Splunk Search

Community Activity

	Join multiple lines using free text I was trying to join multiple lines generated in /var/log/secure. I tried with transaction but looks like that doesn'... by sarithbabu Engager in Splunk Search 01-25-2022 0 2	0	2
	Regex for field extraction with or without comma I found that the format of a sourcetype had changed some time ago.Now I need to extract the data correctly for both c... by magriii Explorer in Splunk Search 01-25-2022 0 1	0	1
	How can i dedupe a multivalue field in props or transforms? There are a couple of good answers here for deduping a multivalue field in a search, but how can I dedupe a multivalu... by ruman Splunk Employee in Splunk Search 01-25-2022 0 3	0	3
	Date conversion needed Hi,I am trying to calculate age for a task. Time is in below format. What am I missing?\| makeresults\| eval Last_Check... by mbasharat Builder in Splunk Search 01-25-2022 0 5	0	5
	How do I create a query to look at multiple sources which have very similar names but with different numbers at the end? Hi, all!Here are the sources that I want to contain at my search:- /appvol/wlp/DIVR01HK-AS01/applogs/appl.log- /appvo... by Jennifer Path Finder in Splunk Search 01-25-2022 0 2	0	2
	Calculating the duration Hi,I am trying to calculate the duration of a call from the bellow search however it is appearing blank, the format i... by joe06031990 Communicator in Splunk Search 01-24-2022 0 6	0	6
	Query Supposed if i have huge data off employees Like name department and status (login /logout )One person can login and l... by kajalchopade071 Path Finder in Splunk Search 01-24-2022 0 4	0	4
	PROPS Configuration file for data sources with timestamp more than 10 years Hello,I am getting some error messages within my PROPS Configuration file to parse timestamp data. The sample file/ev... by SplunkDash Motivator in Splunk Search 01-24-2022 0 1	0	1
	Joining two sourcetypes on a common Id where the names differ I've been looking around here and on Google but can't find an answer to this specific usecase: I have two sourcetypes... by arist0telis Explorer in Splunk Search 01-24-2022 0 2	0	2
	Search for users Splunk login activity for * days Hello,I'm trying to search Splunk for user activity pertaining to logging into Splunk for X # of days. Everything I'v... by crlunde Loves-to-Learn Everything in Splunk Search 01-24-2022 0 2	0	2
	Need Help in regex expression Hi team, I need to fetch the 'InterfaceName' from the below payload. I built a regular expression but it is not wor... by rkishoreqa Communicator in Splunk Search 01-24-2022 0 1	0	1
	How do I fix my field extraction to account for whitespace in some paths Hello I have some data in a txt file that I am working on extractions for. It extracts fine except that in some of t... by tkw03 Communicator in Splunk Search 01-24-2022 0 3	0	3
	How to return stats from subsearch if first search returns no events I have created a search that will trigger if no events from the following search is being returnedindex=ipl_prod sour... by rune_hellem Contributor in Splunk Search 01-23-2022 0 2	0	2
	identify host not in a list... I have a query that returns a set of hosts that have an event string.index=anIndex sourcetype=aSourceType ("aString1"... by sjringo Contributor in Splunk Search 01-23-2022 0 12	0	12
	How to automatically initiate second search using the results of the first search index=logs appname="nameofapp " url=somewebsitenamestring \| stats count by user \| sort - count \| where count > ... by Itsecuser1 New Member in Splunk Search 01-23-2022 0 3	0	3
	how to add calculated fields into a chart I am trying to add 2 new fields into a chart, which is calculated by the exisiting columns in the following chart. Ba... by chongdong Explorer in Splunk Search 01-23-2022 0 6	0	6
	Splunk alert base on return code My file contains a line at the last where it mentions the return code. The format look like below mentioned. If the j... by LolabhattuA Loves-to-Learn in Splunk Search 01-23-2022 0 4	0	4
	How to combine two searches into one table?? Hello,everyone!At first, sorry for my bad English.I have a problem to join two result.The raw data is a reg file, lik... by feelcool Explorer in Splunk Search 01-22-2022 0 7	0	7
	How do you use a calculated "_time" field for a timechart query I have a Splunk query that does a lot of computation and eventually returns only two calculated fields: _time and ST... by jbrenner Path Finder in Splunk Search 01-22-2022 0 3	0	3
	result in single row Hi Guys I have a query like this <query>\| stats avg(CurrentConnections) as CC by host And the output is as below wit... by roopeshetty Path Finder in Splunk Search 01-22-2022 0 3	0	3
	fields.conf TOKENIZER breaks my event completely I'm trying to get a new sourcetype (NetApp user-level audit logs, exported as XML) to work, and I think my fields.con... by dsmith Path Finder in Splunk Search 01-22-2022 0 12	0	12
	display all values of JSON field in a table if you don't know the structure of the json I have a JSON with a field containing another object, but this object varies depending on type. For example, you may ... by dasaed Explorer in Splunk Search 01-22-2022 0 3	0	3
	Which timestamp is used when piping a transaction result into timechart command I have a transaction command which correlates two log entries. If I pipe this result into a timechart command, which ... by jbrenner Path Finder in Splunk Search 01-21-2022 0 2	0	2
	Eval If Multiple Date Values Match or Do Not Match Hello,I have a script gathering the last updated timestamp of three different files and I'm ingesting that data into ... by Razziq Explorer in Splunk Search 01-21-2022 0 1	0	1
	[Version 8.2.4] No longer able to use timestamps from return command in subsearch Hi,In the past (Splunk Enterprise v 7.x.x) I used the below search to run a report every few min. There were so many ... by steen Explorer in Splunk Search 01-21-2022 0 5	0	5