Splunk Search

Community Activity

Improve Speed of Correlation Search Hello, thank you for taking the time to consider my question. I currently have a working SPL search that retrieves IP... by cfloquet Path Finder in Splunk Search 11-24-2021 0 0	0	0
Is there a way in Splunk to change the timezone or a raw event from UTC to EST or vica versa? I am trying to correlate 2 different logs one is in EST and the is in UTC. The UTC logs, I have tried to specific the... by djreschke Communicator in Splunk Search 11-24-2021 0 10	0	10
Relative time search to find last updated dashboards Hello, Can you tell me please why the below does not work?\| rest splunk_server=local servicesNS/-/-/data/ui/views/\| w... by SplnkUse Path Finder in Splunk Search 11-24-2021 0 1	0	1
What is the best way to get a scheduled saved search creation date? I do not want to run through _audit logs to find when the initial schedule kicked in. Rest call for the list of save... by pradeepkumarg Influencer in Splunk Search 11-24-2021 0 2	0	2
Help with search then loookup Hi,The following is my search:index=pace ERROR OR FATAL OUI=* Number=*\| stats count by OUI Number\| sort -count After ... by luuken New Member in Splunk Search 11-24-2021 0 2	0	2
How can I not index commented lines from my files? How can I avoid having lines that are commented within my files from being indexed by Splunk? Lets say I have a log ... by Rob Splunk Employee in Splunk Search 11-24-2021 1 6	1	6
Error in 'where' command: The operator at '>=2101 and week<=2152' is invalid. Hi I am trying to filter data using week data using 2 dropdowns. Please find info below snippet. the below code throw... by deruvara Explorer in Splunk Search 11-23-2021 0 2	0	2
Missing fields in Splunk that were previously there Hey all,I have the Splunk add on for unix/linux deployed to about ~70 servers. All was working fine (and has been for... by Stefanie Builder in Splunk Search 11-23-2021 0 1	0	1
tune spl command Hi How can I tune this spl command?this spl execute daily, and return something like this:servername send ... by indeed_2000 Motivator in Splunk Search 11-23-2021 0 2	0	2
Help me extract this data and create a table. I have a log sample: \| LRU Config Message from RMQ: {"endpoint":"lru/ config", "data":{"timestamp":1637322539.953,"ve... by ekucevic Loves-to-Learn Everything in Splunk Search 11-23-2021 0 6	0	6
merging data from 2 separate queries All, I have 2 separate queries working from AWS Description data that we collect on a regular basis.The ask from one ... by butsch100 Engager in Splunk Search 11-23-2021 0 1	0	1
Several subsearch with metrics index Hello Community.I am trying to solve a problem and I can't see a solution. Hope you can help me!I am working with a m... by CMartinRuiz Loves-to-Learn Everything in Splunk Search 11-23-2021 0 0	0	0
How to join two with datasets with a common field using appendcol ? I have a lookup \| inputlookup citizen_data , it has fields ID, Name, State.I have another sourcetype \| index=bayseian... by zacksoft_wf Contributor in Splunk Search 11-23-2021 0 3	0	3
regex to fetch a particular field available in different places in different events I have a field( version) which is available in different position in different events of same sourcetype,Since the pr... by dtccsundar Path Finder in Splunk Search 11-23-2021 0 4	0	4
Regular Expression for field extraction Hi everyone,i got two URLs which i want to represent in one regex group. The dest Port (443) will be in a seperate gr... by brennson90 Path Finder in Splunk Search 11-23-2021 0 5	0	5
additional info on timechart HiI need to show id1,id2 on timecharthave table with these columns:index="myindex" \| table duration servername id1 id... by indeed_2000 Motivator in Splunk Search 11-22-2021 0 1	0	1
join query not returning result Hi, I have a query below with a join condition .The issue is if I am hardcoding name value I am getting the result bu... by kajolsharma Path Finder in Splunk Search 11-22-2021 0 6	0	6
How to remove words and characters from a multivalued filed Hello All, How can I remove words and characters from a multivalued field without using REX?I have a filed named OSOS... by MeMilo09 Path Finder in Splunk Search 11-22-2021 0 3	0	3
Last time a forwarder sent a log until now. Hi there,I am new to splunk. I and was wondering how to find the difference in time from the last time a forwarder se... by My Engager in Splunk Search 11-22-2021 0 3	0	3
how can I show bar for small number of count in bar chart? Hi Folks,I am facing the issue where I am not able to see red bar in the below panel. The count is for each hour and ... by sanjum01 Explorer in Splunk Search 11-22-2021 0 1	0	1
Automatically generating multivalue fields in generic Key=Value logs I've got a situation that I thought I understood but clearly don't. I have logs that look like this:2021-11-22 14:00:... by JustinSC Explorer in Splunk Search 11-22-2021 0 3	0	3
Why is _time indicating UTC when the event happened in EST. _time: 2021-11-19T11:34:02.000+0000date_hour: 11date_mday: 19date_wday: friday date_year: 2021date_zone: -300raw log... by djreschke Communicator in Splunk Search 11-22-2021 0 11	0	11
How to get list of values which I am not "eval"? Id=xyzid=ABCid=EDCId=FISindex=* event=*\| eval id = case(id = "xyz" , "one", id = "ABC", "Two")\|eval index=case(index=... by shashank111v Explorer in Splunk Search 11-22-2021 0 1	0	1
Splunk indexing 1,000s of events from one host in millisecond, then receives nothing until we restart splunk I have a Splunk deployment which is monitoring a fair number of network devices. One in particular is having an issue... by pSull Engager in Splunk Search 11-22-2021 0 5	0	5
json parsing HiI have logs in below format, which is mix of delimiter (\|) and json. now I want to extract statuscode and statuscod... by onthakur Explorer in Splunk Search 11-22-2021 0 1	0	1