Splunk Search

Community Activity

How to include several unique IP address in the search command with src=or can I use src IN(ip,ip,ip)? How can I include several unique IP address in the search command with src= or can I use src IN(ip,ip,ip) by lakaras1s New Member in Splunk Search 03-18-2022 0 1	0	1
How to change stats on optional field? Hello Folks, I have the below query on one of my dashboard panel. Here I pass the IN_BUSINESSDATE field value from da... by rangarbus Path Finder in Splunk Search 03-18-2022 0 1	0	1
How to check if multiple conditions are true? I am looking for a way to check for multiple conditions to match, and if they are met, output a specific word... such... by iomega311 Explorer in Splunk Search 03-18-2022 0 2	0	2
How to create a lookup subsearch with NOT IN I am facing following challenge. I have a lookup table myids.csv with ID's in it: ID123 I have and index also with ID... by ub_ik Explorer in Splunk Search 03-17-2022 0 2	0	2
How to create a search for when User visits url, do a transaction, and get the data based on time? Hi Everyone, I am trying to pull a result per customer, where he/she has visited url based on time_order I did someth... by bijodev1 Communicator in Splunk Search 03-17-2022 0 15	0	15
How to find the number of days between two dates? Hi All, I have logs as below to check certificate validity:Valid from: Tue Jul 13 02:51:21 EDT 2021 until: Thu Jul 13... by Mrig342 Contributor in Splunk Search 03-17-2022 0 6	0	6
Why is Cluster Count not working? Hi Everyone, I have created the below query in Splunk to fetch the Error messages index=abc ns=blazegateway-c2 CASE(E... by aditsss Motivator in Splunk Search 03-17-2022 0 5	0	5
Why is there Circular dependency Issue in Data Model? Error: Error in 'SearchProcessor': Found circular dependency when expanding from.Network_Traffic.All_Traffic Backgrou... by kashz Explorer in Splunk Search 03-17-2022 0 1	0	1
How to use Splunk AND command to find field 3? ++EXT-ID[05] FLD[Wallet Provider Device..] FRMT[TLV] LL[1] LEN[32] DATA[4AD74D9421FE60B5688EF727F1BC7488] ++EXT-ID[... by jayeshrajvir Explorer in Splunk Search 03-17-2022 0 17	0	17
How to pass lookup table to search? Hello Team, I have a lookup table with 1000 employees data into it, like email, id and other I have an search which ... by Try_harder New Member in Splunk Search 03-17-2022 0 4	0	4
How to display a single value trend from 2 different relative time? HiI would like to dis play a trend indicator between these 2 different relative timeIs it possible? index=toto sourc... by jip31 Motivator in Splunk Search 03-16-2022 0 5	0	5
Will the data model acceleration enabled for the first search head automatically be enabled for the next search head? We are currently using a Splunk Enterprise environment with one search head and one indexer.We enabled data model acc... by AHA-0114 Explorer in Splunk Search 03-16-2022 0 4	0	4
How to extract Splunk rex field? Hi There, I have a query that I use to extract all database modifications. However, I want to exclude SELECT from ca... by GRC Path Finder in Splunk Search 03-16-2022 0 26	0	26
KVStore Field returning Invalid result- How do I fix this? Hello. I have some KVStore collections in our cloud environment. In some of those collections, there are boolean fie... by rjscholl New Member in Splunk Search 03-16-2022 0 1	0	1
How to create an alert based on lookup file Hi, I need to set up an alert with the query like below. index=abc sourcetype=bcd “abc” File_name=maple.txt earliest=... by prettysunshinez Explorer in Splunk Search 03-16-2022 0 2	0	2
How do I create a new field time? I have an alert table with certain values:Time (alert occurrence) \| Alert Name \| Severity.... Would it be possible to... by MagicCerbero New Member in Splunk Search 03-16-2022 0 3	0	3
Why am I unable to REX out a subset of a field? I've got an alert I put together and am trying to REX multiple pieces of it out to their own columns. This is against... by arist0telis Explorer in Splunk Search 03-16-2022 0 3	0	3
How do I split a string which contains a path so I'm only getting the first two directories? I have several thousand events with a path such as d:\RNREDINFFTP01-AVREDINFWFS01\ebtest1\foo\bar\filename2.txt. The... by DamageSplunk Explorer in Splunk Search 03-16-2022 1 7	1	7
Is it possible to use multiple collects to send data to different indexes? Is it possible to use the collect function to send data to multiple different summary indexes?For example, let's say ... by moses_meniscus Explorer in Splunk Search 03-16-2022 0 2	0	2
How to append dynamic value to end of search? Dear Community I am looking for a way to add a static and a dynamic value at the end of a search to track the status ... by ub_ik Explorer in Splunk Search 03-16-2022 0 4	0	4
How to sort instance name alphanumeric not lexicographically? Hi all, I was wondering if someone could help with a sort ordering issue I have. I am looking for a way to sort inst... by myazdzik Loves-to-Learn in Splunk Search 03-16-2022 0 5	0	5
How to retrieve the same result in 2 similar search with count different? hi In my dashboard, I use 2 similar searches in the first, I am doing a dc of "s" index=test earliest=@d+7h late... by jip31 Motivator in Splunk Search 03-16-2022 0 5	0	5
How to create a table of hosts running or not running a given Linux service? I'm trying to create a statistics table for whether or not a given Linux service is running on a set of hosts. For e... by bsg273 Path Finder in Splunk Search 03-16-2022 0 5	0	5
How to display 0 in a timechart table? hello I count results by _time in a table panel like this and it works perfectly When the results is 0 the result is ... by jip31 Motivator in Splunk Search 03-15-2022 0 10	0	10
How can I parse field with unescaped data? I have the following log : data=123 params="{"limit":200,"id":["123"] someotherdata How can I parse the params fie... by yk010123 Path Finder in Splunk Search 03-15-2022 0 1	0	1