Splunk Search

Community Activity

How can I list a single attribute and sort based on its value? Hi,I have documents similar to the one below: request_id: 12345 revision: 123 other_field: stuff my_preciou... by aj_54321 Explorer in Splunk Search 04-07-2022 0 2	0	2
SubSearch with different index and pass the fields to MainSearch and only use one filed from it for query purpose Hey Community, I am trying to get my head around this query My subsearch below, The query will look for the api path,... by adeshreddy Engager in Splunk Search 04-07-2022 0 4	0	4
Could someone provide regex help? Hey all , just need a little regex help trying to pull an IP address out and its not working. here is my rex \| rex... by tkerr1357 Path Finder in Splunk Search 04-07-2022 0 4	0	4
Grouping multiple results from a search in to the same name I'm trying to make a visualization showing our number of signatures, but the data is not very organized because I hav... by bb10 Engager in Splunk Search 04-07-2022 0 2	0	2
How to get the count of a specific value? How would you return the count of only the Reachable devices?In the picture above you would return 8.When using the q... by apignata Explorer in Splunk Search 04-07-2022 0 6	0	6
How to use a different field for time? Hi All! The data I am pulling is coming from nodes in multiple time zones. I want to use that time zone instead of Sp... by HWalk1 Explorer in Splunk Search 04-07-2022 0 4	0	4
Fields vs table vs nothing? Thought there was an answer on this already but can't find it, but for something like this, which is the most perform... by aberkow Builder in Splunk Search 04-07-2022 1 3	1	3
How to modify Splunk search only for logon_name users that are inside CSV? HelloHelloI have the following Splunk search syntax which returns me detailed log connection for a all user to the VP... by sbatino Observer in Splunk Search 04-07-2022 0 3	0	3
How to Disable auto-run when changing mode or time in Search view? Context: New Search View. I am not referring to Dashboards (which have many auto-run posts). I often develop searche... by rajbeerdhatt Explorer in Splunk Search 04-07-2022 2 1	2	1
How to make another field date and time field before and after indexing Hello Splunkers,I have data where the index time is different from the actual file.The source has the correct date an... by vrmandadi Builder in Splunk Search 04-07-2022 0 6	0	6
Why does the time field show up in the transpose header? hello I use a transpose command in a table panel \| eval time=strftime(_time,"%H:%M") \| sort time \| fields - _ti... by jip31 Motivator in Splunk Search 04-07-2022 0 3	0	3
How to exclude some indexes from search? Hi, I am encountering issue with 1 particular index. I am unable to use index!= to exclude the results from that part... by Thomas19 New Member in Splunk Search 04-07-2022 0 3	0	3
How can I exclude a value if it is equal or less than the number of char? I need to exclude the field values if it is less than or equal to 8 characters. For eg: In the field abc, I have the ... by innoce Path Finder in Splunk Search 04-07-2022 1 2	1	2
How to extract more logs after searching for particular string? Hi All, I would like to extract more logs after searching for particular string. Eg., I want to search with string "M... by mfshravan New Member in Splunk Search 04-06-2022 0 0	0	0
How to trim the unusual brackets from url? Hi all,I have some value under src fields as below, but it has some problems. For example, actually <1b5a.4.d576d0e8-... by Woodpecker Path Finder in Splunk Search 04-06-2022 0 3	0	3
How to convert time from an upload csv to Splunk readable format I have a csv file that I upload through Lookup Editor which have a Time column in this format15/06/2021 14:35:00I wan... by phamxuantung Communicator in Splunk Search 04-06-2022 0 4	0	4
How to build a timechart to show endpoint response time over a 95 Percentile? Hello, I have 3 fields from which I need to build a line chart on a Time series. ServerTime Endpoint ResponseTime ... by jprovenzale Explorer in Splunk Search 04-06-2022 0 4	0	4
Why does time difference between two time stamps in a single event come out null? Team, Time difference between end_task_date and start_task_date is coming null. Could you please take a look below an... by kapoorsumit2020 Loves-to-Learn Everything in Splunk Search 04-06-2022 0 1	0	1
How to extract an unescaped value? I have the following data : query="select field from table where (status!="Y") and ids.id IN ["123","145"] limit 5... by yk010123 Path Finder in Splunk Search 04-06-2022 0 1	0	1
How to timechart count as variance from moving average This seems to me like it should be super simple (looker, tableau, etc) but I've been working at this for almost 2 day... by robempire New Member in Splunk Search 04-06-2022 0 1	0	1
How to remove data after the first period? Hi Splunk Community, I am trying to remove the data in a field after the first period. my field looks like this: 2461... by jpfrancetic Path Finder in Splunk Search 04-06-2022 0 2	0	2
How to merge events and show in tabular format? Hello Splunkers , I am trying to see if I can merge the following events and show in a tabular format sample event 1:... by vrmandadi Builder in Splunk Search 04-06-2022 0 4	0	4
How to create a Search for "DBX - Input Performance - Input Jobs Median Duration Time" for a DB Input? Hello, We had an issue where where a DB Input we have fell behind in fetching the events. We seen that a few days ag... by mninansplunk Path Finder in Splunk Search 04-06-2022 0 2	0	2
Help with subsearch eval function with where clause Hi All, I want help to use where clause in eval command: below is lookup data: ID expense year 1 10 202... by ND Path Finder in Splunk Search 04-06-2022 0 3	0	3
How to export search results into a text file using search Hi, I am exploring some options for exporting data into text file from Splunk. I have a scheduled saved search which ... by mbasharat Builder in Splunk Search 04-06-2022 0 6	0	6