Splunk Search

Community Activity

Help generating table I'm new to Splunk and trying to display table in the below format after reading data from json. Could someone help me... by Thulasiraman Explorer in Splunk Search 12-27-2024 0 11	0	11
Not coming values for message.backendCalls.responseCode field in below query When trying to fetch values using below query then its not showing result in statistics, Reason is i want to fetch me... by r_s01 Explorer in Splunk Search 12-25-2024 0 1	0	1
How do you parse two time formats in Splunk? The first time format is Fri Dec 21 11:17:30 2018 the other one is 2018-12-21T11:17:31.051061 I was wondering how... by bobojesus Engager in Splunk Search 12-23-2024 0 14	0	14
How to find empty indexes in Splunk Cloud? I'm trying to create an alert that looks through a given list of indexes and triggers an alert for each index showing... by StephenD1 Path Finder in Splunk Search 12-23-2024 0 8	0	8
Time comparison different results in search and dashboar Dear expertsWhy is the following line \| where my_time>=relative_time(now(),"-1d@d") AND my_time<=relative_time(now(),... by Ste Path Finder in Splunk Search 12-23-2024 0 6	0	6
How to compare events from two sourcetypes in the same index without using join I am trying to track file transfers from one location to another. Flow: Files are copied to File copy location -> Tar... by t_splunk_d Path Finder in Splunk Search 12-22-2024 0 4	0	4
How to generate a regular expression on a URL to capture a resource path and end on a optional parameter? Hi all, I am looking for some help for the following use case. I have a series of endpoints represented by full URL... by bcatwork Path Finder in Splunk Search 12-22-2024 0 6	0	6
How to write a search to find if a field contains a valid IPv4 or IPv6 address? Hi all, as a splunk newbie I'm not sure what direction to go with the following. Basically I have two Interesting fi... by hcastell Path Finder in Splunk Search 12-22-2024 0 5	0	5
How to extract ip address using regex? index="testd" \| rex field=_raw "Remote host:(?.*):" \|dedup Remotehost \|stats count by Remotehost My events: Remote... by karthi2809 Builder in Splunk Search 12-22-2024 0 4	0	4
Upgrade to 5.x, some of my existing searches are taking longer to return results. Not as many scheduled searches are running on time. Could fetch_remote_search_log setting be a factor? After upgrading to 5.x, I noticed that some of my searches are taking a longer time to return results than prior. Sea... by Ellen Splunk Employee in Splunk Search 12-22-2024 1 2	1	2
How to send hard coded message as an email from Splunk Hi Everyone,I need to send a hard coded message to the users just before every daylight savings of the year saying "D... by devsru Explorer in Splunk Search 12-21-2024 0 5	0	5
Concatenating values from one field How can we concatenate values from one field and put it in a new variable with commas.e.g If I run a search , I get n... by Sailesh6891 Engager in Splunk Search 12-20-2024 0 6	0	6
eval in stats with max Hi at all,I have a data structure like the following: title1 title2 title3 title4 value and I need to group by titl... by gcusello SplunkTrust in Splunk Search 12-20-2024 0 11	0	11
Account locked there is a user lets say ABC and I want to check why his AD account is locked . by SN1 Path Finder in Splunk Search 12-20-2024 0 6	0	6
timechart count and stats count are not matching I am using same index for both stats disctinctcount and timechart distinctcount. But the results from timechart is al... by anooshac Communicator in Splunk Search 12-20-2024 0 1	0	1
How to get time from two different sourcetypes I am trying to track file transfers from one location to another. Flow: Files are copied to File copy location -> Tar... by t_splunk_d Path Finder in Splunk Search 12-19-2024 0 8	0	8
get the values in each line Hi i have a below query where I'm calculating the total prod server count in first dataset and in second dataset I'm ... by secure Path Finder in Splunk Search 12-19-2024 0 1	0	1
Need help on Regex for a field Hello, I am just trying to do a regex to split a single field into two new fields.The original field is:alert.alias ... by tdavison76 Path Finder in Splunk Search 12-19-2024 0 4	0	4
Splunk table query I've piped a Splunk log query extract into a table showing disconnected and connected log entries sorted by time.NB r... by CCP_tech Loves-to-Learn Lots in Splunk Search 12-18-2024 0 8	0	8
Combine two table searches into 1 to compare the results, but one has an inputlookup for inventory and the other is sear I currently have 2 different tables where the first one shows the number of firewalls each location has (WorkDay_Loca... by brglaze New Member in Splunk Search 12-18-2024 0 1	0	1
want to add extra details to the number display Would anyone be able to help me on one more thing please !!! I have a Number display dashboard which represent the BG... by Ashish0405 Path Finder in Splunk Search 12-18-2024 0 6	0	6
Regex matching in a Splunk search query that involves a lookup table I have created a lookup table in Splunk that contains a column with various regex patterns intended to match file pat... by frankeke Loves-to-Learn in Splunk Search 12-17-2024 0 5	0	5
Want to ignore some fields Hi Team, In below query I don't want to show up the result as "Up" in state_to field, I just want to see data with d... by Ashish0405 Path Finder in Splunk Search 12-17-2024 0 10	0	10
Intermittent log data ingestion with Packetbeat JSON file Hello, I am experiencing intermittent log ingestion issues on some servers and have observed potential queue saturati... by s_s Observer in Splunk Search 12-17-2024 0 1	0	1
How to replace Join to search large data sets I've been working on a search that I finally managed to get working that would look for events generated by a provi... by dtaylor Path Finder in Splunk Search 12-17-2024 0 2	0	2