Splunk Search

Community Activity

Issue with aligning events from three separate source types in a table I am taking events from three source types (same index; two common fields present across all three) and creating a ta... by beetlegeuse Path Finder in Splunk Search 12-27-2021 1 2	1	2
count errors with one condition Hineed to find error codes then due to ID, count number of IPS.2021-12-26 22:38:59,248 INFO CUS.AbCD-Server-2-0000000... by indeed_2000 Motivator in Splunk Search 12-27-2021 0 1	0	1
Modifying stats count to include fields with zero-values I have some data with a field called "priority", which has a value from P1 -> P5.this search query:... \| stats count ... by HallGM Engager in Splunk Search 12-26-2021 0 2	0	2
Setting Custom/Default Time in Splunk Search/Dashboard As the title suggests I am attempting to set a custom and default for a splunk dashboard that I created. When it open... by eraasch New Member in Splunk Search 12-26-2021 0 1	0	1
How to count number of unique part of string from log? In my logfile I need to count a unique piece of string. This string is many times in the logfile.The unique parts (bo... by jkauling Engager in Splunk Search 12-25-2021 0 4	0	4
How to exclude a string in dashboard search? Hi, Splunkers, when I run a splunk search, I use NOT string to exclude result with this string.if I have a dashbo... by wangkevin1029 Communicator in Splunk Search 12-25-2021 0 15	0	15
Magical sort order I was surprised by this result: In a field starting with a value that can be interpreted as an integer, groupby treat... by yuanliu SplunkTrust in Splunk Search 12-24-2021 0 2	0	2
filter by only failed events which never passed INFO [] () process='isValid', result='failed', dacNumber='[DAC_111_646]', accountNumber=1122333INFO [] () process='i... by vishwasgopala Engager in Splunk Search 12-24-2021 0 2	0	2
Understanding collect and savedsearch There is a SPL search, ending with stats that generates 300 events.Now that Search, lets call it "SEARCH-1" is saved ... by zacksoft_wf Contributor in Splunk Search 12-23-2021 0 1	0	1
Extract fields from non-JSON formatted data Hi Guys, Hope you can help me out. Consider the following data in Splunk: { attrs: { account: 85859303 ... by Matthew86 Explorer in Splunk Search 12-23-2021 0 3	0	3
Create a backlog summary with the lastest status Hi there,I'm trying to do a search that look at the latest status of a given actionid everyday to make a kind of day ... by francoisternois Path Finder in Splunk Search 12-22-2021 0 2	0	2
Join issue I want to join two source types ST1(has fields id,title) and ST2(no fields only _raw="xid https://www.example.com?q1=... by v11n New Member in Splunk Search 12-22-2021 0 2	0	2
Long-winded expressions in transaction's startsWith Our application's log-entries are in JSON and I need to search for certain strings found in the field called message.... by unitedmarsupial Path Finder in Splunk Search 12-22-2021 0 4	0	4
Log4j matching Hello,I have 2 lookups, L0011 which contains all (Known) products with the vulnerability Log4shell and L0012 with all... by Papemalik1 New Member in Splunk Search 12-22-2021 0 1	0	1
Eval on numerically named fields I have several fields that are named as integers. IE, 64, 110, 240, etc. If I try and perform a calculation using e... by jcbrendsel Path Finder in Splunk Search 12-22-2021 2 8	2	8
Column Chart Stacked based on 4 columns(column 1 has duplicate because of group by 2nd column) e.g query\| makeresults \| eval application="FSD", val_1="A", val_2=4839, val_3=5000 \| append [\| makeresults \| eval app... by rajg369 Explorer in Splunk Search 12-22-2021 0 4	0	4
Display trellis based on rows This serach result will always return 3 rows. I want display all row but in trellis. For the first row, it is the mem... by Azwaliyana Path Finder in Splunk Search 12-22-2021 0 1	0	1
Change default APP in a rest API call for a inputlookup Hi could you please give me an advice how to edit a call to the Splunk Rest API with the following parameter:search \|... by kilimche Explorer in Splunk Search 12-22-2021 0 4	0	4
Join with conditions I have two tablesEmailXDocDateCheckedNamea@a.comDoc 11/1/2021aa@a.comDoc 21/15/2021aa@a.comDoc 31/30/2021b EmailYDate... by arusoft Communicator in Splunk Search 12-21-2021 0 3	0	3
How to pass CSV values to a search via macro? We have a foo.csv which will be updated regularly, and we have searches which require some of the data in foo.csv to ... by adamsmith47 Communicator in Splunk Search 12-21-2021 0 3	0	3
search to show hosts missing specific winevent log Hi there,I've got a basic search to provide the most recent timestamp for a successful backup using wineventlog data:... by jztilly Engager in Splunk Search 12-21-2021 0 3	0	3
log4j Macros Hello,This article, https://research.splunk.com/stories/log4shell_cve-2021-44228/ , lists many log4j attack vectors a... by genesiusj Builder in Splunk Search 12-21-2021 0 2	0	2
How can I separate count eval results into individual rows depending on the data found? Hi,Currently, my query produces the correct results but they are all aggregated into single cells, and I would like t... by Steve_A200 Path Finder in Splunk Search 12-21-2021 0 2	0	2
Search for * I want to search for "index=" ....what is the best way to run it ?I tried to run "index=\" but it's not working by rayar Contributor in Splunk Search 12-21-2021 0 5	0	5
How to create fields dynamically Hi,I have events which contain 3 Fields: "StartDate", "Value_per_month" and "Nr_of_Month". They basically disclose so... by wolfgangs Engager in Splunk Search 12-20-2021 0 2	0	2