Splunk Search

Community Activity

Is there a way to surface when auto-finalize has halted a panel's query in a dashboard? I have a dashboard and some queries in the panels are taking longer than the allowed 60 seconds to complete. They ar... by lmonahan Path Finder in Splunk Search 02-04-2022 0 2	0	2
Regex Extraction How do i extract everything after the 3rd / from the left in:WinNT://PSAD/johndoeThe output should be "johndoe"Thanks... by mdeterville Path Finder in Splunk Search 02-04-2022 0 1	0	1
How to group similar domain/URL patterns? I would like to group URL fields and get a total count. When I do this: index=example source=example_example dest=... by ail321 Engager in Splunk Search 02-04-2022 0 4	0	4
SPL query How to combine the events from 2 different indexes and display the results in a table, when there are no matching fie... by manjunath_n Engager in Splunk Search 02-04-2022 0 5	0	5
Blacklisting Splunk Forwarder new process starts Good Morning,I've followed guides/forums and steps on this site but still cant get my blacklists to work at all. The ... by ned692000 Engager in Splunk Search 02-04-2022 0 5	0	5
How to extract a filed which is in 4th line in log \| Field Extraction I a trying to Extract the exception Name which is at the 4th line in log generated as below -<CS-1>2022-02-03T14:58:2... by ksidkumar New Member in Splunk Search 02-04-2022 0 4	0	4
Trying to find host that send logs over the last 7 days Hi, i am trying to search for host that are sending logs over the last 7 days. Anything more than 7 days i will like... by johnlzy0408 Loves-to-Learn Everything in Splunk Search 02-03-2022 0 1	0	1
Trying to exclude a specific value from an extracted field Hello all, I am trying to exclude an specific value within a field while retaining others. Can you please let me know... by srinivas_gowda Path Finder in Splunk Search 02-03-2022 0 2	0	2
How to change a specific value of a field in my events to another value in a search? i have these events: status \| host \| comments \| ticket_number ... inprogress ... by fdi01 Motivator in Splunk Search 02-03-2022 2 6	2	6
How to Regex match literal \U in directory path I am trying to match a directory path including the string "\Users" but Splunk is throwing an error: \| rex field=Targ... by frbuser Path Finder in Splunk Search 02-03-2022 0 6	0	6
Chart timing of several events I have an automated script that creates a log file that marks the beginning and end of specific events during a web p... by BradenFTL Explorer in Splunk Search 02-03-2022 0 6	0	6
How can i search 1 host at a time when index hits a number of hosts. I have an index which searches across 10 hosts. I am comparing 2 strings and evaluating the results to see if there i... by HelloItsMe76 Explorer in Splunk Search 02-03-2022 0 4	0	4
query to consider having an event if its available in any specific weekday in the given time range Hello,So the requirement was to find gaps of data unavailability(start time & end time) in the given time range, co... by Dhana Explorer in Splunk Search 02-03-2022 0 0	0	0
Regex to extract string from field when characters 5 and 6 match pattern Hello,I have a field 'narrative' which contains long strings describing what happened to a piece of equipment. Withi... by andyd Engager in Splunk Search 02-03-2022 0 3	0	3
Is there a way to set trigger conditions using SPL I am coming across an interesting problem where notables are being generated for each event in Splunk with unique not... by sm1tty Loves-to-Learn Lots in Splunk Search 02-03-2022 0 0	0	0
subsearch from previous results I need to run three different queries based on the each respective results. for example :1) In the first one query : ... by bijodev1 Communicator in Splunk Search 02-03-2022 0 2	0	2
SOLVED: Alternates of LEFT OUTER JOIN Hello,I have got 2 data sets resides in same index but with different source/host: index="tickets" host="RMM_DATA" i... by madhav_dholakia Contributor in Splunk Search 02-03-2022 0 11	0	11
Splunk index How can i populate data from primary index to summary index using collect command. By using collect command can we po... by kajalchopade071 Path Finder in Splunk Search 02-03-2022 0 2	0	2
Monitor a set of csv files for errors So I have a particular number of important csv files that I need to ensure have no errors - which I can lookup using ... by robnewman666 Path Finder in Splunk Search 02-03-2022 0 4	0	4
Timechart with TIME, IPADDRESS and count Hi All,I have below splunk data:"new request: 127.0.0.1;url=login.jsp"which contains the IPADDRESS (EX:127.0.0.1) and... by yatyat Observer in Splunk Search 02-03-2022 0 3	0	3
unable to list the unmatched values compared with lookup file I am trying to identify the values that are in the logs not matching with content in the lookup file. But i am not ge... by rboya_splunk Loves-to-Learn in Splunk Search 02-03-2022 0 4	0	4
Splunk query Username status User1 loginUser2 loginUser3 login User1 logout User1 loginUser1 logout N... by kajalchopade071 Path Finder in Splunk Search 02-03-2022 0 5	0	5
Error in 'eval' type check failed I have a json data from file generated from the okla speedtest -f json command. I have tried to cast it or eval in di... by jenkinsta Path Finder in Splunk Search 02-02-2022 0 2	0	2
Predict command not working with eval count. I have the following query that I am working to establish a prediction for. I am able to be the volume to predict but... by SMM10 Explorer in Splunk Search 02-02-2022 0 0	0	0
I want to provide read permission only one app not to all apps to a particular role I want to provide read permission for only one app not all apps to a particular role and in my environment under apps... by bapun18 Communicator in Splunk Search 02-02-2022 0 1	0	1