Splunk Search

Community Activity

Using Time Range with Bin SplunkersI'm trying to detect when a user fails GT 5 times in time range of one hour for last 24h, and i have the spl... by CyberWolf Path Finder in Splunk Search 12-30-2024 0 2	0	2
HI Team , i want to extract 8.9 value from this string " service error rate 50x 8.976851851851853". can you please help " service error rate 50x 8.976851851851853"field = " service error rate 50x 8.976851851851853"need to extract 8.9 val... by Hemant_h Engager in Splunk Search 12-30-2024 0 1	0	1
How to ignore minor breakers when searching for a term? I've been attempting to see if it's possible to search for a term while ignoring all minor breakers that may or may n... by dtaylor Path Finder in Splunk Search 12-29-2024 0 5	0	5
Filter out all elements of a list which match the first element I'm a bit stumped on this problem. Before I jump into the issue, there's a couple of restrictions:I'm working in an e... by BG_Splunk Explorer in Splunk Search 12-28-2024 0 5	0	5
Help generating table I'm new to Splunk and trying to display table in the below format after reading data from json. Could someone help me... by Thulasiraman Explorer in Splunk Search 12-27-2024 0 11	0	11
Not coming values for message.backendCalls.responseCode field in below query When trying to fetch values using below query then its not showing result in statistics, Reason is i want to fetch me... by r_s01 Explorer in Splunk Search 12-25-2024 0 1	0	1
How do you parse two time formats in Splunk? The first time format is Fri Dec 21 11:17:30 2018 the other one is 2018-12-21T11:17:31.051061 I was wondering how... by bobojesus Engager in Splunk Search 12-23-2024 0 14	0	14
How to find empty indexes in Splunk Cloud? I'm trying to create an alert that looks through a given list of indexes and triggers an alert for each index showing... by StephenD1 Path Finder in Splunk Search 12-23-2024 0 8	0	8
Time comparison different results in search and dashboar Dear expertsWhy is the following line \| where my_time>=relative_time(now(),"-1d@d") AND my_time<=relative_time(now(),... by Ste Path Finder in Splunk Search 12-23-2024 0 6	0	6
How to compare events from two sourcetypes in the same index without using join I am trying to track file transfers from one location to another. Flow: Files are copied to File copy location -> Tar... by t_splunk_d Path Finder in Splunk Search 12-22-2024 0 4	0	4
How to generate a regular expression on a URL to capture a resource path and end on a optional parameter? Hi all, I am looking for some help for the following use case. I have a series of endpoints represented by full URL... by bcatwork Path Finder in Splunk Search 12-22-2024 0 6	0	6
How to write a search to find if a field contains a valid IPv4 or IPv6 address? Hi all, as a splunk newbie I'm not sure what direction to go with the following. Basically I have two Interesting fi... by hcastell Path Finder in Splunk Search 12-22-2024 0 5	0	5
How to extract ip address using regex? index="testd" \| rex field=_raw "Remote host:(?.*):" \|dedup Remotehost \|stats count by Remotehost My events: Remote... by karthi2809 Builder in Splunk Search 12-22-2024 0 4	0	4
Upgrade to 5.x, some of my existing searches are taking longer to return results. Not as many scheduled searches are running on time. Could fetch_remote_search_log setting be a factor? After upgrading to 5.x, I noticed that some of my searches are taking a longer time to return results than prior. Sea... by Ellen Splunk Employee in Splunk Search 12-22-2024 1 2	1	2
How to send hard coded message as an email from Splunk Hi Everyone,I need to send a hard coded message to the users just before every daylight savings of the year saying "D... by devsru Explorer in Splunk Search 12-21-2024 0 5	0	5
Concatenating values from one field How can we concatenate values from one field and put it in a new variable with commas.e.g If I run a search , I get n... by Sailesh6891 Engager in Splunk Search 12-20-2024 0 6	0	6
eval in stats with max Hi at all,I have a data structure like the following: title1 title2 title3 title4 value and I need to group by titl... by gcusello SplunkTrust in Splunk Search 12-20-2024 0 11	0	11
Account locked there is a user lets say ABC and I want to check why his AD account is locked . by SN1 Path Finder in Splunk Search 12-20-2024 0 6	0	6
timechart count and stats count are not matching I am using same index for both stats disctinctcount and timechart distinctcount. But the results from timechart is al... by anooshac Communicator in Splunk Search 12-20-2024 0 1	0	1
How to get time from two different sourcetypes I am trying to track file transfers from one location to another. Flow: Files are copied to File copy location -> Tar... by t_splunk_d Path Finder in Splunk Search 12-19-2024 0 8	0	8
get the values in each line Hi i have a below query where I'm calculating the total prod server count in first dataset and in second dataset I'm ... by secure Path Finder in Splunk Search 12-19-2024 0 1	0	1
Need help on Regex for a field Hello, I am just trying to do a regex to split a single field into two new fields.The original field is:alert.alias ... by tdavison76 Path Finder in Splunk Search 12-19-2024 0 4	0	4
Splunk table query I've piped a Splunk log query extract into a table showing disconnected and connected log entries sorted by time.NB r... by CCP_tech Loves-to-Learn Lots in Splunk Search 12-18-2024 0 8	0	8
Combine two table searches into 1 to compare the results, but one has an inputlookup for inventory and the other is sear I currently have 2 different tables where the first one shows the number of firewalls each location has (WorkDay_Loca... by brglaze New Member in Splunk Search 12-18-2024 0 1	0	1
want to add extra details to the number display Would anyone be able to help me on one more thing please !!! I have a Number display dashboard which represent the BG... by Ashish0405 Path Finder in Splunk Search 12-18-2024 0 6	0	6