Splunk Search

Community Activity

Help on basic questions about a by clause hi sorry for this question but I have difficulties to understand why a by clause with 3 conditions retrieve less even... by jip31 Motivator in Splunk Search 04-06-2022 0 1	0	1
How to pass a cancellation token as an argument to cancel the search? Hi, I'm using the .NET SDK and I cannot find how to pass a cancellation token as an argument to cancel the search. Is... by david_blanco Engager in Splunk Search 04-06-2022 0 3	0	3
How to get stats count by day? Need my SPL to count records, for previous calendar day: by Fats120 Loves-to-Learn Lots in Splunk Search 04-06-2022 0 9	0	9
How to combine results to display in a pie chart? Hello Community, I am having issues combining results to display in a pie chart - I tried a few things such as mvappe... by Yy4pb Explorer in Splunk Search 04-06-2022 0 4	0	4
Remove record from Query1 if present in Query2 I have 2 Splunk Queries First Query will return the Employee ID of the Active and Retired Employees.Second Query will... by ngautam760 Engager in Splunk Search 04-06-2022 0 3	0	3
How to set the BREAK_ONLY_BEFORE? I am not sure of how to set the BREAK_ONLY_BEFORE I have tried the below setting.. all my logs are of log4j form... by neha22 Explorer in Splunk Search 04-06-2022 0 5	0	5
Why are new field extractions not showing up in search (verbose mode)? Hello dears, I deleted my custom field which I created before but still extract in search results. Also, I'm trying a... by corehan Explorer in Splunk Search 04-06-2022 1 2	1	2
How to search with variables from lookup csv? Let's say I have a search and a very basic lookup table (csv). What I want to achieve is to use the values in the tab... by fishmong3r Explorer in Splunk Search 04-06-2022 0 4	0	4
Why the result of the timechart command for a specific hour is different than the result of the stats command? hello I use 2 similar searc In the first I timechart the results \| bin _time span=1h \| stats count as Pb by tu... by jip31 Motivator in Splunk Search 04-06-2022 0 7	0	7
How to do time conversion during search runtime? Hi Team, We got an requirement to create a report based on the accessed time present in the logs here in the logs the... by anandhalagaras1 Contributor in Splunk Search 04-06-2022 0 11	0	11
How to fill in 0 for dates when we have missing values in the chart? I am using below query to fill in 0 for dates when we have missing value and get those dates on the chart. But this ... by anu1729 Loves-to-Learn Lots in Splunk Search 04-06-2022 0 5	0	5
How to compare new and existing data Hi, I have a field name VULN in index=ABC sourcetype=XYZ. We need to know, if new VULN show up in 48hrs of data compa... by mbasharat Builder in Splunk Search 04-05-2022 0 4	0	4
Parsing not working as expected New to splunk, need your help.Data:4/5/2022 9:02 PM \| Audit \| hi user \| something.MoveFiles \| Copied File from C:\hel... by a508184 Explorer in Splunk Search 04-05-2022 0 2	0	2
How to add a non existing field in tstats command? Hello, I looking for options to add a non-existing field in tstats command. The scenario is the field doesn't exist.... by whitefang1726 Path Finder in Splunk Search 04-05-2022 0 2	0	2
How to create a search that finds the average of the last three bins? I have an search where I need to find the average of the last three bins. Example: On my time filter I select an rang... by kishan2356 Explorer in Splunk Search 04-05-2022 0 1	0	1
How to rename the sourcetype without involving our vendor at the point of ingest so that I can perform field extraction? We have a cloud instance of Splunk and a vendor whose forwarders we do not control sending data to our instance. I am... by ekolseth Loves-to-Learn in Splunk Search 04-05-2022 0 1	0	1
Why is TimeChart assigning values from spanned table? Hello All, I have a really simple search, while it works, I'd like to do some operations on that data: index=xxxx... by michaelhaedt Explorer in Splunk Search 04-05-2022 0 7	0	7
Why isn't iplocation report providing the city, country under statistics? hello all, I am trying to figure out why my iplocation report isnt providing the city,country under statistics. Below... by tkerr1357 Path Finder in Splunk Search 04-05-2022 0 2	0	2
Splunk function or query which will convert event timestamp field "timestamp" to local timestamp Looking splunk function or query to change timestamp of "_time" field in local timestamp.when we present statistical... by Abhineet Loves-to-Learn Everything in Splunk Search 04-05-2022 0 1	0	1
Why my subsearch is not working? I am parsing logs using splunk and there are two types of logs :1. API endpoint info and user ID2. Logs which contain... by user9025 Path Finder in Splunk Search 04-05-2022 0 5	0	5
How to run a second command inside the if statment I have a value that could be N/A or a number. The issue is when it is a number, splunk is not picking it up as one.So... by robertlynch2020 Influencer in Splunk Search 04-05-2022 0 2	0	2
Why are stats or tstats latest not working on array fields? I have events like these (just some made-up data), that are pushed in JSON format to Splunk: {"name":"abc", "gr... by shikhanshua Explorer in Splunk Search 04-05-2022 0 3	0	3
How to extract error codes coming within single event? I have an event which contains error reason codes of failed records . I have to extract these reason codes and get a... by pradeepkm Explorer in Splunk Search 04-05-2022 0 5	0	5
How to represent a 1 row data in a tabular/matrix format? I have this search query which will return a single row of data- index=xyz \| search accountID="1234" instanceName="ab... by sh254087 Communicator in Splunk Search 04-05-2022 0 2	0	2
How to incorporate a lookup in search but with wild card? Hello all,I have a lookup table which contains a list of URL we want to search in splunk, but instead of searching th... by intrach Explorer in Splunk Search 04-05-2022 0 5	0	5