Splunk Search

Community Activity

How to Extract substring from Splunk String using regex I ave a field "hostname" in splunk logs which is available in my event as "host = server.region.ab1dc2.mydomain.... by user9025 Path Finder in Splunk Search 02-14-2022 0 5	0	5
Experiencing rex extract errors with random pattern Hi I have list of error codes that available here:https://www.ibm.com/docs/en/ibm-mq/9.1?topic=exceptions-jms-excepti... by indeed_2000 Motivator in Splunk Search 02-14-2022 0 3	0	3
How to make a Search NOT append results from previous row if record already exists ? Hi All,We have a saved search (snippet below) which populates a CSV lookup file. The search is scheduled to run dail... by neerajs_81 Builder in Splunk Search 02-14-2022 0 9	0	9
How to Populate data from one index to summary index? Can we populate the raw events from one index to summary index. If yes how can I do that can you please help me by kajalchopade071 Path Finder in Splunk Search 02-14-2022 0 2	0	2
Eval against a lookup Hello, I am new to Splunk and this is probably a basic query. I have a field with an email address and I want to chec... by Tika Explorer in Splunk Search 02-13-2022 0 4	0	4
How to delete duplicates from Lookup csv file ? Hello, We have a CSV Lookup file that is getting populated by a saved search. We are noticing there are lot of dupl... by neerajs_81 Builder in Splunk Search 02-13-2022 2 2	2	2
Convert Epoch Time to Human Readable Date formatting issue I have following Splunk Query which is trying to format Epoch captured start and end time into human readable format ... by daivish Explorer in Splunk Search 02-13-2022 0 5	0	5
How to delete repeated rows and only keep the values that have a reason? Hello, I need your help please, it happens that I have this table where when the technician enters the reason for its... by crmarley20 Explorer in Splunk Search 02-13-2022 0 4	0	4
Why do we use this is in the search ? Hello,Here's my search: index="blah" sourcetype="blah" severity="" dis_name IN ("") "*" AND NOT 1=0 \| rest of the q... by innoce Path Finder in Splunk Search 02-12-2022 0 3	0	3
Using regex syntax to trim timestamp Using regex, what is the syntax, to trim a timestamp formatted like 2022-01-06 01:51:23 UTC so that it only reflects ... by bjs Engager in Splunk Search 02-12-2022 0 4	0	4
How to subtract one week from the current week in a report name? Hello everybody, I have a report that is generated every week. I want to name the title of the report with the previo... by VeloCiraptor Observer in Splunk Search 02-12-2022 0 3	0	3
How to create the table based on the specific time from latest(_time)? I was trying to get the latest time from index=index1 sourcetype=source1 Below is the string: \| tstats latest(_time)... by Splunker4 Observer in Splunk Search 02-12-2022 0 2	0	2
Help finding new solution when the lookup file contains strings and regular expressions Hello guys!! I have a question about the lookup command when the lookup file contains strings and regular expressions... by tehong Explorer in Splunk Search 02-12-2022 0 3	0	3
While using splunk Rest api getting 404 error in authentication to do Splunk search with the help of API I am getting 404 error while doing this callresponse = self.session.get(self... by test_accenture Loves-to-Learn in Splunk Search 02-12-2022 0 6	0	6
How to export a result with stats count of err_msg by Node and model? I have 3 different sourcetype like Result , Node and error under same index. Result has id , model Node has address, ... by idofwasim Explorer in Splunk Search 02-12-2022 0 7	0	7
How to remove repeated values from my search? My Query is index=windows Type=Disk host IN (abc) FileSystem="" DriveType="" Name="*" \| dedup host, Name \| table _... by ranjithan Path Finder in Splunk Search 02-11-2022 0 2	0	2
How to Identify the events based on condition on other events Hello Splunk Experts: From a system, we receive following events in splunk. I would like to get the event which doesn... by rangarbus Path Finder in Splunk Search 02-11-2022 0 1	0	1
How can I retrieve count or distinct count of some field values using stats function I have a table in this form (fields and values): USERID USERNAME CLIENT_A_ID CLIENT_B_ID 11 T... by phaniraj Explorer in Splunk Search 02-11-2022 7 5	7	5
How to remove duplicate values in a column of table My Query is index=windows Type=Disk host IN (abc) FileSystem="" DriveType="" Name="*" \| dedup host, Name \| table... by priya1926 Path Finder in Splunk Search 02-11-2022 0 10	0	10
How to timechart on a single set of logs each 24 hour period into Splunk? Hi there- I have a simple dashboard that allows me to see growth around the number of Live / Archived accounts we man... by daryllj Path Finder in Splunk Search 02-11-2022 0 6	0	6
How to incorporate a Lookup in search? Hi all, I am struggling a bit with incorporating a lookup into my searches. I have a lookup file that is a single co... by tkerr1357 Path Finder in Splunk Search 02-11-2022 0 3	0	3
How to display percent in a stacked bar chart? hi I try to display percent in my bar chart like this but it doesnt works \| chart count as total over sig_applicati... by jip31 Motivator in Splunk Search 02-11-2022 0 8	0	8
Why is Timechart creating empty buckets when using foreach earlier in search? I need to filter different error values for a range of different instruments. To do this, I have created a macro and ... by andrewermundsen Engager in Splunk Search 02-11-2022 0 1	0	1
How to properly extract into individual fields with a complicated nested json array Warning: Long, detailed explanation ahead.  Summary version is that I have a nested json arrays and fields that I... by randy_moore Path Finder in Splunk Search 02-11-2022 1 3	1	3
How to format this search? In the query _time is already formatted. But when i try to export the data in csv its showing different formats. ... by ranjithan Path Finder in Splunk Search 02-11-2022 0 2	0	2