Splunk Search

Community Activity

How to remove duplicate values in a column of table My Query is index=windows Type=Disk host IN (abc) FileSystem="" DriveType="" Name="*" \| dedup host, Name \| table... by priya1926 Path Finder in Splunk Search 02-11-2022 0 10	0	10
How to timechart on a single set of logs each 24 hour period into Splunk? Hi there- I have a simple dashboard that allows me to see growth around the number of Live / Archived accounts we man... by daryllj Path Finder in Splunk Search 02-11-2022 0 6	0	6
How to incorporate a Lookup in search? Hi all, I am struggling a bit with incorporating a lookup into my searches. I have a lookup file that is a single co... by tkerr1357 Path Finder in Splunk Search 02-11-2022 0 3	0	3
How to display percent in a stacked bar chart? hi I try to display percent in my bar chart like this but it doesnt works \| chart count as total over sig_applicati... by jip31 Motivator in Splunk Search 02-11-2022 0 8	0	8
Why is Timechart creating empty buckets when using foreach earlier in search? I need to filter different error values for a range of different instruments. To do this, I have created a macro and ... by andrewermundsen Engager in Splunk Search 02-11-2022 0 1	0	1
How to properly extract into individual fields with a complicated nested json array Warning: Long, detailed explanation ahead.  Summary version is that I have a nested json arrays and fields that I... by randy_moore Path Finder in Splunk Search 02-11-2022 1 3	1	3
How to format this search? In the query _time is already formatted. But when i try to export the data in csv its showing different formats. ... by ranjithan Path Finder in Splunk Search 02-11-2022 0 2	0	2
How to split nested json objects? I have JSON that is really an array of values but has been encoded as objects, something like this { "metrics": ... by jcw1407 Engager in Splunk Search 02-11-2022 0 1	0	1
Split block of data into multiple rows Hello everyoneI'm trying to get a list of ip addresses from an internet page and put them after that into a lookup ta... by g_paternicola Path Finder in Splunk Search 02-11-2022 0 2	0	2
What is the best way to trim a Timestamp? What is the best way to trim a timestamp formatted like 2022-01-06 01:51:23 UTC so that it only reflects the date and... by bjs Engager in Splunk Search 02-10-2022 0 4	0	4
Help with syntax to search across all bins Howdy, I'm trying to come up with a query that charts the most occurring x_forwarded_for and respective count in each... by tcouture37 Explorer in Splunk Search 02-10-2022 0 9	0	9
How to search with times from another search? Hi. I've got a search looking for times and dates with "index=main host=web1 "/blarg=foo"\| table _time" how can I use... by nkuriger New Member in Splunk Search 02-10-2022 0 1	0	1
Transaction where one field changes over time? I have data as follows: time=1 msgid=1 event=new_msg time=2 msgid=1 delivery=1 event=start_delivery time=3 delivery=1... by mpdude Explorer in Splunk Search 02-10-2022 0 3	0	3
Splunk Add-on for Microsoft Windows - Remote Active Directory domain Hi. So I'm reading about this Add-on and the instructions seem to be pretty straightforward about getting the Add-on ... by BrendanCO Path Finder in Splunk Search 02-10-2022 0 4	0	4
No search results from Windows Servers (DC and EXCH)- what to do next? I recently inherited a newly configured Splunk Enterprise 8 environment after the former admin left. I have a basic u... by MBIT2022 Explorer in Splunk Search 02-10-2022 0 22	0	22
How to extract a field from two slightly different formatted events? Hi all, I'm trying to do a field extraction of database name (let's call the field "DBname") from logs that come in 2... by stefi_bozova Engager in Splunk Search 02-10-2022 1 3	1	3
How to extract a field value using Regex with Field Extractor Hi I am trying to use Regex with the Field Extractor to extract the value of a particular field in a given piece of t... by ezmo1982 Path Finder in Splunk Search 02-10-2022 0 4	0	4
Get Pattern or punct at search time for one specific field Does Splunk have any spl command like punct? The default punct field will get patterns on the _raw field. Is there an... by AnilPujar Path Finder in Splunk Search 02-10-2022 0 1	0	1
How to check for search string/data present in csv lookuptable and result present or not I am looking for something like this as belowI have a seach string = rubiand want to check this string presence in a ... by akshayinnamuri Loves-to-Learn Lots in Splunk Search 02-10-2022 0 1	0	1
compare data that not include in lookup file Dear All, Need your helpI have case to compare transaction data with lookup file, for example i have lookup file acc... by rahmatn Path Finder in Splunk Search 02-10-2022 0 4	0	4
Is it possible if a non matching domain is emailing us, it should display in a dashboard? Hi I am trying to explore more ways to check if business email compromise is being happening in our organization, jus... by tonyxavierj Engager in Splunk Search 02-10-2022 0 10	0	10
Compare two events with multiple key value pairs I have two events that are semi-colon separated key value pairs. I have applied the extract command to parse the even... by rizwan0683 Path Finder in Splunk Search 02-10-2022 0 9	0	9
How to hide the table rows base on the string match Hi ,I need a help in solving one of the issue, I have a table which is Shown below,I just want to hide the rows with ... by vinod743374 Communicator in Splunk Search 02-10-2022 0 1	0	1
How to eliminate duplicate rows before transaction command? How to eliminate duplicate rows before transaction command. Because of which I am getting wrong calculation.eg scenar... by priya1926 Path Finder in Splunk Search 02-10-2022 0 15	0	15
How to search Indexes with count = 0 Dear Team, I just want to use the simple search below to see which indexes are having zero count that day/week/whiche... by jto13 Explorer in Splunk Search 02-10-2022 0 1	0	1