:Sec to Whole 00:02 ... by Miguel3393 Path Finder in Splunk Search 01-09-2025 0 5	0	5
SPL OPTIMZATION Hey guys, so I was wondering if anyone had any idea how to optimize this query to minimize the sub searches. My brai... by Kenny_splunk Path Finder in Splunk Search 01-09-2025 0 1	0	1
Issue is there is no response for value NULL Under field "message.incomingRequest.lob" but its giving NULL in result index="uhcportals-prod-logs" sourcetype=kubernetes container_name="myuhc-sso" logger="com.uhg.myuhc.log.SplunkLog" ... by r_s01 Explorer in Splunk Search 01-09-2025 0 6	0	6
Time after stats command Hey, I want to add _time column after stats command but I couldn't select the best command. Forexample; index=* \|... by hcelep Engager in Splunk Search 01-09-2025 0 5	0	5
splunk query issues Hey team,I have one requirement i.e have to Create a splunk dashboard to report the # of Logins , # of LogoutsThe inp... by anu1 New Member in Splunk Search 01-09-2025 0 4	0	4
How to rename fields when using 2 queries with OR Hello,I have 2 queries where indices are different and have a common field dest_ip which is my focus(same field name ... by sdcig Explorer in Splunk Search 01-08-2025 0 9	0	9
where with empty subsearch result raises an error message Dear expertsBased on the following search: <search id="subsearch_results"> <query> search index="iii" sea... by Ste Path Finder in Splunk Search 01-08-2025 0 2	0	2
Sanity Check - No Web Browsing Data Model? I'm building a search which takes a URL and returns all events from separate indexes/products where a client (user en... by tretrigh Path Finder in Splunk Search 01-08-2025 0 8	0	8
Replace _raw data for the matched string pattern in a multiple lines raw data Here is my raw data in the splunk query<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"> <s:Body xmlns... by dwangfeng Engager in Splunk Search 01-08-2025 0 5	0	5
stats count include zero Hello,First, I am aware that there are multiple posts regarding my question, but I can't seem to use them in my scena... by LearningGuy Motivator in Splunk Search 01-08-2025 0 6	0	6
how to do trivial projection and json parsing? I'm new to splunk and really struggle very hard with it's documentation. Everytime I try to do something, it does not... by alfonz19 Loves-to-Learn in Splunk Search 01-08-2025 0 9	0	9
compression rate of indexed data: 50gig/day in 3 weeks uses 100gig HDD space Hey, we just set up a indexer 3 weeks ago. By now we are indexing about 50gig/24h. If I go to Manager -> Indexes I c... by jan_wohlers Path Finder in Splunk Search 01-08-2025 1 5	1	5
How to make localize & map work in a subsearch Hi,I have a pretty long search I want to be able to utilize as a savedsearch and allow others benefit from one shared... by kaurinko Communicator in Splunk Search 01-08-2025 0 6	0	6
user success and failure login by month Hello Team, How to search specific app user successful and failure events by month for Jan to Dec? Base search, ... by navan1 Explorer in Splunk Search 01-07-2025 0 6	0	6