Splunk Search

Community Activity

Is there anyway to create a file with a list of IP's that i can use in the search field? is there anyway to create a file with a list of IP's that i can use in the search field? i am trying to search for IP... by tazzvon Engager in Splunk Search 03-02-2022 0 3	0	3
Why is my chart that is grouped by values not showing up in visualization? Hi Experts, my SPL query, ...\| eval elapse_range=case(TOTAL_ELAPSE>0 AND TOTAL_ELAPSE<4, "Green",TOTAL_ELAPSE>4 AND T... by saravana22 Explorer in Splunk Search 03-02-2022 0 3	0	3
How to display min and max in a timechart? hello I use this timechart index=tutu sourcetype=titi \| timechart span=15min dc(s) as "Uniq" Now i would like... by jip31 Motivator in Splunk Search 03-02-2022 0 10	0	10
Comparing fields of different events in the same log file Hello all,I'd like to compare events in the same log files, amusing the format of the events are the same. For exampl... by gaishi New Member in Splunk Search 03-02-2022 0 2	0	2
Tranpose the output result Hi There,I have got some results in after running the below commandmy search \| \| bucket _time span=1h\| stats count by... by bijodev1 Communicator in Splunk Search 03-02-2022 0 2	0	2
How to pass a user ID to a new query? I'm attempting to build a search around Okta authentication logs. I want to run a query to check for any Multi facto... by rip_leroi Explorer in Splunk Search 03-02-2022 0 1	0	1
how to search for event matching lookup table hi, i a total newbiei need to do a search in splunk matching the domain in my lookup table (master_lookup.csv)my tabl... by 7ryota Explorer in Splunk Search 03-02-2022 0 5	0	5
How to display a message when a specific host is not ingesting? My dilemma. index=prod_s3 sourcetype=My_Sourcetype earliest=-30m(host=2016) OR (host=2018) OR(host=2015) OR (host=20... by auzark Communicator in Splunk Search 03-02-2022 0 12	0	12
Why doesn't Web app search and REST API on Postman consistently return the same results? Hello, I have a search that runs in the web application interface (Splunk Enterprise). It returns results as and when... by Stuartb_ New Member in Splunk Search 03-01-2022 0 0	0	0
How to create a calculated field eval coalesce follow by case statement? I'm trying to create a calculated field (eval) that will coalesce a bunch of username fields, then perform match() an... by ejwade Contributor in Splunk Search 03-01-2022 0 0	0	0
Most efficient way to filter results matching a list of values in either of two(+) fields? Hello everyone. I'm trying to find the most efficient way to filter results for a list of values that may have a matc... by hackwerks Engager in Splunk Search 03-01-2022 1 3	1	3
How to compare the columns values against another column Hi Guys,I am having a query which would result as below,The above shows count by xyz for the user selected timerange.... by sangs8788 Communicator in Splunk Search 03-01-2022 0 5	0	5
How can I get the rate of a transaction which run in a specific way BackgroundIn my system, every visit consist of one or more transactions and every has its global serial number, which... by Jackiifilwhh Path Finder in Splunk Search 03-01-2022 0 7	0	7
How to put extracted REX values in single row in table while using transaction? I am performing theSplunk query on following result, The following field repeats 100 times with different values ran... by mrunalaghara Loves-to-Learn in Splunk Search 03-01-2022 0 8	0	8
Is it possible to create an alert only if a certain condition is not met? So I want to create an alert if one of our server is not connected, but the server disconnects automatically for ever... by santosh1 Explorer in Splunk Search 03-01-2022 0 2	0	2
How to get stats by hour and calculate percentage for each hour? Hi There, I am trying to get the an hourly stats for each status code and get the percentage for each hour per status... by bijodev1 Communicator in Splunk Search 03-01-2022 0 6	0	6
Can anyone explain what does these lookup statements mean ? \| lookup update=true SpamIntel_by_email_subject subject OUTPUT\| lookup update=true SpamIntel_by_email_subject_wildcar... by zacksoft_wf Contributor in Splunk Search 03-01-2022 0 5	0	5
Retrieve values from json file Hi,I need to filter my query for a specific field_value. The working query is as follow:index=_index (field_value="va... by sdhiaeddine Explorer in Splunk Search 03-01-2022 0 3	0	3
Why did request in search head fail to apply delete to some metadata? Hello dear colleagues, has anyone encountered this error, I checked search.log for inconsistent metadata. Help me dec... by gitingua Communicator in Splunk Search 03-01-2022 0 2	0	2
How to set up an alert that will show when someone other than those 3 are trying to log in? I have a small environment. I have 3 users that are allowed to login to a particular server. If I search: index=<in... by kbohlken Observer in Splunk Search 02-28-2022 0 3	0	3
How to link to search in query? Hi I have a panel with query below index=int_166167 env = SIT appName="GCR" message="Post Login*"\| bucket _time span... by sahana Engager in Splunk Search 02-28-2022 0 1	0	1
How to Extract JSON format as fields? Need to extract json file in fields { "AAA": { "modified_files": [ "\"b/C:\\\\/HEAD\"", "\"b/C:\\\\/dev\"", "\"b... by karthi2809 Builder in Splunk Search 02-28-2022 0 8	0	8
How to do a stats count by abc \| where count > 2? Hey there, I have a field let's say "abc" with values as such : 1,3,5,7,5,3,2,1,5,7,8,5,1,1,2,2,3,2,1,1,2,3,2,3 here ... by bijodev1 Communicator in Splunk Search 02-28-2022 0 4	0	4
Aligning Multivalue field from XML nodes with multiple attributes Hi, I'm trying to create a table as below:methodlatlonblue35781144960035red green yellow35781134960032I tried using... by RedHeron Engager in Splunk Search 02-28-2022 0 1	0	1
How to get rid of the the spaces in token output? Trying to run a query that has a token field. The output injects a space before and after the token provided keyword... by tlmayes Contributor in Splunk Search 02-28-2022 0 5	0	5