Splunk Search

Community Activity

extract pattern like splunk pattern Hi, How can I extract pattern of raw data like pattern tab in splunk search? Thanks by indeed_2000 Motivator in Splunk Search 01-05-2022 0 6	0	6
How to write field name in its value Hi,How can I write the name of a field in the value like I have :test_1test_2test_3warnerrorcritical I want :testtest... by mah Builder in Splunk Search 01-05-2022 0 1	0	1
How to reorganize a table Hello,I have a table like that :customerprod_1prod_2prod_3customer_1 green customer_2red orange and I would like to c... by mah Builder in Splunk Search 01-05-2022 0 2	0	2
Limiting and grouping OTHER in stats command Hi! I have a summarized field (docsReturned) by customer id that I would like to make a top X pie chart of, while sum... by Fredrik New Member in Splunk Search 01-05-2022 0 0	0	0
filter time for specific range \| savedsearch cbp_inc_base \| eval _time=strftime(opened_time, "%Y/%m/%d") \|\| bin _time span=1d here _ time is giving ... by neethan Path Finder in Splunk Search 01-05-2022 0 10	0	10
Want to merge two query with different fields in one First queryindex = pcf_logs cf_org_name = creorg OR cf_org_name = SvcITDnFAppsOrg cf_app_name=VerifyReviewConsumerSer... by nikhilup New Member in Splunk Search 01-05-2022 0 2	0	2
How to count every 15mins with complete time bucket If I use bin _time as time span=15m \| stats count by time on 17:20 for the past 1 hour, the result would be like...ti... by Anita Engager in Splunk Search 01-05-2022 0 3	0	3
unable to convert epoch fomat to human readable format When i convert following timestamp to human readable format i am getting "12/31/9999 23:59:59" instead of '01/04/22 0... by kapoorsumit2020 Loves-to-Learn Everything in Splunk Search 01-04-2022 0 3	0	3
Foreach command with eval if Hi, I have a table like that :teststate_Astate_Bstate_C1okko- WARNko - ERROR2ko- WARNokok3okokok I would like to crea... by mah Builder in Splunk Search 01-04-2022 0 4	0	4
lookup command not working while inputlookup working Hi All,I have a .csv file named Master_List.csv added to splunk lookup. It has the values of the fields "Tech Stack"... by Mrig342 Contributor in Splunk Search 01-04-2022 1 4	1	4
Can a subsearch return only the value (without the fieldname)? (Copied from a legacy Splunk Forums post by user bpf) Hello I have the following problem: I have a Name. With this... by gkanapathy Splunk Employee in Splunk Search 01-04-2022 4 8	4	8
SSLError This codeimport splunklib.client as clienthost = "127.0.0.1"port = "8000"username = "---"password = "----"service = c... by ashraf_adeelaa New Member in Splunk Search 01-04-2022 0 0	0	0
How to count event by chosen month Hi, I have a list of events span across more than a year, the event will contain type of card, transaction status. I ... by phamxuantung Communicator in Splunk Search 01-04-2022 0 2	0	2
splunk search query for CPU usage Hi i am new to splunk.i have splink event like this" system CPU \| 6.039 % \| system time \| 0.009 % \|how can i get avg ... by Atul1507 Loves-to-Learn Lots in Splunk Search 01-03-2022 0 10	0	10
Extracting port number from url field Hello,Suppose I've got the following url among lot of others : (logs come from something close to Squid but not index... by lauMarot Path Finder in Splunk Search 01-03-2022 0 1	0	1
Truncate characters after a specific character using the Trim function Dear all, best wishes for 2022.Is it possible to use rtrim to remove all characters out of a search result that come ... by ASplunkDummy Engager in Splunk Search 01-03-2022 1 3	1	3
How to get the event count for the last 24 hours as a scheduled report? can you please tell us, how to get the last 24 hours event count to schedule the report? by dhavamanis Builder in Splunk Search 01-03-2022 1 2	1	2
Using single query with two sourcetypes? I have 2 sourcetypes, vpn & winevents, how do you write a single query to get winevents of the top 5 busiest machines... by brc55 Explorer in Splunk Search 01-03-2022 0 3	0	3
Dashboard to check index filled or not. Hello guys, Splunk newbie here. Hope someone can assist in my case, so index=*_whatever is expected to be filled with... by vxroot Loves-to-Learn in Splunk Search 01-03-2022 0 7	0	7
How to identify IIS Application Pool status changes I know similar questions have been asked a number of times but trying to follow the suggestions given I still cannot ... by jsmithn Path Finder in Splunk Search 01-02-2022 0 9	0	9
Joining Incident and SLA table creates multiple rows I have a join where there are 2 different SLAs (Active and E2E) that need to be linked to incidents on one row. How c... by DonBaldini Path Finder in Splunk Search 01-02-2022 0 1	0	1
csv file usage Hi,I need help in evaluation the csv files under "<Splunk directory>\etc\apps\search\lookups" folder. we have multipl... by shrinivaskittur Explorer in Splunk Search 01-02-2022 0 4	0	4
Specific query from Splunk SH to create a Dashboard Hi all, I'm trying to find the specific queries for the SH to create Splunk dashboard of the following info (example)... by splunk_luis12 Path Finder in Splunk Search 01-02-2022 0 2	0	2
Regex Help Hello,I'm attempting to use the regex command to filter out any records on the "user" field that do not match the wri... by bcanfield83 Engager in Splunk Search 01-02-2022 0 3	0	3
Pair events 4778 & 4779 How do I pair events 4778 & 4779 for the same Logon_ID when I have multi 4778 and multi 4779?I would like to pair the... by eranhauser Path Finder in Splunk Search 12-31-2021 0 1	0	1