Splunk Search

Community Activity

How to able Formatting _time to be used in the timepicker? Hi everyone, Pretty new to Splunk and would really appreciate your insight on my current project. Currently creating ... by elomotanpru Path Finder in Splunk Search 03-24-2022 0 9	0	9
Does this mean that _raw cannot be used with tstats? Hi Splunkers,in my tasks I performed an exam of some already Splunk searches and one of these is about a Log4j vulner... by SIEMStudent Path Finder in Splunk Search 03-24-2022 0 1	0	1
Having trouble with rex command I have below raw string 03 Mar 2022 10:08:18,188 GMT ERROR [dbdiNotificationService,ServiceManagement] {} - Caught R... by bhaskar5428 Explorer in Splunk Search 03-24-2022 0 2	0	2
How to display the results matching the same fields as another fields? Hi All, I was working on a case where i have 2 fields extracted as "actordisplayName" & "targetUser" in the same raw ... by ChethanNP Explorer in Splunk Search 03-24-2022 0 6	0	6
How to have exclude weekend in the splunk dashboard as a input button? Hi Folks,I have been working on a dashboard that displays result as a timechart grouping by days.I see results are di... by peterfox1992 Explorer in Splunk Search 03-24-2022 0 2	0	2
Is there a way for me to read the contents of the script from the search bar? we have a dashboard that checks endpoint health and creates a message, "Endpoint XYZ is available" The source is a pa... by ccntech Explorer in Splunk Search 03-24-2022 0 1	0	1
Please help with Date extraction from below string i have system column "_time" with below output 2022-03-16 11:12:18.723i would like segregate date and time by rex com... by bhaskar5428 Explorer in Splunk Search 03-24-2022 0 5	0	5
How to create drilldown from a table with time in order to display more details? hello As you can see, I use a table with one hour bin span and I need to drillwown on every row in order to display m... by jip31 Motivator in Splunk Search 03-24-2022 0 10	0	10
How to create search for CPU linux to load average? Hi , I need the help to write splunk query for calculating CPU Linux load average for last 1,5 and 15 mins. I have sp... by mm12 Explorer in Splunk Search 03-24-2022 0 1	0	1
How to view only one data in graph when there is a list ? I have list of items plotted in line graph which is basically time-series data. I would like to have an option to sel... by R_Ramanan Loves-to-Learn in Splunk Search 03-24-2022 0 3	0	3
How to write this complex search displayed with a transpose _time command? Hello I use a complex search with display results ordered by time in a table As you can see the time period is today... by jip31 Motivator in Splunk Search 03-24-2022 0 1	0	1
How to compare nested case statements with eval Hi, I am trying to use case keyword to solve a multiple nested statement but it is just giving me output for the els... by anu1729 Loves-to-Learn Lots in Splunk Search 03-24-2022 0 2	0	2
Help creating regex extraction Gentlemen,We are ingesting Windows SYSmon logs via TA-microsoft-sysmon , and the raw events are showing in XML format... by neerajs_81 Builder in Splunk Search 03-23-2022 0 4	0	4
How to replace values outputted from \|stats with values from another search? Hello! I am attempting to take a variety of values for a single field and essentially use another search from a diffe... by DenverGeo Engager in Splunk Search 03-23-2022 0 2	0	2
Why is Splunk timechart not displaying data when last 30 days range is selected? Hi Folks, I'm new to Spunk and I was working on creating a dashboard for one of my Application. Dashboard is built bu... by peterfox1992 Explorer in Splunk Search 03-23-2022 0 6	0	6
How to replace subsearch to achieve the same result? Hi Folks,I'm using a query like below. But since subsearch returns more than 10K events, I'm not getting the expected... by peterfox1992 Explorer in Splunk Search 03-23-2022 0 8	0	8
How to extract substring from a string? I have a string in this form: sub = 13433 cf-ipcountry = US mail = abc.test@gmail.com ct-remote-user = testaccount e... by abhipatthi Engager in Splunk Search 03-23-2022 0 1	0	1
How to make a loop in one event? My log is like this:TimeEvent3/23/22 11:00:00.000 AMApplication 'AAA' is runningApplication 'BBB' is stoppedDatabase ... by sabinayang Observer in Splunk Search 03-23-2022 0 1	0	1
How to retrieve after field extraction, if it's classified as 'no search is performed after field extraction'? Cannot be retrieved after field extraction- If field extraction is classified as ` no search is performed after field... by noott211 Path Finder in Splunk Search 03-23-2022 0 2	0	2
Is there a limit to the number of digits for a number field in a kvstore? I have a kvstore that I am writing results of a search to. I have a field in the kvstore called ASC_IDX, and this is ... by BernardEAI Communicator in Splunk Search 03-23-2022 0 1	0	1
How to create a table on windowed count of api response time? I have some api response logs separated by pipe. However there is already field extraction on api response time. the ... by anonym3421 Engager in Splunk Search 03-23-2022 0 1	0	1
Need help on appendcols _time issue hello When I run the search below, its gives me "4" in results at the _time span = 11h `index` earliest=@d+7h late... by jip31 Motivator in Splunk Search 03-23-2022 0 1	0	1
Why is splunk crashing on lookup command? We have simple csv lookup like: network,descr 192.168.0.0/24,network_name Lookup description in transforms.conf: [ne... by gots Path Finder in Splunk Search 03-23-2022 1 13	1	13
How do I check supplier creation date in Buying Inspector? Hello - How do I check supplier creation date in Buying Inspector. by Vinaymkaggal New Member in Splunk Search 03-23-2022 0 2	0	2
How to extract time from the below message? Hi Folks,Can someone help me on the below. I have the below message in the log and need to extract the time portion a... by peterfox1992 Explorer in Splunk Search 03-23-2022 0 5	0	5