Splunk Search

Community Activity

	What is the performance impact of custom command using python? Will custom command created using python reduce search performance For example, If i try to write alternate script fo... by sivaranjiniG Communicator in Splunk Search 02-26-2022 0 0	0	0
	Error in timestamp at earliest- How can I fix this? i am getting error for this index=_internal earliest="26/02/2022:00:00:00" latest=now() by Mohsin123 Path Finder in Splunk Search 02-25-2022 0 1	0	1
	How to pass through fields with complex data in search results? There is probably a simple solution to this, but unfortunately I was not able to find the answer in the documentation... by marekr New Member in Splunk Search 02-25-2022 0 0	0	0
	Join with earlier=true yields newer results Hello, I have the following issue. I have a Search A, that yields me the state of a device. I would like to supplemen... by blablabla Path Finder in Splunk Search 02-25-2022 0 2	0	2
	How to use Splunk for mathematical difference in stats? Hello,I would like to try using Splunk to calculate the difference in numbers from one sample to the next. Here is so... by chengka Explorer in Splunk Search 02-25-2022 0 4	0	4
	Summarizing postfix logs I'm not that bad in searching  but this case is a little over my head and I need some clever idea.I have postfix log... by PickleRick SplunkTrust in Splunk Search 02-25-2022 0 4	0	4
	How to use results from one search to create a timechart? I am in the process of creating a search to detect significant hard drive decreases. Using the results from my search... by Stefanie Builder in Splunk Search 02-25-2022 0 2	0	2
	Search that includes two following events, a call and then the response in the log How do I make a search that includes to events. The first event is a 'CALL' with parameters and the second event is t... by EspenLysvik Explorer in Splunk Search 02-25-2022 0 6	0	6
	How to search multiple dstIP traffic most efficiently Its a basic request however has been causing me grief: Easiest / most efficient way to find Destination IP (dstip) fo... by SimonM New Member in Splunk Search 02-25-2022 0 1	0	1
	How can I ignore additional data from a field Hi, I'm writing a splunk query to find emails with specific file types attachedI have the regex working which pulls t... by iMarko Engager in Splunk Search 02-25-2022 0 2	0	2
	How to check whether or not two different fields match? I'm trying something like this: my base search \| where data.value1 == data.value2 my base search \| where data.valu... by doesntmatter Observer in Splunk Search 02-24-2022 0 1	0	1
	How to get the data of indexers which is having more than 45 days old data? can i get the data of indexers which is having more than 45 days old data. by rajureddi121195 New Member in Splunk Search 02-24-2022 0 2	0	2
	How to highlight table cell based on two jobs runtime? Hi Team,I have multiple jobs runs daily . Showing the status of these jobs in table. Now, I want to highlight the cel... by avni26 Explorer in Splunk Search 02-24-2022 0 0	0	0
	How to parse JSON arrays together? Hello, I have the next following event : {<!-- --> [-] dimensionMap: { [+] } dimensions: [ [+] ] timestamps: [ ... by incognito Explorer in Splunk Search 02-24-2022 0 1	0	1
	field extraction name uuid sysfs size dm-st paths failures action path_faults vend prod revmpatha 360002ac000000000000010e30001c751 dm... by ranjithan Path Finder in Splunk Search 02-24-2022 0 3	0	3
	How to build baseline of login times? Dear Splunkers, we are trying to build a baseline of login events. We are using this example. The search is at the ... by ejacq New Member in Splunk Search 02-24-2022 0 0	0	0
	How to extract key value pair from string? Have a search result as GET https://…. \| Status: 403 \| Message: Forbidden \| Duration: 166 \| x-req-id: ssv5s-ssy67-78v... by Mofizul Loves-to-Learn Lots in Splunk Search 02-24-2022 0 5	0	5
	How can I compare values within 1 field and group them Hi,I'm new to Splunk and I was trying to compare values in the same field and group them subsequently.The events had ... by skyblue123 Engager in Splunk Search 02-24-2022 0 4	0	4
	How do I find common values in result of two queries on same source and field? I have two queries: 1. index=A sourcetype=B "ERROR_A" \| rex field=_raw "loginid (?<login_id>\d+) ::" \| deduploginid ... by user9025 Path Finder in Splunk Search 02-23-2022 0 4	0	4
	How do I extract a particular text from url/api endpoint using regex? Hi all,So, I have this URL/API endpoint as http://xml.app.com/pay/ent/auth/service/getId and I want to extract getId ... by ashinde3 Engager in Splunk Search 02-23-2022 0 2	0	2
	How to write a query which take all this values and search for results in different sourcetype=source2? index=instance1 sourcetype=source1 "Invalid-Access" \| fields reqId \| table reqId The above query gives me a table... by Mofizul Loves-to-Learn Lots in Splunk Search 02-23-2022 0 4	0	4
	How to create a search to show any amount of traffic (even if 0) passing through a list of subnets ? As the title says, I have a list of subnets and I would like to create a search which would show traffic (using Palo ... by dm1 Contributor in Splunk Search 02-23-2022 0 1	0	1
	How to use REX in a search called via REST API? In my first post, I need to search Splunk using the REST API. How do I get the system to actually return me some resu... by Stuartb_ New Member in Splunk Search 02-23-2022 0 1	0	1
	How to set an alert to fire based on lookup table value? Hi, struggling why I can't seem to get this working. I want to have an alert evaluate to true (trigger) based on if i... by chrisboy68 Contributor in Splunk Search 02-23-2022 0 1	0	1
	How to fetch the second last word of a sentence with the Splunk regex? My query is: Mozilla/5.0 (X11; Linux x86_64; Catchpoint) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.88... by riginoommen Explorer in Splunk Search 02-23-2022 0 7	0	7