Splunk Search

Community Activity

Trellis Search Splunk's VisualizationTrellis documentation page shows example searches for things like count by sourcetype, and late... by JanetLong Engager in Splunk Search 11-30-2021 0 2	0	2
Change time field to show 'x' minutes ago? Hello Splunk Community, I have a stats table I have created and I want to change the time field ("%Y-%m-%d %H:%M:%S")... by zoebanning Path Finder in Splunk Search 11-30-2021 0 3	0	3
Why does my set union command result in two datasets and not just one? \| set union [ search index=my_index \| eval nums="1,2,3,4,5" \| fields - _* \| makemv delim="," nums \| stats values(nums... by onelasttime Engager in Splunk Search 11-30-2021 0 0	0	0
Append string to end of log file if regex match is true Im trying to get a way to have SED (via search) append a string to the raw log in the results window if a condition ... by jazzijeff New Member in Splunk Search 11-30-2021 0 2	0	2
How do you list top items for each group? I want to list the top 3 elements for each group. How would you do this? Examples Name score Jon 100 Jon ... by peterlandis Explorer in Splunk Search 11-30-2021 0 11	0	11
Filter Events that show value x and y by one that have matching z I am searching a source that has events that have FieldA and FieldB.I need to find which events that have specific Fi... by cn250039 Loves-to-Learn Lots in Splunk Search 11-30-2021 0 10	0	10
Rex field list of strings How do I extract all values from a json file containing a list with multiple strings with rex?The content of the fiel... by tjdevries Loves-to-Learn Lots in Splunk Search 11-30-2021 0 5	0	5
Comparing version number for multiple hosts in index I have an index that ingests scan files and assigns a sourcetype based on the folder location. There are several scan... by pl2345 Path Finder in Splunk Search 11-30-2021 0 2	0	2
Merging with similar strings without eval Hi All, I would like to combine similar strings (with different field values) in my data. The data I have now: Error ... by chiilii Explorer in Splunk Search 11-30-2021 0 6	0	6
Remove $ (dollar) characters in field results Morning, everyone,Thank you in advance for your help.I would like to remove a part of a character from my results.My ... by numeroinconnu12 Path Finder in Splunk Search 11-30-2021 0 2	0	2
lookup usage in query Hi,I have a requirement like we have a csv file which has the values of functionid and functiondesc, this file was ad... by sahana Engager in Splunk Search 11-30-2021 0 3	0	3
How to get the status wise data Hi,I wrote below query which gives me data per service per min...index=**** \| bucket _time span=1m \| convert ctime(_t... by SG Path Finder in Splunk Search 11-30-2021 0 7	0	7
Extracting a value from log message Hi,I have a requirement like i need to extract a some card value which was present inside the message body of the log... by sahana Engager in Splunk Search 11-29-2021 0 1	0	1
Simply query, failes with field specificity I have what should be a simple problem, but I don't have an answer without burning some brain cellsSimple query examp... by tlmayes Contributor in Splunk Search 11-29-2021 0 2	0	2
Monitor CPU Usage, RAM Usage, Hard Disk Utilization, Load Average, Largest Files and LAN Card Traffic Hi, I'm running Splunk Enterprise v7.0.1 (Indexer) on a separate Linux server with Splunk Forwarders on two more Linu... by hishamjan Explorer in Splunk Search 11-29-2021 0 12	0	12
Compare field with column of lookup table Hi all, I have this need, compare a field with a series of error codes. I would not like to write in the search, any ... by giorgioanastasi Explorer in Splunk Search 11-29-2021 0 4	0	4
Why am I unable to filter COMMAND twice? Hello all,I am trying to setup a search that logs ufw commands, while ignoring any ufw status commands. I have tried ... by jackjack Path Finder in Splunk Search 11-29-2021 0 4	0	4
Get New event and it's count I want to simply get new exceptions that occur within last 30 minutes which did not happened anytime last week on the... by patelbhavin2426 Observer in Splunk Search 11-29-2021 0 1	0	1
Need Help with lookup using variable Hi,I have index data as below and i have kvstores per each account which has additional info. Example Scenario (accou... by _- Observer in Splunk Search 11-29-2021 0 1	0	1
Splunk Regex help Hi, I have the search returning the event Nov 10 23:45:3 8888888 Tra[9100]: { EventName: "Error Occurred", BatchId: 0... by viksvig Loves-to-Learn Lots in Splunk Search 11-29-2021 0 8	0	8
Can streamstats reset_before (or reset_after) be used with a by clause? Hi, I have a search similar to this one: index=* login user=* (result="Success" OR result="Failed") \| reverse \| str... by krdo Communicator in Splunk Search 11-29-2021 1 9	1	9
How do i create a 3-event transaction, starting with event A, ending with event A, but always has event B inbetween? I have 2 types of events that come in the following, random, format:AAAAAAABAAAAAABAAAAAAAAABAABAAAB's never repeat,... by djklitz Engager in Splunk Search 11-29-2021 0 15	0	15
search for a string containing any substring that is typed in the text input Hi all,I have a text input for a table header. My requirement is , by default the table should show all the values an... by anooshac Communicator in Splunk Search 11-29-2021 0 2	0	2
Timechart based on max count of 3 fields I was given a base search to manipulate and create Timechart accordingly.base search\| eval file_line = file.":".line\|... by erica Explorer in Splunk Search 11-29-2021 0 2	0	2
Tracking failed logins followed by successful logins using the transaction command Hello,I am trying to track failed logons followed by a successful one using the transaction command and the following... by My Engager in Splunk Search 11-29-2021 0 2	0	2