Splunk Search

Community Activity

How to create sleep time of Windows PC calculation into timechart? Hi, I am using following search into Windows EventViewer System logs that I extracted for testing: index="503461" h... by skovachev Explorer in Splunk Search 02-15-2022 0 4	0	4
Why can I not select a Security Domain in Notable Response Action? Hi All,I'm having some troubles setting up a response action for my correlation search.Here are the steps I have take... by danharvey Explorer in Splunk Search 02-15-2022 0 2	0	2
How to append tp99 and tp90 in the existing query? Hello Splunk community. I have a query that is running currently as shown below: index=myIndex* api.metaData.pid="m... by VikhyathMaiya Explorer in Splunk Search 02-15-2022 0 0	0	0
How to extract value from raw events? Hi, I have different log types like: <SQL > <TID: 0000000050> <RPC ID: 0002424958> <Queue: List > <Client-RPC: 390620... by marco_massari11 Communicator in Splunk Search 02-15-2022 0 2	0	2
How to append a inputlookup table with a main table, in a desired order. I am looking for one requirement, can anyone please help us.i want to append a inputlookup table to my main table wit... by vinod743374 Communicator in Splunk Search 02-15-2022 0 8	0	8
How to search a Line Graph to show monthly trends Hi, I am new to Splunk and struggling to create Line Graphs. I have a query which display a count for the month: ... by Yy4pb Explorer in Splunk Search 02-15-2022 0 3	0	3
How to use a csv as a mapping for a table without the use of join Hi, I have a search that produce the following table Organization\|Amount\|AcquirerBank Or_A \|2000 \|1234 Or_A ... by phamxuantung Communicator in Splunk Search 02-15-2022 0 4	0	4
How to merge value from multiple fields into a single field (Field = Value format)? Hi. I want to merge data from multiple fields into a single field. If you have a table like the following fieldA, fi... by tehong Explorer in Splunk Search 02-15-2022 0 2	0	2
How to compute next cron iteration from _raw event? Hi, I have a last run epoch time and a cron schedule (i.e. : "/5 * * *") in an _raw event and I'd like to parse th... by cdaviet Explorer in Splunk Search 02-14-2022 0 6	0	6
How can I calculate stats of a chart list? I have the following query : ... \| chart list(time) by request actor Where time it returns the time for each actor ... by yk010123 Path Finder in Splunk Search 02-14-2022 0 1	0	1
How to create single row from multiple results? Hi team, I have the following table with results IDprocessing timeactor12320actor112330actor212340actor3 And I'd li... by yk010123 Path Finder in Splunk Search 02-14-2022 0 6	0	6
How to build a query to get the count of opened and resolved incidents every hour in a day? Hi, I'm trying to build a query to get the count of opened and resolved incidents every hour in a day but the numbers... by akriti Explorer in Splunk Search 02-14-2022 0 5	0	5
Need help understanding Appending to Lookup file Hi All,I have the below search. I am being told it appends results to a lookup table called user_ids. index=ad ... by neerajs_81 Builder in Splunk Search 02-14-2022 0 3	0	3
How to Extract substring from Splunk String using regex I ave a field "hostname" in splunk logs which is available in my event as "host = server.region.ab1dc2.mydomain.... by user9025 Path Finder in Splunk Search 02-14-2022 0 5	0	5
Experiencing rex extract errors with random pattern Hi I have list of error codes that available here:https://www.ibm.com/docs/en/ibm-mq/9.1?topic=exceptions-jms-excepti... by indeed_2000 Motivator in Splunk Search 02-14-2022 0 3	0	3
How to make a Search NOT append results from previous row if record already exists ? Hi All,We have a saved search (snippet below) which populates a CSV lookup file. The search is scheduled to run dail... by neerajs_81 Builder in Splunk Search 02-14-2022 0 9	0	9
How to Populate data from one index to summary index? Can we populate the raw events from one index to summary index. If yes how can I do that can you please help me by kajalchopade071 Path Finder in Splunk Search 02-14-2022 0 2	0	2
Eval against a lookup Hello, I am new to Splunk and this is probably a basic query. I have a field with an email address and I want to chec... by Tika Explorer in Splunk Search 02-13-2022 0 4	0	4
How to delete duplicates from Lookup csv file ? Hello, We have a CSV Lookup file that is getting populated by a saved search. We are noticing there are lot of dupl... by neerajs_81 Builder in Splunk Search 02-13-2022 1 2	1	2
Convert Epoch Time to Human Readable Date formatting issue I have following Splunk Query which is trying to format Epoch captured start and end time into human readable format ... by daivish Explorer in Splunk Search 02-13-2022 0 5	0	5
Why Long running searches, with time spent in ReducePhaseExecutor and PreviewExecutor Hi guys I have an installation on Splunk 8.1.2 where we have XmlWinEventLog data ingested. When we run this search:... by agneticdk Path Finder in Splunk Search 02-13-2022 1 3	1	3
How to delete repeated rows and only keep the values that have a reason? Hello, I need your help please, it happens that I have this table where when the technician enters the reason for its... by crmarley20 Explorer in Splunk Search 02-13-2022 0 4	0	4
Why do we use this is in the search ? Hello,Here's my search: index="blah" sourcetype="blah" severity="" dis_name IN ("") "*" AND NOT 1=0 \| rest of the q... by innoce Path Finder in Splunk Search 02-12-2022 0 3	0	3
Using regex syntax to trim timestamp Using regex, what is the syntax, to trim a timestamp formatted like 2022-01-06 01:51:23 UTC so that it only reflects ... by bjs Engager in Splunk Search 02-12-2022 0 4	0	4
How to subtract one week from the current week in a report name? Hello everybody, I have a report that is generated every week. I want to name the title of the report with the previo... by VeloCiraptor Observer in Splunk Search 02-12-2022 0 3	0	3