Splunk Search

Community Activity

	How to extract time from the below message? Hi Folks,Can someone help me on the below. I have the below message in the log and need to extract the time portion a... by peterfox1992 Explorer in Splunk Search 03-23-2022 0 5	0	5
	How to create a search that will trigger an alert when the count is zero? I want to trigger an alert when the count is zero. please help me with the alert search? by sravankaripe Communicator in Splunk Search 03-23-2022 0 7	0	7
	How do I show search value with timechart? Dear professionals,I have a search string like this index="hcg_oapi_prod" relatedPersons NOT (firstName OR middleName... by lamnguyentt1 Explorer in Splunk Search 03-23-2022 0 3	0	3
	How to list with events time difference greater than 0.5 secs? How do I list those events within a set of events(say expand the below query) wherein say 2 consecutive's event time ... by msg4sunil Path Finder in Splunk Search 03-22-2022 0 2	0	2
	How to create Splunk search for getting average of max per 10mins? Hi team I am trying to create a query in order to get average of all max values in a period of 10 mins for any select... by ayushig New Member in Splunk Search 03-22-2022 0 1	0	1
	How can I filter results for type 2 only? Dear Professional, I have a Search string like below index="hcg_oapi_prod" relatedPersons\| regex "\"relatedPersons\":... by lamnguyentt1 Explorer in Splunk Search 03-22-2022 0 3	0	3
	How to add a field that sums cash value by device_id? Currently my search query is: sourcetype="transactions" AND (additionalMessage.requestUrl="*/cashIn/initialize" OR ad... by Rapidz Explorer in Splunk Search 03-22-2022 0 1	0	1
	How to create a table of availabilities of a given service for a set of hosts? I'm trying to create a table of availabilities (percent uptime) for a given service for a set of hosts. My desired o... by bsg273 Path Finder in Splunk Search 03-22-2022 0 5	0	5
	How to compare CutoffTime with current time? I have created a lookup table with filename and cutofftime within which we have to receive the file. I have to compa... by pradeepkm Explorer in Splunk Search 03-22-2022 0 2	0	2
	How to partially join two lookups? Hello, Looking for a way to partially join 2 inputlookups. Lookup 1: username, name jsmith, Johnjdoe, Joe Lookup 2:us... by olegr Engager in Splunk Search 03-22-2022 0 2	0	2
	Why does my AND clause not work? hi I have 2 pb with my eval clause below 1) when I have a look to the events collected, they dont correspond to the... by jip31 Motivator in Splunk Search 03-22-2022 0 14	0	14
	How to extract a field from an escaped string inside a nested JSON I'm looking for help in extracting "allowedSourceAddressPrefix" field/value from a JSON. This field is an escaped JSO... by z0r0 Engager in Splunk Search 03-22-2022 0 6	0	6
	How to create a search for stats count eval? hi I need to use eval count in a search like this \| chart count(eval(web > 12)) But this count is right ... by jip31 Motivator in Splunk Search 03-22-2022 0 5	0	5
	How to combine two timechart query that extract the difference ? Query 1: (index=iks) "Procces started" \| timechart count span=1d Query 2: (index=iks) "Procces finished" \| timechart... by Maickeen Engager in Splunk Search 03-22-2022 0 1	0	1
	How to calculate difference between field values in two events? Hi, i have 2 events with 3 fields: timestamp , servername, cpu_usage: 22-Mar-2022 00:00:00, server1 ,18 23-Mar-2022, ... by vikas_sood Explorer in Splunk Search 03-22-2022 0 3	0	3
	How to turn CSV into a graph? Hey hey, I'm trying to turn telemetry to a graph. I have a CSV containing: PID,runtime,invoked,usecs,5sec,1min,5min,t... by Lither1423 Observer in Splunk Search 03-22-2022 0 3	0	3
	How to extract JSON with key name specified as a key? Hi all, I have a JSON payload that contains as 'custom_fields' section that is made up of a set of title:keyname and... by sddunne Explorer in Splunk Search 03-22-2022 0 4	0	4
	Is there a better way to search than appendcols ? Hi Guys, I am looking search thru, splunk index for presence of multiple conditions as below. index = "ind_name" ... by chsuresh09 Explorer in Splunk Search 03-22-2022 0 11	0	11
	How do I create a more efficient search with wildcards with inputlookups in subseraches? I have a lookup named tc with a field indicator. I wanted to search that indicator field in my firewall sourcetype w... by Janani_Krish Path Finder in Splunk Search 03-22-2022 0 6	0	6
	How to create trigger alert if the count in the dashboard is zero? I would want an alert to be triggered and sent to mail if a particular panel has the count=0 in the dashboard how sho... by prettysunshinez Explorer in Splunk Search 03-22-2022 0 3	0	3
	How to get alert based on timeranges in the lookup file? Hi, I have a lookup file as below. Fileid earliest latest abc 01 03 bcd 02 05 Now the alert(that runs for every hour)... by prettysunshinez Explorer in Splunk Search 03-22-2022 0 13	0	13
	Unable to get the statistics in one line HI, I wanted to see the results for each service in one line. But I see each hour in a different line as per the belo... by SG Path Finder in Splunk Search 03-22-2022 0 8	0	8
	How to find the records based on another search but each happened afterwards Hi, I would like to implement some splunk alert to check if there's any special event that happened after a certain e... by shancao Engager in Splunk Search 03-21-2022 0 1	0	1
	How to parse an Aide scan log file to display each line? I am new to Splunk and I am trying to parse an Aide scan log file to display each line. Currently, Splunk just reads ... by bcain22 Engager in Splunk Search 03-21-2022 0 1	0	1
	Group DNS queries per src_ip where two domains are queried within minutes Hi experts,I would appreciate some design help with a query where I want to see all src_ip's querying for two differe... by Daniel_K Explorer in Splunk Search 03-21-2022 0 7	0	7