Splunk Search

Community Activity

JOIN on some of the columns I have a table (that is a spitted URL) in the following format: field1field2field3field4field5field6aaaaa11111qqqqqaa... by michael_vi Path Finder in Splunk Search 01-09-2022 0 5	0	5
stats count by field and show total Hello,I want to calculate the count of total events, count of errors and show the total percent of the failures from ... by sarit_s Communicator in Splunk Search 01-09-2022 0 3	0	3
Getting the Date for the max() value Howdy I have a search like this:Everything is great! Would it be possible to add a column that contains the timestamp... by modulussplunk Loves-to-Learn in Splunk Search 01-09-2022 0 4	0	4
rex extract number Hi2022-01-04 23:10:43,224 INFO [APP] sessionDestroyed, Session Count: 02022-01-04 23:12:34,238 INFO [APP] sessionCrea... by indeed_2000 Motivator in Splunk Search 01-09-2022 0 9	0	9
Searching a 2nd index with a field extraction using rex I have a index=weblogs where I filter results and then REX extract an IP address to a new field called RemoteIP.I wan... by dhabbal Explorer in Splunk Search 01-08-2022 0 4	0	4
Using "earliest" and other time modifiers in ad hoc queries Is it possible to put time modifiers like "earliest" into a search and essentially disregard the time range drop-down... by mv10 Path Finder in Splunk Search 01-07-2022 0 3	0	3
Using stats command to return 0 value Hi There:I'm trying to return the list of access_users with 0 web hits from the web_hits table. How can i adjust this... by mdeterville Path Finder in Splunk Search 01-07-2022 0 2	0	2
Old data cannot load Splunk can not load old data only load current data. Though it shows event count. Before that I have moved some splun... by Eshmin Observer in Splunk Search 01-07-2022 0 6	0	6
Column Chart - unstack and stack in one chart. Show a column value as tooltip I have two questions.1.Is it possible to Stack and unstack in a single column chart?in the below chart the line on to... by rajg369 Explorer in Splunk Search 01-07-2022 0 6	0	6
How to combine multiple values to single row I want to divide different multi-values based on IP.Current results:IPdateeventrisk1.1.1.12022-01-012022-01-02apache ... by staymini Explorer in Splunk Search 01-07-2022 1 4	1	4
How to display two lines in a linechart based on one value? Dear Splunk Community,Every 5 minutes the following event is generated :2022-01-05 21:20:33 : RunningOR2022-01-05 20:... by Bleepie Communicator in Splunk Search 01-07-2022 0 3	0	3
Unable to extract from the field Hello all, I am trying to extract an field from the below event and using the below add extraction, however this extr... by srinivas_gowda Path Finder in Splunk Search 01-07-2022 0 2	0	2
Splunk regex ignore fields before match I need to extract the contents of the message field into a json log, but the first strings must be ignored until 'std... by leandromatperei Path Finder in Splunk Search 01-07-2022 0 4	0	4
Remove Alike Values in a Field Hello Splunk Answers, How can I remove this duplicate line? See sample below:From: row1 row2 row31.1.1.1 X... by whitefang1726 Path Finder in Splunk Search 01-06-2022 0 6	0	6
How to Search for the Rows If at Least One Row in the Whole source Meets a Criteria I want to search like:index=whatever "term_1" AND (at least one event in the source of the found record contains term... by hpaknia Explorer in Splunk Search 01-06-2022 1 4	1	4
Exclude IP address returned from subsearch in main search Hello,I've got a search query where I'm looking for unexpected ssh connections to my instances, but I've got one serv... by apeadape Explorer in Splunk Search 01-06-2022 0 1	0	1
Break up search over large timeframe into searches of smaller timeframes TLDR: I'm trying to automate the large 25 day search to break up into 25 separate one day searches.I'm updating a loo... by cyberdiver Explorer in Splunk Search 01-06-2022 0 6	0	6
Log4J Search slows down after a few minutes (Large Query) Log4J Query: index=* \| regex _raw="(\$\|%24)(\{\|%7B)([^jJ][jJ])([^nN][nN])([^dD][dD])([^iI][iI])(:\|%3A\|\$\|%24\|}\|%7... by cyberdiver Explorer in Splunk Search 01-06-2022 0 4	0	4
Creating a new field from another field Hi, Wondering if anyone can help. I am trying to create a new field called FS_Owner_Mail using \|eval from both the ma... by emcglade Engager in Splunk Search 01-06-2022 0 4	0	4
Choose one result in Splunk table Query Hello All, 1) I would like to add radio button / any way to select - one of the results of my below REST query search... by PraveenaR Explorer in Splunk Search 01-05-2022 0 1	0	1
Search based on two different dropdowns I have two dropdowns. I only want to run a single dropdown everytime for a search.Closed Dropdown has token value as... by martin61 Engager in Splunk Search 01-05-2022 0 1	0	1
.. .. by amys Engager in Splunk Search 01-05-2022 0 0	0	0
Find Ids of a table not in other search table I have 2 type of search messages -Problem #1Problem #5and other one goes like this -Solved problem_id successful: 1So... by mangaldev Engager in Splunk Search 01-05-2022 0 1	0	1
Daily and weekly discrete count in the same query? I've got some queries I need to do periodically that use the exact same base search, one with teh weekly uniques and ... by dantose Explorer in Splunk Search 01-05-2022 0 3	0	3
java curl splunk search produces error in SearchParser - missing a search command In Java, I am trying to call a curl command that has a Splunk search to get contents of a lookup file.I've used https... by diptij Path Finder in Splunk Search 01-05-2022 0 2	0	2