Splunk Search

Community Activity

Splunk search with multiple macros Hi all,I have a question about macros: suppose I must use, inside a search, multiple macros. Those macros can be rela... by SIEMStudent Path Finder in Splunk Search 11-18-2021 0 6	0	6
are we able to pick up everything between an open [{ and a close }] there is raw data : [{}] parameters="[{"Name":"request","Type":"WithdrawalRequestedRequest","Value":{"BrandName":"Bu... by Kisame27 Explorer in Splunk Search 11-18-2021 0 3	0	3
Adding action button to statistics table in dashboard Hello Splunkers, I'm working on Splunk dashboard and I got one problem. but I don't know it is problem or advice xD. ... by saruul New Member in Splunk Search 11-18-2021 0 0	0	0
Trying to extract field in log file, can you please help with regex and field extraction. Caused by: java.sql.SQLException: Io exception: Socket closedi want to extract "java.sql.SQLException" Can you please... by PavanSeerapu Explorer in Splunk Search 11-18-2021 0 3	0	3
Search query I want to be able to perform a search across a list of internal IPs making http/https GET and POST requests to extern... by x3ncrypt Loves-to-Learn Everything in Splunk Search 11-17-2021 0 1	0	1
How to use the result of top command to a stats command? Hi.I have a search as belowindex=myindex sourcetype=mytype field1=* field2=* \|stats count(eval(condition1)) as count1... by innoce Path Finder in Splunk Search 11-17-2021 0 3	0	3
How to generate dummy splunk events/results to test Automatic Field Extraction Hi, I am modifying my logging in my application (Java spring boot) to include: key/value pair list and a JSON string ... by anonymous_hippo Explorer in Splunk Search 11-17-2021 0 0	0	0
dispatch.evaluate.dbxquery spent a lot of time I was using splunk db connect app 3.6.0, at the beginning when I installed it , it running ok dbxquery is also very f... by k_security New Member in Splunk Search 11-17-2021 0 0	0	0
splunk alert for latency in server response Hi ,I am using splunk in monitoring of http status code responses from a server and I want to be alerted when the req... by zizo893 New Member in Splunk Search 11-17-2021 0 1	0	1
Why does Splunk Web sometimes not show the event data for a search unless I restart? Splunk Web doesn't show the events at times. If I restart and log in, it will show the events, but after some time, e... by boopaljothi Explorer in Splunk Search 11-17-2021 1 24	1	24
Color a word in a field/Splunk Result I have a Splunk query: index=my_index cf_app_name=$app_name$ msg!="Hikari" $log_type$ \| sort -_time \| table msg It ... by kirti_gupta12 Path Finder in Splunk Search 11-17-2021 0 1	0	1
How to use NOT match condition in Case statement for Multi valued field \|eval SNOW_Description=case(EMGC_ADMINSERVER_Status!="k1","Java Process EMGC_ADMINSERVER data not available in splunk... by manjunath_0208 Loves-to-Learn Everything in Splunk Search 11-17-2021 0 3	0	3
Convert confusion matrix to tabular form Hi,I am trying to convert the result of applying the CorrelationMatrix algorithm which is given in a confusion matrix... by dalmaua Explorer in Splunk Search 11-17-2021 0 2	0	2
SEDCMD to remove spaces in csv header fields what's the best way to set a sedcmd in props to remove spaces and add a " _ " in just the a cvs header line? for exam... by sbattista Explorer in Splunk Search 11-17-2021 0 2	0	2
Issue with Time Conversion in JSON String Hey ,I'm trying to get the time difference between when an event was received and a string representation of the tim... by leftrightleft Explorer in Splunk Search 11-17-2021 0 2	0	2
Convert single row with list of ids to a table and join it with another table I have this query: my search \| rex field=line ".*customerId\":(?<customer_id>[0-9]+)" \| dedup customer_id \| table ... by elad Engager in Splunk Search 11-17-2021 0 8	0	8
Table and Percentage Calculation from Multiple Searches Here is my query - I'm doing two searches that are independent of each other. In both searches, I'm restricting the t... by splunkbn00bie Engager in Splunk Search 11-17-2021 0 2	0	2
Timechart with eventtype Hello, I am trying to timechart two event types ONLY: heartbeat and start. However, every event in our Splunk is also... by noman377 Explorer in Splunk Search 11-17-2021 0 5	0	5
File monitor Hello,We have a problem with the monitoring of a simple file with five fields.The problem is on the date field that S... by thierryazandegb Observer in Splunk Search 11-17-2021 0 2	0	2
Extraction failing on certain events Hello all, I have been facing problem with the below extraction where the extraction is working on a few events and n... by srinivas_gowda Path Finder in Splunk Search 11-17-2021 0 1	0	1
Dynamic time range in Splunk query HiI write the Splunk query below to monitor server logindex="abc" sourcetype="abc" login "response.status"=200 source... by lamnguyentt1 Explorer in Splunk Search 11-17-2021 0 1	0	1
Splunk rex help I need help for extracting the below fields. can someone help..reference = 205, \"sample\":12345678, \"logic\":\"AB00... by jabez2092 Loves-to-Learn in Splunk Search 11-17-2021 0 3	0	3
Date and Time format for not an epoch format Hello all, I have been getting the data and time format in the below way. How do I convert it to the given readable f... by srinivas_gowda Path Finder in Splunk Search 11-17-2021 0 1	0	1
How to override the 20 line limit for the table view of embedded reports? Hi, It looks like a table view of an embedded report is limited to the first 20 results. I couldn't find any place w... by grundsch Communicator in Splunk Search 11-16-2021 7 8	7	8
How to add a lapsed time to a field's timestamp Howdy,Been researching on how to give time for the next sequential event to occur, but have not found a way. Lets say... by MeMilo09 Path Finder in Splunk Search 11-16-2021 0 2	0	2