Splunk Search

Community Activity

	How to convert array of json in multiple split lines? Any help is greatly appreciated. How to convert the following json into a table? {<!-- -->"Summary":{<!-- -->"jobType":"jobA","summ... by felipesodre Path Finder in Splunk Search 02-28-2022 0 1	0	1
	How to group by without aggregation? Hi I'm trying to group items by a specific field, and get all the values returned (i.e. without aggregation). I have ... by BernardEAI Communicator in Splunk Search 02-28-2022 0 1	0	1
	How to string search for the empty value Dear professional, I have a search like this index="hcg_oapi_prod" relatedPersons And the search value is store in a... by lamnguyentt1 Explorer in Splunk Search 02-28-2022 0 2	0	2
	How to get the results of a report after the execution? I am running a very big report which is on 95% after 36 hours and I see that the results size is ~ 2GB and the result... by rayar Contributor in Splunk Search 02-26-2022 0 1	0	1
	How to merge two services from same index with common field? I wanted to join services (part of same index) with common field and show chosen fields from both searches.. Index=te... by arunakalla Explorer in Splunk Search 02-26-2022 0 15	0	15
	What is the best way to match arbitrary fields in inputlookup With events, I can do \| search index=foo bar This will match any event containing the string "bar" rega... by yuanliu SplunkTrust in Splunk Search 02-26-2022 0 4	0	4
	How to convert Table of 16X1 to table 4X4? I have a table of applications like this, How can I display the table like in below image, by thatsabhijeet Explorer in Splunk Search 02-26-2022 0 1	0	1
	Help with CSS partially not working I am trying to hide RED, GREEN and YELLOW, but the xml css is not working for me. <form> <row> <panel> <html> <style>... by thatsabhijeet Explorer in Splunk Search 02-26-2022 0 4	0	4
	What is the performance impact of custom command using python? Will custom command created using python reduce search performance For example, If i try to write alternate script fo... by sivaranjiniG Communicator in Splunk Search 02-26-2022 0 0	0	0
	Error in timestamp at earliest- How can I fix this? i am getting error for this index=_internal earliest="26/02/2022:00:00:00" latest=now() by Mohsin123 Path Finder in Splunk Search 02-25-2022 0 1	0	1
	How to pass through fields with complex data in search results? There is probably a simple solution to this, but unfortunately I was not able to find the answer in the documentation... by marekr New Member in Splunk Search 02-25-2022 0 0	0	0
	Join with earlier=true yields newer results Hello, I have the following issue. I have a Search A, that yields me the state of a device. I would like to supplemen... by blablabla Path Finder in Splunk Search 02-25-2022 0 2	0	2
	How to use Splunk for mathematical difference in stats? Hello,I would like to try using Splunk to calculate the difference in numbers from one sample to the next. Here is so... by chengka Explorer in Splunk Search 02-25-2022 0 4	0	4
	Summarizing postfix logs I'm not that bad in searching  but this case is a little over my head and I need some clever idea.I have postfix log... by PickleRick SplunkTrust in Splunk Search 02-25-2022 0 4	0	4
	How to use results from one search to create a timechart? I am in the process of creating a search to detect significant hard drive decreases. Using the results from my search... by Stefanie Builder in Splunk Search 02-25-2022 0 2	0	2
	Search that includes two following events, a call and then the response in the log How do I make a search that includes to events. The first event is a 'CALL' with parameters and the second event is t... by EspenLysvik Explorer in Splunk Search 02-25-2022 0 6	0	6
	How to search multiple dstIP traffic most efficiently Its a basic request however has been causing me grief: Easiest / most efficient way to find Destination IP (dstip) fo... by SimonM New Member in Splunk Search 02-25-2022 0 1	0	1
	How can I ignore additional data from a field Hi, I'm writing a splunk query to find emails with specific file types attachedI have the regex working which pulls t... by iMarko Engager in Splunk Search 02-25-2022 0 2	0	2
	How to check whether or not two different fields match? I'm trying something like this: my base search \| where data.value1 == data.value2 my base search \| where data.valu... by doesntmatter Observer in Splunk Search 02-24-2022 0 1	0	1
	How to get the data of indexers which is having more than 45 days old data? can i get the data of indexers which is having more than 45 days old data. by rajureddi121195 New Member in Splunk Search 02-24-2022 0 2	0	2
	How to highlight table cell based on two jobs runtime? Hi Team,I have multiple jobs runs daily . Showing the status of these jobs in table. Now, I want to highlight the cel... by avni26 Explorer in Splunk Search 02-24-2022 0 0	0	0
	How to parse JSON arrays together? Hello, I have the next following event : {<!-- --> [-] dimensionMap: { [+] } dimensions: [ [+] ] timestamps: [ ... by incognito Explorer in Splunk Search 02-24-2022 0 1	0	1
	field extraction name uuid sysfs size dm-st paths failures action path_faults vend prod revmpatha 360002ac000000000000010e30001c751 dm... by ranjithan Path Finder in Splunk Search 02-24-2022 0 3	0	3
	How to build baseline of login times? Dear Splunkers, we are trying to build a baseline of login events. We are using this example. The search is at the ... by ejacq New Member in Splunk Search 02-24-2022 0 0	0	0
	How to extract key value pair from string? Have a search result as GET https://…. \| Status: 403 \| Message: Forbidden \| Duration: 166 \| x-req-id: ssv5s-ssy67-78v... by Mofizul Loves-to-Learn Lots in Splunk Search 02-24-2022 0 5	0	5