Splunk Search

Community Activity

How to use eval to assign a field values of two different fields? Gentlemen,How can i use eval to assign a field values of 2 different fields ?In my events, i have 2 fields: empID ... by neerajs_81 Builder in Splunk Search 03-10-2022 0 6	0	6
Is it possible to speed up the search or improve the running performance by increasing the number of sourcetype I have a log like below: index=login sourcetype=login new_user=1 I also have logs without new_user label index=log... by Minghao Explorer in Splunk Search 03-10-2022 0 9	0	9
Why is extracted field formatted incorrectly? I have the following log that Splunk is not recognizing well : msg=id=123342521352 operation=write How can I write ... by yk010123 Path Finder in Splunk Search 03-09-2022 0 1	0	1
How to include percentage change to Last Week / Prior Week Chart (table) Hi,Long time reader, first time poster. I've cobbled together this query that generates a count by status for last w... by mreid2005 Observer in Splunk Search 03-09-2022 0 1	0	1
Why are there issues with delta query by multiple hostnames? index=testlab sourcetype=testcsv \| rex field="status detail" "(?<message_received_name>Messages Received)\\s*[0-9,... by thaghost99 Path Finder in Splunk Search 03-09-2022 0 1	0	1
How to display percentage of items passed over each week SOURCE CODE \| eventstats count(eval(errorCount=0)) AS passed, count(shortVIN) AS total \| timechart span=1w@w0 eval((p... by wjmaxwe2 New Member in Splunk Search 03-09-2022 0 1	0	1
How find the first event of type A after the last event of type B? I'm trying to extract a report for devices in my network. Home assistant sends a log record with a value of 1 when a ... by gtamaki Engager in Splunk Search 03-09-2022 0 2	0	2
How to compare the value of same fields derived from rex command? hi i am hoping for some help regarding this. basically i would like to compare (subtract current to previous) the val... by thaghost99 Path Finder in Splunk Search 03-09-2022 0 5	0	5
Why are getting this error after the search finishes: Large subsearches Failing - StatsFileWriterLz4 file open failed? We are having an issue with our new 8.2.2 splunk instance any time there's a subsearch with a lot of data being searc... by rwinkler Loves-to-Learn in Splunk Search 03-09-2022 0 0	0	0
Why does my Event show as 2 years delayed? I am looking for “failed login for ADMIN detected” but because the time in Time is two years late it doesn’t alert. M... by Fe-atSplunk Explorer in Splunk Search 03-09-2022 0 4	0	4
How to get the output of particular text from the log message? Hi Team i have a log message and i want to filter the all log messages which contains the below highlighted text. and... by Bala Explorer in Splunk Search 03-09-2022 0 3	0	3
Is it possible to call Splunk RestAPI with request in JSON? Hello all, is it possible to call Splunk RestAPI with request in JSON. I am trying in SOAP UI software, media Type = ... by jakubvojacek Loves-to-Learn in Splunk Search 03-09-2022 0 1	0	1
How to lookup on all values of a multivalue field? I have an external lookup script that works mostly fine. Given an IP address from an event, it can match the address ... by ave19 Explorer in Splunk Search 03-09-2022 0 7	0	7
How to check if field exists and bring another field if true Hi, I have this search: \| spath \| rename object.* as * \| spath path=events{} output=events \| stats by timestamp, ev... by fpedrosa Engager in Splunk Search 03-09-2022 0 7	0	7
How to display the volume of connections per day of the week to a single IP to show which days are busiest? index=Network dest_ip=xx.xx.xx.xx action=allowed Trying to list total allowed connections to destination IP by day, r... by Gurv_Bahad Engager in Splunk Search 03-09-2022 0 6	0	6
How to create a candlestick chart within Splunk 6? I am trying to create a candlestick chart within Splunk 6, but not having much luck finding any options for this with... by mbrown_splunk Splunk Employee in Splunk Search 03-09-2022 1 7	1	7
How to limit the number of characters in a field in a result? Hello community, I have a problem with my research. My searches are then sent to Splunk OnCall to manage alerts.Howev... by Rajaion Path Finder in Splunk Search 03-09-2022 0 8	0	8
How to detect is someone changes their mobile number on AD? Hi All I want to ask if you know how to detect if someone change his mobile number on AD. BR, by khoeld921 New Member in Splunk Search 03-09-2022 0 0	0	0
Custom cluster map complex issue: Why is join command not giving results wanted? hi I use the search below in order to display markers on a map As you can see, I use a join command in order to cross... by jip31 Motivator in Splunk Search 03-08-2022 0 4	0	4
What does this search process error mean and how it can be corrected? Search process did not exit cleanly, exit_code=-1 We are suddenly receiving the following error every time we do a peer search from one of our index servers. The othe... by SteveQuick New Member in Splunk Search 03-08-2022 0 1	0	1
How to create this table with json arrays hi i'm new to splunk. need some help.I have below script: \| spath input=message \| search env=prod clAppNam="i-app" d... by VasistaI Explorer in Splunk Search 03-08-2022 0 4	0	4
How to drop all events that start with DEBUG at the HF? Hi, I'm having no luck getting a filter-n-drop setup... I referenced https://docs.splunk.com/Documentation/Splunk/8.... by Glasses Builder in Splunk Search 03-08-2022 0 8	0	8
How to multivalue field creation where I separate two lines? how can i create a multivalue field using makeresults command like \|makeresults \|eval value_1= " one" "two" there ... by venky1544 Builder in Splunk Search 03-08-2022 0 2	0	2
How to extract the data between two time stamp fields using _time filed in Splunk logs? _time=time1, _raw=some contents _time=time2, _raw=some contents _time=time3, _raw=some contents _time=time4, _raw=som... by satya671 Explorer in Splunk Search 03-08-2022 0 5	0	5
How to change color for entire row? my query is <dashboard version="1.1"><label>CCEcolour</label><row><panel><table><search><query>index=*** source=servi... by priya1926 Path Finder in Splunk Search 03-08-2022 0 3	0	3