Splunk Search

Community Activity

	How can I get _time in stats command displays in Epoch when count is greater than 1? Hello, The below search displays _time in human readable format when count of the results =1 but in EPOCH format w... by neerajs_81 Builder in Splunk Search 02-16-2022 0 8	0	8
	Where to find some already created Splunk use cases for github webhook logs? Does anyone know where I can find some already created Splunk use cases for github webhook logs? I am having a really... by icehack Observer in Splunk Search 02-16-2022 0 0	0	0
	Can these searches be combined? I have two sets of IIS data (two sourcetypes) in a single index. One sourcetype logs web service requests, the other ... by mv10 Path Finder in Splunk Search 02-16-2022 0 7	0	7
	How to convert seconds to days? This search: index=perfstats host=hostname \| chart max(System_Up_Time) as "System Uptime" by host Outputs a value suc... by mark_chuman Path Finder in Splunk Search 02-16-2022 0 10	0	10
	How to auto increment/decrement a value based on character position? Hi Everyone,So the goal here is to auto increment / decrement a value based on the position of character present in a... by bijodev1 Communicator in Splunk Search 02-16-2022 0 5	0	5
	Having trouble reading complexed nested Json Hi, struggling trying to count objects in a big json doc. I'm on version 8.0.5, so function json_keys is not availabl... by chrisboy68 Contributor in Splunk Search 02-16-2022 0 8	0	8
	How to chart data by month with sorting order? I am running into an issue when I am trying to get a chart to populate with the data as I am expecting. I am running ... by jeffbat Path Finder in Splunk Search 02-16-2022 0 6	0	6
	Help masking data and regex? Hi All, Can someone please help me in masking data and regex? currently, we have an event where I need to mask certa... by kc_prane Communicator in Splunk Search 02-16-2022 0 4	0	4
	How can you make data to come in different rows using mvzip? Hi all, I have a query which gives this kind of table. Name Date Status Task S... by anooshac Communicator in Splunk Search 02-16-2022 0 18	0	18
	How can I make the new field have less rows? Here is the original log file: Host availabilty Hashmap is {<!-- -->HKL20167984SIT_13_8225=true, HKL20167984SIT_7_82FB=true, ... by Jennifer Path Finder in Splunk Search 02-16-2022 0 15	0	15
	How to extract values from a CSV lookup based on date? Hello, I am looking for some guidance please with regards to a CSV input I have that is automatically updated daily a... by JudgeLaw Engager in Splunk Search 02-16-2022 0 3	0	3
	How to do field extraction with regex? My events are in json format.The json path where my data is , is here "alert.smtp-message.smtp-header"And with in "... by zacksoft_wf Contributor in Splunk Search 02-16-2022 0 3	0	3
	How could I make this pattern "a=b" from log files into 'a' as the key and 'b' as the value? Hi, all! How could I make this pattern "HKL20167991SIT_7_8299=true" from my log files into 'XXXX'(the last four digit... by Jennifer Path Finder in Splunk Search 02-16-2022 0 4	0	4
	How to save multiple values after multiple evaluation? Hello Splunkers,for a project I'm working on, I would need to store different IDs in a variable after evaluating them... by Gian89 Explorer in Splunk Search 02-16-2022 0 2	0	2
	How to query to out the configurations for any particular app or index using Splunk web UI? Hi All, Is there any search query to find out the configurations for any particular app or index using splunk web UI? by blbr123 Path Finder in Splunk Search 02-16-2022 0 2	0	2
	How to regex match? Hi, This is a raw log Job=[IN-SNMMIS-DLY]], I am trying to build regex just the words " IN-SNMMIS-DLY]" and ign... by kc_prane Communicator in Splunk Search 02-15-2022 0 4	0	4
	How to create sleep time of Windows PC calculation into timechart? Hi, I am using following search into Windows EventViewer System logs that I extracted for testing: index="503461" h... by skovachev Explorer in Splunk Search 02-15-2022 0 4	0	4
	Why can I not select a Security Domain in Notable Response Action? Hi All,I'm having some troubles setting up a response action for my correlation search.Here are the steps I have take... by danharvey Explorer in Splunk Search 02-15-2022 0 2	0	2
	How to append tp99 and tp90 in the existing query? Hello Splunk community. I have a query that is running currently as shown below: index=myIndex* api.metaData.pid="m... by VikhyathMaiya Explorer in Splunk Search 02-15-2022 0 0	0	0
	How to extract value from raw events? Hi, I have different log types like: <SQL > <TID: 0000000050> <RPC ID: 0002424958> <Queue: List > <Client-RPC: 390620... by marco_massari11 Communicator in Splunk Search 02-15-2022 0 2	0	2
	How to append a inputlookup table with a main table, in a desired order. I am looking for one requirement, can anyone please help us.i want to append a inputlookup table to my main table wit... by vinod743374 Communicator in Splunk Search 02-15-2022 0 8	0	8
	How to search a Line Graph to show monthly trends Hi, I am new to Splunk and struggling to create Line Graphs. I have a query which display a count for the month: ... by Yy4pb Explorer in Splunk Search 02-15-2022 0 3	0	3
	How to use a csv as a mapping for a table without the use of join Hi, I have a search that produce the following table Organization\|Amount\|AcquirerBank Or_A \|2000 \|1234 Or_A ... by phamxuantung Communicator in Splunk Search 02-15-2022 0 4	0	4
	How to merge value from multiple fields into a single field (Field = Value format)? Hi. I want to merge data from multiple fields into a single field. If you have a table like the following fieldA, fi... by tehong Explorer in Splunk Search 02-15-2022 0 2	0	2
	How to compute next cron iteration from _raw event? Hi, I have a last run epoch time and a cron schedule (i.e. : "/5 * * *") in an _raw event and I'd like to parse th... by cdaviet Explorer in Splunk Search 02-14-2022 0 6	0	6