Splunk Search

Community Activity

Having trouble with rex command I have below raw string 03 Mar 2022 10:08:18,188 GMT ERROR [dbdiNotificationService,ServiceManagement] {} - Caught R... by bhaskar5428 Explorer in Splunk Search 03-24-2022 0 2	0	2
How to display the results matching the same fields as another fields? Hi All, I was working on a case where i have 2 fields extracted as "actordisplayName" & "targetUser" in the same raw ... by ChethanNP Explorer in Splunk Search 03-24-2022 0 6	0	6
How to have exclude weekend in the splunk dashboard as a input button? Hi Folks,I have been working on a dashboard that displays result as a timechart grouping by days.I see results are di... by peterfox1992 Explorer in Splunk Search 03-24-2022 0 2	0	2
Is there a way for me to read the contents of the script from the search bar? we have a dashboard that checks endpoint health and creates a message, "Endpoint XYZ is available" The source is a pa... by ccntech Explorer in Splunk Search 03-24-2022 0 1	0	1
Please help with Date extraction from below string i have system column "_time" with below output 2022-03-16 11:12:18.723i would like segregate date and time by rex com... by bhaskar5428 Explorer in Splunk Search 03-24-2022 0 5	0	5
How to create drilldown from a table with time in order to display more details? hello As you can see, I use a table with one hour bin span and I need to drillwown on every row in order to display m... by jip31 Motivator in Splunk Search 03-24-2022 0 10	0	10
How to create search for CPU linux to load average? Hi , I need the help to write splunk query for calculating CPU Linux load average for last 1,5 and 15 mins. I have sp... by mm12 Explorer in Splunk Search 03-24-2022 0 1	0	1
How to view only one data in graph when there is a list ? I have list of items plotted in line graph which is basically time-series data. I would like to have an option to sel... by R_Ramanan Loves-to-Learn in Splunk Search 03-24-2022 0 3	0	3
How to write this complex search displayed with a transpose _time command? Hello I use a complex search with display results ordered by time in a table As you can see the time period is today... by jip31 Motivator in Splunk Search 03-24-2022 0 1	0	1
How to compare nested case statements with eval Hi, I am trying to use case keyword to solve a multiple nested statement but it is just giving me output for the els... by anu1729 Loves-to-Learn Lots in Splunk Search 03-24-2022 0 2	0	2
Help creating regex extraction Gentlemen,We are ingesting Windows SYSmon logs via TA-microsoft-sysmon , and the raw events are showing in XML format... by neerajs_81 Builder in Splunk Search 03-23-2022 0 4	0	4
How to replace values outputted from \|stats with values from another search? Hello! I am attempting to take a variety of values for a single field and essentially use another search from a diffe... by DenverGeo Engager in Splunk Search 03-23-2022 0 2	0	2
Why is Splunk timechart not displaying data when last 30 days range is selected? Hi Folks, I'm new to Spunk and I was working on creating a dashboard for one of my Application. Dashboard is built bu... by peterfox1992 Explorer in Splunk Search 03-23-2022 0 6	0	6
How to replace subsearch to achieve the same result? Hi Folks,I'm using a query like below. But since subsearch returns more than 10K events, I'm not getting the expected... by peterfox1992 Explorer in Splunk Search 03-23-2022 0 8	0	8
How to extract substring from a string? I have a string in this form: sub = 13433 cf-ipcountry = US mail = abc.test@gmail.com ct-remote-user = testaccount e... by abhipatthi Engager in Splunk Search 03-23-2022 0 1	0	1
How to make a loop in one event? My log is like this:TimeEvent3/23/22 11:00:00.000 AMApplication 'AAA' is runningApplication 'BBB' is stoppedDatabase ... by sabinayang Observer in Splunk Search 03-23-2022 0 1	0	1
How to retrieve after field extraction, if it's classified as 'no search is performed after field extraction'? Cannot be retrieved after field extraction- If field extraction is classified as ` no search is performed after field... by noott211 Path Finder in Splunk Search 03-23-2022 0 2	0	2
Is there a limit to the number of digits for a number field in a kvstore? I have a kvstore that I am writing results of a search to. I have a field in the kvstore called ASC_IDX, and this is ... by BernardEAI Communicator in Splunk Search 03-23-2022 0 1	0	1
How to create a table on windowed count of api response time? I have some api response logs separated by pipe. However there is already field extraction on api response time. the ... by anonym3421 Engager in Splunk Search 03-23-2022 0 1	0	1
Need help on appendcols _time issue hello When I run the search below, its gives me "4" in results at the _time span = 11h `index` earliest=@d+7h late... by jip31 Motivator in Splunk Search 03-23-2022 0 1	0	1
Why is splunk crashing on lookup command? We have simple csv lookup like: network,descr 192.168.0.0/24,network_name Lookup description in transforms.conf: [ne... by gots Path Finder in Splunk Search 03-23-2022 1 13	1	13
How do I check supplier creation date in Buying Inspector? Hello - How do I check supplier creation date in Buying Inspector. by Vinaymkaggal New Member in Splunk Search 03-23-2022 0 2	0	2
How to extract time from the below message? Hi Folks,Can someone help me on the below. I have the below message in the log and need to extract the time portion a... by peterfox1992 Explorer in Splunk Search 03-23-2022 0 5	0	5
How to create a search that will trigger an alert when the count is zero? I want to trigger an alert when the count is zero. please help me with the alert search? by sravankaripe Communicator in Splunk Search 03-23-2022 0 7	0	7
How do I show search value with timechart? Dear professionals,I have a search string like this index="hcg_oapi_prod" relatedPersons NOT (firstName OR middleName... by lamnguyentt1 Explorer in Splunk Search 03-23-2022 0 3	0	3