Splunk Search

Community Activity

Hi Experts, I would like to count the multifield in the table where it has similar values I would like to count the multifield in the table where it has similar values. For Ex: I need output like below for ... by Ashwini_5 Explorer in Splunk Search 01-21-2022 0 2	0	2
Date and time conversion Hi, in my index I have a couple time fields that are returned via a simple search_time = 1/20/2022 1:38:55.000 PM (th... by nate_washburn Engager in Splunk Search 01-21-2022 0 2	0	2
How should we handle DB audit trails? We would like to ingest the Oracle's UNIFIED_AUDIT_TRAIL table and the SQL server's MSSQL\SQLAudit\*.sqlaudit files.H... by danielbb Motivator in Splunk Search 01-21-2022 0 2	0	2
Extract and cleanse data into field for table Hi,In the following log entries, I wanted to extract uri in a specific format:log: a_level="INFO", a_time="null", a_t... by nbhat Explorer in Splunk Search 01-21-2022 0 1	0	1
Date field comparison I need help regarding comparise a ISO 8601 date field with a specific date.Below is a simple example:index=devices \| ... by alexandrebas Explorer in Splunk Search 01-21-2022 0 1	0	1
How to show data from TWO different sourcetypes ? I have,sourcetype_A (fields : ID, age, city, state)sourcetype_B (fields : ID, job, salary, gender)The fields "ID" i... by zacksoft_wf Contributor in Splunk Search 01-21-2022 0 2	0	2
Extract raw data for URL into field Hi,In the following log, I wanted to extract Url, Method, ResponseTimeMs, StatusCode as a table:log: a_level="INFO", ... by nbhat Explorer in Splunk Search 01-21-2022 0 2	0	2
Splunk Join is Left the same as outer in Splunk? Is Type=Left the same as type=outer in Splunk? If so why do they list it as three options?https://docs.splunk.com/Doc... by robertlynch2020 Influencer in Splunk Search 01-20-2022 0 2	0	2
Is it possible to query IIS logs for a monthly web application hit count for multiple web applications on a domain? Hello,I was wondering if it is possible to use Splunk to query IIS logs for a monthly application hit count for multi... by jasonmhamilton New Member in Splunk Search 01-20-2022 0 3	0	3
Count and chart two different queries Hey all,Newbie here learning Splunk. I'm starting to get into dashboards and want to create either a pie chart or jus... by zebulajams Explorer in Splunk Search 01-20-2022 0 5	0	5
Did my search work or not? I've been trying to resolve this since October and not getting traction. Turning to the community for help:I have se... by awmorris Path Finder in Splunk Search 01-20-2022 0 0	0	0
json Field value extraction I would like to get the list of those items in the properties field, like appName, levelId, etc. by EvansB Path Finder in Splunk Search 01-20-2022 0 4	0	4
action field is not returning any results from all indexes Hello,Looks like the action field is not returning results for almost all of the indexes. This is only impacting one ... by majid87 Engager in Splunk Search 01-20-2022 0 4	0	4
Searching for 2 different events on the same order number Hello Splunk Community,I'm fairly new to splunk and am using it to search and alert me for testing failures in my man... by Flaxamax Engager in Splunk Search 01-20-2022 0 3	0	3
Create bar graph with ranges specified in the x axis I have created a bar graph. The following is the query.index= "cx_metrics_analysis" sourcetype="cx_metrics_httpevent"... by anooshac Communicator in Splunk Search 01-20-2022 0 4	0	4
Convert years month days to Days Hey,Can anyone help me convert Age to Days? Have trouble parsing and calculating. Sample DataAge2 years 3 months 2 da... by figuringthings New Member in Splunk Search 01-19-2022 0 2	0	2
Search peer and search process errors hello, Our physical servers had to restart and as such the splunk servers dropped. we are now having issues on ou... by willsy Communicator in Splunk Search 01-19-2022 0 2	0	2
How to pass the search results to an email body by using sendresults I am using "sendresults" command and pass the search results to an email body template; however, the search results d... by lucas4394 Path Finder in Splunk Search 01-19-2022 0 0	0	0
macro with calculated parameters I am trying to assign a value to a parameter in a macro that is based on a calculation of a value being sent to the m... by eranhauser Path Finder in Splunk Search 01-19-2022 0 3	0	3
lookup table to search lookup table? I have been trying to figure out why this doesn't work.\|inputlookup ioc_domain.csv \| table query \| search NOT [inputl... by amask38 Engager in Splunk Search 01-19-2022 0 6	0	6
Using variables with IN and LIKE functions I am using Splunk Enterprise V8.2.3.2. I am trying to alert when a scheduled search becomes disabled. The problem is ... by drezanka Explorer in Splunk Search 01-19-2022 0 4	0	4
how to have one droplist input used for 2 panels with adding suffix for one panel? Hi,Splunkers,I have a dashboard with 2 Panels， which share one droplist input.droplist has name/values as ALL/*, ... by wangkevin1029 Communicator in Splunk Search 01-19-2022 0 16	0	16
Join multiple events and separate timestamp fields I've been having difficulty with this for a while and looking for some help. I'm attempting to find users logging and... by cmccartneyocto Engager in Splunk Search 01-19-2022 1 0	1	0
rex to extract duration HiHow can I extract duration with below condition? (it is important to check these condition to find correct match)1)... by indeed_2000 Motivator in Splunk Search 01-19-2022 0 5	0	5
How to get ServiceNow to create an event ticket Can someone help me to get ServiceNow to create an event ticket every time my Splunk alert gets triggered? I had foll... by Ab_Splunk Engager in Splunk Search 01-19-2022 0 2	0	2