Splunk Search

Community Activity

	Subsearch doesn't return anything I'm trying to write a search that will return a table where all average values of the field price grouped by Ids are ... by MidnightRun Explorer in Splunk Search 12-04-2021 0 7	0	7
	Comparing individual values with the past average I have a search query that looks like this: index="myindex" sourcetype="mysource" earliest=@d latest=now \| append [... by MidnightRun Explorer in Splunk Search 12-04-2021 0 1	0	1
	REX parenthesis and end of line Hi! Been struggling a lot with a pretty simple problem but my SPLUNK REX skills are insufficient for the task. I want... by martinhelgegren Explorer in Splunk Search 12-04-2021 0 8	0	8
	Pass the result of one query to another I have the first queryFirst Query : search criteria \| rex field=_raw ".* IPAddress=(?<IPAddress>.+?) " \| table IP... by anjihari Observer in Splunk Search 12-03-2021 0 1	0	1
	Query to show inbound and outboud network traffic Hello everyone,I am trying to create queries to show the max and average values of inbound and outbound network traff... by israbenbr Explorer in Splunk Search 12-03-2021 0 1	0	1
	Reduce the EVAL command SPL could someone who is SPL expert help me reduce this: \|eval dest=replace(dest, "dstdomain\|src\|any-of\|dst\|# ", ""), de... by youngsuh Contributor in Splunk Search 12-03-2021 0 3	0	3
	Group log entries by a start line and end line containing a certain string I have somewhat of an unwieldy log file I'm trying to wrangle. Each log entry is contained between two lines like so:... by mikefisher New Member in Splunk Search 12-03-2021 0 1	0	1
	Joining 2 sourcetypes by property value Hey all,I have 2 source types with the following propertiessource_1idvaluesource_2namedescriptionSo my events might l... by chrisdev Explorer in Splunk Search 12-03-2021 0 2	0	2
	Inline/Uses Transform Field Extraction Hello,How would I implement inline or Uses Transform Field extraction (please see screenshot below) for following eve... by SplunkDash Motivator in Splunk Search 12-03-2021 0 7	0	7
	I defined a field extraction, but why is the field not getting listed under interesting fields on the search results page? Hi, I am facing issues with the use of extracted fields. I intend to create a timechart with the extracted values. I... by SplunkNoviceUse Explorer in Splunk Search 12-03-2021 0 5	0	5
	How can I pair search results from two different queries where only time is different? I have a query where I get "STARTED" and "FINISHED" status events for the same methods.e.g.index IN (private public) ... by plajcsi Engager in Splunk Search 12-03-2021 0 2	0	2
	Syslog search I'm new to splunk, how can I import syslog from my local computer to splunk? - when i search it says it can be done v... by pofudukhamsi Loves-to-Learn in Splunk Search 12-03-2021 0 1	0	1
	How to join two sources with common one common field ? I have sourcetype A that has info about service_accounts such as name, AU, email , full_name, manager_name.But some o... by zacksoft_wf Contributor in Splunk Search 12-03-2021 0 22	0	22
	Can I change the line colors in a timechart by setting color codes? Basically the chart is showing blue & green lines, but user needs more distinguishing color. Like Red & Blue. by cadrija Path Finder in Splunk Search 12-03-2021 0 2	0	2
	How to use inputlookup to search for matches in a .csv file Hello, I have a need to run a search for MAC OUI matches against a .csv file containing 1000+ MAC OUIs? Can anyone pr... by Splunkster21 New Member in Splunk Search 12-03-2021 0 2	0	2
	Extracting fields from Source (Index Time v/s Search Time) Hello,We are including the Pod Namespace and Pod Name in the Log Source (for K8s deployments) and would like these fi... by srikarmohan Observer in Splunk Search 12-03-2021 0 2	0	2
	Field Extraction from complex events Hello,I have some issues extracting fields from the following raw event. I should be getting following fileds from th... by SplunkDash Motivator in Splunk Search 12-02-2021 0 5	0	5
	specific field extraction from _raw event data/message I have event data from the search result in format as shown in the image, now I want to extract the following fields ... by ssamant007 Explorer in Splunk Search 12-02-2021 0 5	0	5
	How to set a standard set for span values I have a dhasboard which should show buckets with number of machines by span of time. Machine A to F is used for 2 mi... by psmp Explorer in Splunk Search 12-02-2021 0 3	0	3
	Parsing results of periodical directory dumps over time into a chart hi there!We have a daly push from Google over to our Splunk instance that provides directory information around total... by daryllj Path Finder in Splunk Search 12-02-2021 0 2	0	2
	Parsing Results with spaces I have this output from a field, with a lot of blank spaces, what would it be the best way to convert this data into... by jaydiare Explorer in Splunk Search 12-02-2021 0 7	0	7
	Monitor CPU, RAM, DISK, INBOUND and OUTBOUND NETWORK TRAFIC of forwarders Hello,I am posting here to know if anyone of you have an idea about the queries i have to search in order to save the... by israbenbr Explorer in Splunk Search 12-02-2021 0 9	0	9
	space in values does not filter data I have data coming in where I have a field called Result which holds data as below1) "FAIL"2) " FAIL "3) "PASS"4) " P... by koreamit3483 Explorer in Splunk Search 12-02-2021 0 3	0	3
	Extraction skipping within the value Hello all, I am trying to extract a field from the below event and the extraction is missing the last part of the fie... by srinivas_gowda Path Finder in Splunk Search 12-02-2021 0 1	0	1
	Filter the results of the main search based on the field values from the subsearch. I have 2 independent queries run on 2 different index that give me a list of requestIds. I want to filter/not includ... by pkakodkar Loves-to-Learn in Splunk Search 12-02-2021 0 3	0	3