Splunk Search

Community Activity

Want to merge two query with different fields in one First queryindex = pcf_logs cf_org_name = creorg OR cf_org_name = SvcITDnFAppsOrg cf_app_name=VerifyReviewConsumerSer... by nikhilup New Member in Splunk Search 01-05-2022 0 2	0	2
How to count every 15mins with complete time bucket If I use bin _time as time span=15m \| stats count by time on 17:20 for the past 1 hour, the result would be like...ti... by Anita Engager in Splunk Search 01-05-2022 0 3	0	3
unable to convert epoch fomat to human readable format When i convert following timestamp to human readable format i am getting "12/31/9999 23:59:59" instead of '01/04/22 0... by kapoorsumit2020 Loves-to-Learn Everything in Splunk Search 01-04-2022 0 3	0	3
Foreach command with eval if Hi, I have a table like that :teststate_Astate_Bstate_C1okko- WARNko - ERROR2ko- WARNokok3okokok I would like to crea... by mah Builder in Splunk Search 01-04-2022 0 4	0	4
lookup command not working while inputlookup working Hi All,I have a .csv file named Master_List.csv added to splunk lookup. It has the values of the fields "Tech Stack"... by Mrig342 Contributor in Splunk Search 01-04-2022 1 4	1	4
Can a subsearch return only the value (without the fieldname)? (Copied from a legacy Splunk Forums post by user bpf) Hello I have the following problem: I have a Name. With this... by gkanapathy Splunk Employee in Splunk Search 01-04-2022 4 8	4	8
SSLError This codeimport splunklib.client as clienthost = "127.0.0.1"port = "8000"username = "---"password = "----"service = c... by ashraf_adeelaa New Member in Splunk Search 01-04-2022 0 0	0	0
How to count event by chosen month Hi, I have a list of events span across more than a year, the event will contain type of card, transaction status. I ... by phamxuantung Communicator in Splunk Search 01-04-2022 0 2	0	2
splunk search query for CPU usage Hi i am new to splunk.i have splink event like this" system CPU \| 6.039 % \| system time \| 0.009 % \|how can i get avg ... by Atul1507 Loves-to-Learn Lots in Splunk Search 01-03-2022 0 10	0	10
Extracting port number from url field Hello,Suppose I've got the following url among lot of others : (logs come from something close to Squid but not index... by lauMarot Path Finder in Splunk Search 01-03-2022 0 1	0	1
Truncate characters after a specific character using the Trim function Dear all, best wishes for 2022.Is it possible to use rtrim to remove all characters out of a search result that come ... by ASplunkDummy Engager in Splunk Search 01-03-2022 1 3	1	3
How to get the event count for the last 24 hours as a scheduled report? can you please tell us, how to get the last 24 hours event count to schedule the report? by dhavamanis Builder in Splunk Search 01-03-2022 1 2	1	2
Using single query with two sourcetypes? I have 2 sourcetypes, vpn & winevents, how do you write a single query to get winevents of the top 5 busiest machines... by brc55 Explorer in Splunk Search 01-03-2022 0 3	0	3
Dashboard to check index filled or not. Hello guys, Splunk newbie here. Hope someone can assist in my case, so index=*_whatever is expected to be filled with... by vxroot Loves-to-Learn in Splunk Search 01-03-2022 0 7	0	7
How to identify IIS Application Pool status changes I know similar questions have been asked a number of times but trying to follow the suggestions given I still cannot ... by jsmithn Path Finder in Splunk Search 01-02-2022 0 9	0	9
Joining Incident and SLA table creates multiple rows I have a join where there are 2 different SLAs (Active and E2E) that need to be linked to incidents on one row. How c... by DonBaldini Path Finder in Splunk Search 01-02-2022 0 1	0	1
csv file usage Hi,I need help in evaluation the csv files under "<Splunk directory>\etc\apps\search\lookups" folder. we have multipl... by shrinivaskittur Explorer in Splunk Search 01-02-2022 0 4	0	4
Specific query from Splunk SH to create a Dashboard Hi all, I'm trying to find the specific queries for the SH to create Splunk dashboard of the following info (example)... by splunk_luis12 Path Finder in Splunk Search 01-02-2022 0 2	0	2
Regex Help Hello,I'm attempting to use the regex command to filter out any records on the "user" field that do not match the wri... by bcanfield83 Engager in Splunk Search 01-02-2022 0 3	0	3
Pair events 4778 & 4779 How do I pair events 4778 & 4779 for the same Logon_ID when I have multi 4778 and multi 4779?I would like to pair the... by eranhauser Path Finder in Splunk Search 12-31-2021 0 1	0	1
Please Help Provide details about client purchase details 1. Total purchase split by product ID 2. Total Prod... by sumitp10797 New Member in Splunk Search 12-31-2021 0 2	0	2
JSON parsing problem Hello, My Splunk query an API and gets a JSON answer.Here is a sample for 1 Host (the JSON answer is very long ≈ 400 ... by incognito Explorer in Splunk Search 12-31-2021 0 6	0	6
Can I feed data directly into Excel? HelloI want to feed data directly into Excel but I do not have API access nor I can install custom connectors.Is ther... by SplnkUse Path Finder in Splunk Search 12-31-2021 0 2	0	2
Changing an ID to a name Hi,My search result brings back a GUID in the ID field. The GUID refers to a customer. I would like it to reflect the... by bazcurtis178 Explorer in Splunk Search 12-31-2021 0 9	0	9
Unable to create field using regex Hi Team, Need your help in creating regex to create a field. "User_Claim":("sub":"qweihaytej"; "login_id":"Abc@domai... by sagar_shubham Explorer in Splunk Search 12-30-2021 0 4	0	4