Splunk Search

Community Activity

SPL Query Error I am trying to write an spl query to detect an event of a single source IP address or a user fails multiple time to ... by adoumbia Engager in Splunk Search 11-27-2024 0 4	0	4
Split string into fields fieldA:1:10 fieldB:1:3 fieldC:1:2fieldA:1:10 fieldC:1:2fieldA:1:10 fieldC:1:2fieldC:1:1 I want to end up with a field... by darkins Engager in Splunk Search 11-27-2024 0 5	0	5
Splunk lookup I have a 3 node search head cluster and distributed indexers we are getting below error when running any type of sear... by santhipriya Engager in Splunk Search 11-27-2024 0 4	0	4
Splunk search csv number I have a csv file like this that contain more than 100 numbers 111111112222222233333333 I want to search for events t... by Crotyo Observer in Splunk Search 11-26-2024 0 9	0	9
How can I search for a missing field? Let's say I have events A and B: A -- Feb 1 2010 10:10:00 field1=foo field2=bar B -- Feb 1 2010 10:10:01 field1=foo ... by hulahoop Splunk Employee in Splunk Search 11-26-2024 3 15	3	15
Top with optional field results When I search I want to show the top results by a specific field "field1" and also show "field2" and "field3". Proble... by thrtnastrx Observer in Splunk Search 11-25-2024 0 3	0	3
Inconsistent Key-Value Pair Searching in Splunk (Some Events Only Found with Wildcards) Hey Splunk team, I’m facing an issue where Splunk fails to search for certain key-value pairs in some events unless I... by Aithnave Engager in Splunk Search 11-25-2024 0 3	0	3
Summary results for a "per item" query Hello, I have the following query to search Proofpoint logs. index=ppoint_prod host=host1 \| eval time=strftime(_ti... by SplunkUser001 Explorer in Splunk Search 11-25-2024 0 11	0	11
Only show slots of a timechart that have more than x results We search thru the logs of switches and there are some logs that are unconcerning if you just have a couple of them l... by mariojost Engager in Splunk Search 11-25-2024 0 6	0	6
rex help probably an easy one, i have two events as follows thisisfield1 thisisfield2 mynextfield3thisisfield1 mynextfield3mea... by darkins Engager in Splunk Search 11-25-2024 0 7	0	7
How can I determine which fields will work with tstats? I understand that tstats will only work with indexed fields, not extracted fields. How can I determine which fields ... by campbellwarren Engager in Splunk Search 11-24-2024 0 5	0	5
Field Extraction Need help to extract a field that comes after a certain word in a event. I am looking to extract a field called "sn_g... by scout29 Path Finder in Splunk Search 11-22-2024 0 3	0	3
Finding changes in a field We are trying to watch the NIC statistics for our OS interfaces. We are gathering data from a simple ifconfig eth0 \|... by Brad Explorer in Splunk Search 11-22-2024 0 6	0	6
Limiting result from lookup I am trying to figure out how to include a lookup in my search, but only some records. My current search is below. My... by vm_molson Explorer in Splunk Search 11-21-2024 0 1	0	1
HTML - Style - remove the extra lin eof black Hi I have the below code to produce this table - but does anyone know how to get rid of the part in red (I have added... by robertlynch2020 Influencer in Splunk Search 11-21-2024 0 5	0	5
Events mismatch values with lookup values Hello Splunkers!!We have events that contains source and destination fields with complete values, and we want to matc... by uagraw01 Motivator in Splunk Search 11-21-2024 0 3	0	3
Stringing together searches I have searches for two files that are related but the incoming and outgoing file names differ, basically it's an inc... by ecnausysadm Explorer in Splunk Search 11-21-2024 0 3	0	3
How to get the difference of time between 2 events Hello Everyone, I have events like 02-Jul-2014 09:25:25 AM: ========== Finish Transmit Process ========== 02-Ju... by gajananh999 Contributor in Splunk Search 11-21-2024 0 3	0	3
Mismatch with values in Join When I run this query: index=edi-2 \| join type=inner TRACKINGNUMBER [search index=edi \| rename TRCK AS TRACKINGNUMBER... by tlunruh New Member in Splunk Search 11-21-2024 0 3	0	3
eval isnull() always returns true We're using Splunk to monitor EDI traffic onto our backend system. We want to have a single value panel that shows gr... by dmrhodes101 Explorer in Splunk Search 11-21-2024 1 3	1	3
Lookup definition is outputting incomplete results Hi, I have a simple search which is using a lookup definition based off of a lookup. This lookup is large. Search has... by mbasharat Builder in Splunk Search 11-20-2024 0 3	0	3
Check multiple arrays for value without knowing parent node(s) The structure of JSON in my log events is roughly as follows { "Info": { "Apps": { "Reportin... by mrsampson Explorer in Splunk Search 11-19-2024 0 2	0	2
I have been trying to use the CASE function in splunk, but my results are not correct This is my search. I brings back Not Known for every field instead of the correct case name:index=websphere webspher... by NanSplk01 Communicator in Splunk Search 11-19-2024 0 3	0	3
Rex has exceeded configured match_limit, consider raising the value in limits.conf. Hi Splunkers, any help with Rex has exceeded configured match_limit, consider raising the value in limits.conf.My sea... by majilan1 Path Finder in Splunk Search 11-18-2024 1 4	1	4
Use variable as complete search string I am trying to create a dashboard. It has two input text fields.I want to run a search query based on these two input... by ameyad Engager in Splunk Search 11-18-2024 1 1	1	1