Splunk Search

Community Activity

	Information extraction Hi folks,Hoping you might be able to help.I've some raw logs coming in and one of the "extracted" fields is a fields ... by klaudiac Path Finder in Splunk Search 01-26-2022 0 1	0	1
	Filter out pan_traffic_start eventtype Hi,I have installed and configured Palo Alto Addon which is creating multiple eventtypes , one of which is pan_traffi... by Yadukrishnan Explorer in Splunk Search 01-26-2022 0 0	0	0
	splunk search query to get data last two months every friday with in time range Hi,Splunk search query to get data last two months data.need only every Friday data in the time range for 15 mins (i.... by kirrusk Communicator in Splunk Search 01-26-2022 0 5	0	5
	timechart limit=0 useother=false span=2d count by serviceとしたとき、serviceごとに2日分の合計がされてしまう。 Splunk search headで以下のクエリとした場合、service毎に2日ごとに合計量が表示されてしまいます。timechart limit=0 useother=false span=2d count by service... by TomohikoHoshino Observer in Splunk Search 01-26-2022 0 0	0	0
	filed ignore textx within " " Hello, I see following in _raw. However, when I run search with table or fields it does not display text within doub... by patelmc Explorer in Splunk Search 01-25-2022 0 3	0	3
	How do I optimize the query to avoid forceful termination ? My query after finalizing for some time , gives me, The search processs with sid= was forcefully terminated because i... by zacksoft_wf Contributor in Splunk Search 01-25-2022 0 5	0	5
	Join multiple lines using free text I was trying to join multiple lines generated in /var/log/secure. I tried with transaction but looks like that doesn'... by sarithbabu Engager in Splunk Search 01-25-2022 0 2	0	2
	Regex for field extraction with or without comma I found that the format of a sourcetype had changed some time ago.Now I need to extract the data correctly for both c... by magriii Explorer in Splunk Search 01-25-2022 0 1	0	1
	How can i dedupe a multivalue field in props or transforms? There are a couple of good answers here for deduping a multivalue field in a search, but how can I dedupe a multivalu... by ruman Splunk Employee in Splunk Search 01-25-2022 0 3	0	3
	Date conversion needed Hi,I am trying to calculate age for a task. Time is in below format. What am I missing?\| makeresults\| eval Last_Check... by mbasharat Builder in Splunk Search 01-25-2022 0 5	0	5
	How do I create a query to look at multiple sources which have very similar names but with different numbers at the end? Hi, all!Here are the sources that I want to contain at my search:- /appvol/wlp/DIVR01HK-AS01/applogs/appl.log- /appvo... by Jennifer Path Finder in Splunk Search 01-25-2022 0 2	0	2
	Calculating the duration Hi,I am trying to calculate the duration of a call from the bellow search however it is appearing blank, the format i... by joe06031990 Communicator in Splunk Search 01-24-2022 0 6	0	6
	Query Supposed if i have huge data off employees Like name department and status (login /logout )One person can login and l... by kajalchopade071 Path Finder in Splunk Search 01-24-2022 0 4	0	4
	PROPS Configuration file for data sources with timestamp more than 10 years Hello,I am getting some error messages within my PROPS Configuration file to parse timestamp data. The sample file/ev... by SplunkDash Motivator in Splunk Search 01-24-2022 0 1	0	1
	Joining two sourcetypes on a common Id where the names differ I've been looking around here and on Google but can't find an answer to this specific usecase: I have two sourcetypes... by arist0telis Explorer in Splunk Search 01-24-2022 0 2	0	2
	Search for users Splunk login activity for * days Hello,I'm trying to search Splunk for user activity pertaining to logging into Splunk for X # of days. Everything I'v... by crlunde Loves-to-Learn Everything in Splunk Search 01-24-2022 0 2	0	2
	Need Help in regex expression Hi team, I need to fetch the 'InterfaceName' from the below payload. I built a regular expression but it is not wor... by rkishoreqa Communicator in Splunk Search 01-24-2022 0 1	0	1
	How do I fix my field extraction to account for whitespace in some paths Hello I have some data in a txt file that I am working on extractions for. It extracts fine except that in some of t... by tkw03 Communicator in Splunk Search 01-24-2022 0 3	0	3
	How to return stats from subsearch if first search returns no events I have created a search that will trigger if no events from the following search is being returnedindex=ipl_prod sour... by rune_hellem Contributor in Splunk Search 01-23-2022 0 2	0	2
	identify host not in a list... I have a query that returns a set of hosts that have an event string.index=anIndex sourcetype=aSourceType ("aString1"... by sjringo Contributor in Splunk Search 01-23-2022 0 12	0	12
	How to automatically initiate second search using the results of the first search index=logs appname="nameofapp " url=somewebsitenamestring \| stats count by user \| sort - count \| where count > ... by Itsecuser1 New Member in Splunk Search 01-23-2022 0 3	0	3
	how to add calculated fields into a chart I am trying to add 2 new fields into a chart, which is calculated by the exisiting columns in the following chart. Ba... by chongdong Explorer in Splunk Search 01-23-2022 0 6	0	6
	Splunk alert base on return code My file contains a line at the last where it mentions the return code. The format look like below mentioned. If the j... by LolabhattuA Loves-to-Learn in Splunk Search 01-23-2022 0 4	0	4
	How to combine two searches into one table?? Hello,everyone!At first, sorry for my bad English.I have a problem to join two result.The raw data is a reg file, lik... by feelcool Explorer in Splunk Search 01-22-2022 0 7	0	7
	How do you use a calculated "_time" field for a timechart query I have a Splunk query that does a lot of computation and eventually returns only two calculated fields: _time and ST... by jbrenner Path Finder in Splunk Search 01-22-2022 0 3	0	3