Splunk Search

Community Activity

How can I separate count eval results into individual rows depending on the data found? Hi,Currently, my query produces the correct results but they are all aggregated into single cells, and I would like t... by Steve_A200 Path Finder in Splunk Search 12-21-2021 0 2	0	2
Search for * I want to search for "index=" ....what is the best way to run it ?I tried to run "index=\" but it's not working by rayar Contributor in Splunk Search 12-21-2021 0 5	0	5
How to create fields dynamically Hi,I have events which contain 3 Fields: "StartDate", "Value_per_month" and "Nr_of_Month". They basically disclose so... by wolfgangs Engager in Splunk Search 12-20-2021 0 2	0	2
convert time I'm looking to convert the results for these fields in PST time zone, so that I can fetch the events based on these ... by martin61 Engager in Splunk Search 12-20-2021 0 1	0	1
Join Query I have an Index B which has job_name and job_status details and another index A which has ticket number and job_name... by chuck_life09 Path Finder in Splunk Search 12-20-2021 0 3	0	3
SEDCMD help We have below CEF logs coming in from the device where few field doesn't have any value like cs2 below CEF:0\|vendor\|p... by pavanbmishra Path Finder in Splunk Search 12-20-2021 0 1	0	1
Need help regex We need to capture field value for the below CEF log pattern CEF:0\|vendor\|product\|1.1.0.15361\|6099\|DirectoryAssetSync... by pavanbmishra Path Finder in Splunk Search 12-20-2021 0 1	0	1
Two condition match - sequential number pid and certain values on associated fields Hi,Need help to get following results from the search. all helps will be appreciated. On the image below, same color... by splunkxorsplunk Explorer in Splunk Search 12-20-2021 0 4	0	4
Splunk query to display count based on message Hi,I need a help with a query to display the count based on a particular message. For example, "Failed project on ABC... by nanoo1 Loves-to-Learn Everything in Splunk Search 12-20-2021 0 5	0	5
How to drilldown an external link with part of url in a row Hi,I have a table like this : part_of_urlcount/test11/test22/test33 I want to drilldown with a link which open a new ... by mah Builder in Splunk Search 12-20-2021 0 6	0	6
How to merge 2 lines in a table into one Hi,I have a table like this : testcounttest AA1test AB2test C3 I want to merge "test AA" and "test AB" which will giv... by mah Builder in Splunk Search 12-20-2021 0 1	0	1
Need Minutes and hours conversion Hi, I am trying this cmd index="wineventlog" host IN (*) EventCode=6006 OR EventCode="6005" Type=Information\| transa... by priya1926 Path Finder in Splunk Search 12-20-2021 0 2	0	2
Failed to find Windows Event Log HelloI'm trying to injest event from this Microsoft event viewer:[WinEventLog://Microsoft-Windows-TerminalServices-Cl... by g_paternicola Path Finder in Splunk Search 12-20-2021 0 7	0	7
Need help on Queries Combination. Hi,Search 1: It is used to findout the server healthindex=win sourcetype="xmlwineventlog" host=Prod_UI_*\| eval Status... by jackin Path Finder in Splunk Search 12-19-2021 0 1	0	1
Using OR with regex Hello,Is it possible to user OR with regex?For example i have search \| regex something="", and I need \| regex somethi... by bosseres Contributor in Splunk Search 12-19-2021 0 2	0	2
Generete event after 3 consecutive failure Hi,I need an help with splunk search query where in an incident need to be generated for a log backup failure after 3... by nanoo1 Loves-to-Learn Everything in Splunk Search 12-19-2021 0 13	0	13
Use subsearch to gather ip addresses for use in another type off search? Playing around to find a way to gather IP-Addresses from one type of search, to gather other type of information abou... by einars Engager in Splunk Search 12-19-2021 0 2	0	2
How to find several terms in all _raw ? Hi,I want to find specific strings in all event in order to classify them into two values, like "if there is "A" or "... by mah Builder in Splunk Search 12-19-2021 0 1	0	1
How can I find delta between events using transaction command? I could retrieve the list of the transactions as a single event below. Transactions start with "Dashboard Load:" and... by limalbert Path Finder in Splunk Search 12-18-2021 0 3	0	3
Need help in creating alert when new QID is published from qualys I would like to create an alert when new QID from qualys is published. For that I'm using FIRST_FOUND_DATETIME field... by martin61 Engager in Splunk Search 12-17-2021 0 1	0	1
Failed Login Query Hello,I am trying to write a query that will display failed logins (Account_Name, Host, Count).First Queryindex=winev... by Mmilaham Loves-to-Learn in Splunk Search 12-17-2021 0 3	0	3
Scatter plot with text values and colour I'm trying to plot the following as a scatter chart:The y-axis should be the namespace. Namespace is a small set of s... by alex_collins_in New Member in Splunk Search 12-17-2021 0 1	0	1
Sum column a x times with different columns in a single query e.ghow to get sum of below in single querysum(val_2) by applicationsum(val_2) by val_1Query Result(single query)colum... by rajg369 Explorer in Splunk Search 12-17-2021 0 3	0	3
using 2 stats queries in one result I have tried multiple ways to do this including join, append but in each case all I get is one column result being di... by jdepp Path Finder in Splunk Search 12-17-2021 2 6	2	6
How to calculate time for a given day of week? How to perform calculations on a given day of week? Specifically, I want to compare a given time value, say given_da... by yuanliu SplunkTrust in Splunk Search 12-17-2021 0 5	0	5