Splunk Search

Community Activity

	How to count distinct items in nested fields? Hi! I can't seem to figure out how to get a count of each operation in a document like below: { [-] request_id: 1... by aj_54321 Explorer in Splunk Search 04-04-2022 0 8	0	8
	How to give matching fields the same number ? Hello, I have data that look like this :Month Key Value Number ------------------------------ Jan Key1 ... by Newser703 Explorer in Splunk Search 04-04-2022 0 1	0	1
	How to filter a multivalue field using a subsearch? I found a close answer to what I'm looking for here:https://community.splunk.com/t5/Splunk-Search/Why-cant-i-supply-a... by chrids Explorer in Splunk Search 04-04-2022 0 4	0	4
	How do I exclude events based on lookup file contents? I have a lookup file that has 5 columns. Those are src_ip, dest_ip, dest_port, signature and active. src_ip has 18 v... by bt149 Path Finder in Splunk Search 04-03-2022 0 4	0	4
	How to join 2 tables by field and closest table2 _time before table1 _time? Hello, Let's say I have the following tables index=events _timeevent_idip index=connections _timeip_addressuser Whe... by warlitos Explorer in Splunk Search 04-03-2022 0 5	0	5
	How to join with multiple matches? Im trying to join the correct source hostname to my Event from where a RDP Connection was innitiated.Since the Event ... by Hendrik2509 Engager in Splunk Search 04-03-2022 0 4	0	4
	Why is table listing not in reverse _time order? If I do an index search, raw events are listed in reverse _time order, which is often also the reverse _indextime ord... by yuanliu SplunkTrust in Splunk Search 04-03-2022 0 6	0	6
	How to use bonnie++ results to calculate IOPS? Hello, I have install bonnie++ Ver 1.03e on Ubuntu 20.04.4, try to run Command bonnie++ , attached please fine the... by NSCKevinSplunk Engager in Splunk Search 04-02-2022 0 7	0	7
	How to Create a search to find a user who made a change to an outlook account? Hi, please bear with me, I'm VERY new to Splunk. I've been googling trying to find the proper search, but I'm coming ... by EMDurks New Member in Splunk Search 04-02-2022 0 2	0	2
	How to extract value from JSON then declare a variable? I have HEC to send an event to Splunk in JSON format: { Status: Down Source: GCP URL: url_1 } { Sta... by yiweishih Explorer in Splunk Search 04-02-2022 0 2	0	2
	Error when searching log text that contains a line break Sample text from a log that I'm searching: "store license for Store 1234562022-03-27 02:01:59,649 [XNIO-2 task-3] ERR... by jymmitch Path Finder in Splunk Search 04-01-2022 0 11	0	11
	Why is Splunk search returning additional results not specified in Lookup table? I have a query to search particular event id's from Active Directory and see what Targets these apply to. Instead of... by hillsmtb7 Explorer in Splunk Search 04-01-2022 0 5	0	5
	Is there a way to timechart format like this? Is there a way to make a timechart like this in splunk? I really don't need the number values on the y axis I mostly ... by JP2022 New Member in Splunk Search 04-01-2022 0 1	0	1
	How to escape special character through regex Hi experts, I wanted to escape the backslash "\" from the below logs, and capture the status code. The output should... by mrmanishsharma New Member in Splunk Search 04-01-2022 0 6	0	6
	After splunk job failed, we are unable to fetch the every 5 mins history data. @links to members'search earliest=-10m latest=now index= 'xyz'(host=abcd123 or host=abcd345)TxnStart2End\| rex "Avg=(?... by DKR1 New Member in Splunk Search 04-01-2022 0 1	0	1
	Why is my search returning error? I'm trying to run the following commands on an index: \| eval elast=strptime(lastSeen,"%Y-%m-%d %H:%M:%S") \| eval da... by parkz Explorer in Splunk Search 04-01-2022 0 1	0	1
	Help with Splunk query for battery status, cpu usage, disk space Hi, Please indulge me as I am relatively new to Splunk. I wish to create a query or report I can run on demand to pro... by boxenberg Explorer in Splunk Search 04-01-2022 0 4	0	4
	How to only show only unique values over timeseries data with stats I have a time series data source where an alert writes an event indicating that the number of systems an account is l... by mjones414 Contributor in Splunk Search 04-01-2022 0 2	0	2
	Querying when the last time, an event was seen from various hosts in the system How to know the last event's time from each of the hosts in the system?. The output can be of the below format?host1... by msg4sunil Path Finder in Splunk Search 04-01-2022 0 5	0	5
	Is there a possibility to find out the list of curl commands executed in the Splunk using spl Hi Community, We have encountered a weird case with the curl command. One of the users was running a curl command to ... by _pravin Contributor in Splunk Search 04-01-2022 0 0	0	0
	Why has field extractor incorrectly mapped the fields or shows same value for multiple fields? I have a long event which I tried to extract fields from, using splunk's extract additional fields feature. I chose ... by sh254087 Communicator in Splunk Search 04-01-2022 0 0	0	0
	How to correlate to multi-value fields from one event? Hello, I have logs where there are multiple values for two fields. This data looks like this example below for each ... by gnostic_device Engager in Splunk Search 04-01-2022 0 3	0	3
	How to extract the last three digits after the ">" sign, and than the summation of those values? Hello, I have a search that prints out a list of numbers in this format. [144 ==> 143][145 ==> 144][144 ==> 145][145 ... by amaralt808 Path Finder in Splunk Search 04-01-2022 0 6	0	6
	How to convert `_time` to the column and `host` as an index while using `mstats`? How to convert `_time` to the column and `host` as an index while using `mstats`?\| mstats avg(_value) prestats=true... by microsac Explorer in Splunk Search 03-31-2022 0 6	0	6
	How to subsearch/multisearch date based on minimum of main search? lets say I have a subsearch or multisearch. I want to have my subsearch/multisearch date to be 30 days before the sta... by arusoft Communicator in Splunk Search 03-31-2022 0 6	0	6