Splunk Search

Community Activity

	How to partially join two lookups? Hello, Looking for a way to partially join 2 inputlookups. Lookup 1: username, name jsmith, Johnjdoe, Joe Lookup 2:us... by olegr Engager in Splunk Search 03-22-2022 0 2	0	2
	Why does my AND clause not work? hi I have 2 pb with my eval clause below 1) when I have a look to the events collected, they dont correspond to the... by jip31 Motivator in Splunk Search 03-22-2022 0 14	0	14
	How to extract a field from an escaped string inside a nested JSON I'm looking for help in extracting "allowedSourceAddressPrefix" field/value from a JSON. This field is an escaped JSO... by z0r0 Engager in Splunk Search 03-22-2022 0 6	0	6
	How to create a search for stats count eval? hi I need to use eval count in a search like this \| chart count(eval(web > 12)) But this count is right ... by jip31 Motivator in Splunk Search 03-22-2022 0 5	0	5
	How to combine two timechart query that extract the difference ? Query 1: (index=iks) "Procces started" \| timechart count span=1d Query 2: (index=iks) "Procces finished" \| timechart... by Maickeen Engager in Splunk Search 03-22-2022 0 1	0	1
	How to calculate difference between field values in two events? Hi, i have 2 events with 3 fields: timestamp , servername, cpu_usage: 22-Mar-2022 00:00:00, server1 ,18 23-Mar-2022, ... by vikas_sood Explorer in Splunk Search 03-22-2022 0 3	0	3
	How to turn CSV into a graph? Hey hey, I'm trying to turn telemetry to a graph. I have a CSV containing: PID,runtime,invoked,usecs,5sec,1min,5min,t... by Lither1423 Observer in Splunk Search 03-22-2022 0 3	0	3
	How to extract JSON with key name specified as a key? Hi all, I have a JSON payload that contains as 'custom_fields' section that is made up of a set of title:keyname and... by sddunne Explorer in Splunk Search 03-22-2022 0 4	0	4
	Is there a better way to search than appendcols ? Hi Guys, I am looking search thru, splunk index for presence of multiple conditions as below. index = "ind_name" ... by chsuresh09 Explorer in Splunk Search 03-22-2022 0 11	0	11
	How do I create a more efficient search with wildcards with inputlookups in subseraches? I have a lookup named tc with a field indicator. I wanted to search that indicator field in my firewall sourcetype w... by Janani_Krish Path Finder in Splunk Search 03-22-2022 0 6	0	6
	How to create trigger alert if the count in the dashboard is zero? I would want an alert to be triggered and sent to mail if a particular panel has the count=0 in the dashboard how sho... by prettysunshinez Explorer in Splunk Search 03-22-2022 0 3	0	3
	How to get alert based on timeranges in the lookup file? Hi, I have a lookup file as below. Fileid earliest latest abc 01 03 bcd 02 05 Now the alert(that runs for every hour)... by prettysunshinez Explorer in Splunk Search 03-22-2022 0 13	0	13
	Unable to get the statistics in one line HI, I wanted to see the results for each service in one line. But I see each hour in a different line as per the belo... by SG Path Finder in Splunk Search 03-22-2022 0 8	0	8
	How to find the records based on another search but each happened afterwards Hi, I would like to implement some splunk alert to check if there's any special event that happened after a certain e... by shancao Engager in Splunk Search 03-21-2022 0 1	0	1
	How to parse an Aide scan log file to display each line? I am new to Splunk and I am trying to parse an Aide scan log file to display each line. Currently, Splunk just reads ... by bcain22 Engager in Splunk Search 03-21-2022 0 1	0	1
	Group DNS queries per src_ip where two domains are queried within minutes Hi experts,I would appreciate some design help with a query where I want to see all src_ip's querying for two differe... by Daniel_K Explorer in Splunk Search 03-21-2022 0 7	0	7
	How to set a search that counts the number of times severity=critical appears in the uploaded data by _time Looking for some help with this one.I'm building a few charts that are meant to serve as vulnerability trending. Our ... by hj9b7Cn Engager in Splunk Search 03-21-2022 0 3	0	3
	How to display average in month based count? \| chart count over date_month by seriesName , I have a search that display counts over month by seriesname . but ins... by btcs2 Engager in Splunk Search 03-21-2022 0 6	0	6
	Monthly reporting I am trying to create a report that will show month over month reporting for web service average response time as a p... by ccntech Explorer in Splunk Search 03-21-2022 0 2	0	2
	Status of a transaction using splunk transaction command i am using transaction command to check the start time and end time of a transaction. I have used:\| transaction TxnId... by ayush-choudhary Explorer in Splunk Search 03-21-2022 0 3	0	3
	Total Duration of a User from one point to Another The below table is for one User, like wise I have to pull the details for many users - who visited multiple url on d... by bijodev1 Communicator in Splunk Search 03-21-2022 0 7	0	7
	How to make sure Splunk does not search some indexes? Hi Guys, We have 1 indexer and 1 Search head in 2 different datacenter locations. (Lets say DC-A and DC-B) Since DC-A... by neeravmathur Path Finder in Splunk Search 03-21-2022 0 6	0	6
	Error in 'search' command: Unable to parse the search: Comparator '=' has an invalid term on the right hand side: (FNN = "A0291234567"). Hi all, Below is my search command: \| inputlookup servicereport.csv \| search "FNN" = [ \| inputlookup extract.csv ... by goken New Member in Splunk Search 03-20-2022 0 2	0	2
	How to combine multiple search How do combine the below 2 searches into one? 1. * orderid\|stats count by id returns something like 2022-03-21T00:10... by msg4sunil Path Finder in Splunk Search 03-20-2022 0 4	0	4
	How to combine two searches from same index Hi,From these logs (unique index): 2022-03-16 16:43:43.279 traceId="1234" svc="Service1" url="/customer/{customerGuid... by fredv44 Explorer in Splunk Search 03-20-2022 0 4	0	4