Splunk Search

Community Activity

How to combine results to display in a pie chart? Hello Community, I am having issues combining results to display in a pie chart - I tried a few things such as mvappe... by Yy4pb Explorer in Splunk Search 04-06-2022 0 4	0	4
Remove record from Query1 if present in Query2 I have 2 Splunk Queries First Query will return the Employee ID of the Active and Retired Employees.Second Query will... by ngautam760 Engager in Splunk Search 04-06-2022 0 3	0	3
How to set the BREAK_ONLY_BEFORE? I am not sure of how to set the BREAK_ONLY_BEFORE I have tried the below setting.. all my logs are of log4j form... by neha22 Explorer in Splunk Search 04-06-2022 0 5	0	5
Why are new field extractions not showing up in search (verbose mode)? Hello dears, I deleted my custom field which I created before but still extract in search results. Also, I'm trying a... by corehan Explorer in Splunk Search 04-06-2022 1 2	1	2
How to search with variables from lookup csv? Let's say I have a search and a very basic lookup table (csv). What I want to achieve is to use the values in the tab... by fishmong3r Explorer in Splunk Search 04-06-2022 0 4	0	4
Why the result of the timechart command for a specific hour is different than the result of the stats command? hello I use 2 similar searc In the first I timechart the results \| bin _time span=1h \| stats count as Pb by tu... by jip31 Motivator in Splunk Search 04-06-2022 0 7	0	7
How to do time conversion during search runtime? Hi Team, We got an requirement to create a report based on the accessed time present in the logs here in the logs the... by anandhalagaras1 Contributor in Splunk Search 04-06-2022 0 11	0	11
How to fill in 0 for dates when we have missing values in the chart? I am using below query to fill in 0 for dates when we have missing value and get those dates on the chart. But this ... by anu1729 Loves-to-Learn Lots in Splunk Search 04-06-2022 0 5	0	5
How to compare new and existing data Hi, I have a field name VULN in index=ABC sourcetype=XYZ. We need to know, if new VULN show up in 48hrs of data compa... by mbasharat Builder in Splunk Search 04-05-2022 0 4	0	4
Parsing not working as expected New to splunk, need your help.Data:4/5/2022 9:02 PM \| Audit \| hi user \| something.MoveFiles \| Copied File from C:\hel... by a508184 Explorer in Splunk Search 04-05-2022 0 2	0	2
How to add a non existing field in tstats command? Hello, I looking for options to add a non-existing field in tstats command. The scenario is the field doesn't exist.... by whitefang1726 Path Finder in Splunk Search 04-05-2022 0 2	0	2
How to create a search that finds the average of the last three bins? I have an search where I need to find the average of the last three bins. Example: On my time filter I select an rang... by kishan2356 Explorer in Splunk Search 04-05-2022 0 1	0	1
How to rename the sourcetype without involving our vendor at the point of ingest so that I can perform field extraction? We have a cloud instance of Splunk and a vendor whose forwarders we do not control sending data to our instance. I am... by ekolseth Loves-to-Learn in Splunk Search 04-05-2022 0 1	0	1
Why is TimeChart assigning values from spanned table? Hello All, I have a really simple search, while it works, I'd like to do some operations on that data: index=xxxx... by michaelhaedt Explorer in Splunk Search 04-05-2022 0 7	0	7
Why isn't iplocation report providing the city, country under statistics? hello all, I am trying to figure out why my iplocation report isnt providing the city,country under statistics. Below... by tkerr1357 Path Finder in Splunk Search 04-05-2022 0 2	0	2
Splunk function or query which will convert event timestamp field "timestamp" to local timestamp Looking splunk function or query to change timestamp of "_time" field in local timestamp.when we present statistical... by Abhineet Loves-to-Learn Everything in Splunk Search 04-05-2022 0 1	0	1
Why my subsearch is not working? I am parsing logs using splunk and there are two types of logs :1. API endpoint info and user ID2. Logs which contain... by user9025 Path Finder in Splunk Search 04-05-2022 0 5	0	5
How to run a second command inside the if statment I have a value that could be N/A or a number. The issue is when it is a number, splunk is not picking it up as one.So... by robertlynch2020 Influencer in Splunk Search 04-05-2022 0 2	0	2
Why are stats or tstats latest not working on array fields? I have events like these (just some made-up data), that are pushed in JSON format to Splunk: {"name":"abc", "gr... by shikhanshua Explorer in Splunk Search 04-05-2022 0 3	0	3
How to extract error codes coming within single event? I have an event which contains error reason codes of failed records . I have to extract these reason codes and get a... by pradeepkm Explorer in Splunk Search 04-05-2022 0 5	0	5
How to represent a 1 row data in a tabular/matrix format? I have this search query which will return a single row of data- index=xyz \| search accountID="1234" instanceName="ab... by sh254087 Communicator in Splunk Search 04-05-2022 0 2	0	2
How to incorporate a lookup in search but with wild card? Hello all,I have a lookup table which contains a list of URL we want to search in splunk, but instead of searching th... by intrach Explorer in Splunk Search 04-05-2022 0 5	0	5
How to compare multiple value in lookup to single value in index? HI all, I have lookup table with 5 colon that contains IPs I want to create a search that exclude the IPs from my res... by Shakira1 Explorer in Splunk Search 04-05-2022 0 20	0	20
How we can extract Windows Event description instead of Raw data which only give info of Event ID? How we can extract Windows Event description instead of Raw data which only give info of Event ID..Is it possible t... by afraanajam Loves-to-Learn Everything in Splunk Search 04-05-2022 0 5	0	5
How to Add Total along with Percentage in result? I am calculating percentage for each https status code. But i also would like to display the total number of requests... by smrutiphadke Engager in Splunk Search 04-05-2022 0 2	0	2