Splunk Search

Community Activity

Selective display of values after transpose This is similar to a question I asked earlier today that was quickly answered, however I'm not sure if I can apply th... by kenbaugher Path Finder in Splunk Search 11-08-2024 0 5	0	5
Splunk doesn't display extra spaces Hello,Splunk doesn't display extra spaces on variables that I assigned. Please see below exampleI used Google Chrome ... by LearningGuy Motivator in Splunk Search 11-08-2024 0 11	0	11
Is there any way to simplify this query If I execute the below query for selected time like 20 hours its taking longer time and calling events are 2,72,00... by apusuluri Loves-to-Learn Everything in Splunk Search 11-08-2024 0 8	0	8
New Line isn't considered/shown in the table Splunk Dashboard Studio In the Splunk app, the exception message column has multiple line message in it. However, when same query is applied ... by vinodkumarK Explorer in Splunk Search 11-08-2024 1 3	1	3
Can we clone the HF to another one? I would like to seek advice from experienced professionals. I want to add another heavy forwarder to my environment a... by Vnarunart Explorer in Splunk Search 11-08-2024 0 5	0	5
DBConnect dobbel quotes in key value pair HelloI have a DBConnect query that gets data from a database and then send it to a Splunk index. Below are the query ... by lyngstad Loves-to-Learn Lots in Splunk Search 11-07-2024 0 4	0	4
Search an index for two fields and join data Good day,I am trying to figure out how I can join two searches to see if there is a service now ticket open for someo... by JandrevdM Path Finder in Splunk Search 11-07-2024 0 1	0	1
Cannot get count by case statement I am trying to simply break down a url to extract the region and chart the use of specific urls over time. but i just... by tjsnow Explorer in Splunk Search 11-07-2024 0 2	0	2
How can I identify real time searches? We suspect that some of our users run real time searches. How can I produce a report which shows real time search act... by ddrillic Ultra Champion in Splunk Search 11-07-2024 0 7	0	7
Selective display of values where column names are field values After looking at some examples online, I was able to come up with the below query, which can display one or more colu... by kenbaugher Path Finder in Splunk Search 11-07-2024 0 2	0	2
openshift_events sourcetype suddenly missing in Splunk Splunk Enterprise Version: 9.2.0.1OpenShift Version: 4.14.30 We used to have Openshift Event logs coming in under sou... by ppolendey New Member in Splunk Search 11-07-2024 0 1	0	1
How to design query to compare values Can you please help me to build eval queryCondition-1ABC=MatchXYZ=Matchthen output of ABC compare to XYZ is MatchCond... by cbiraris Path Finder in Splunk Search 11-07-2024 0 2	0	2
Using a single variable as a value to multiple fields in SPL I have a working dashboard where a token is used as a variable. But now I am trying to use the same concept when maki... by NatSec Explorer in Splunk Search 11-07-2024 0 5	0	5
Join two indexes on time where time is different by 2 sec Hello, I am trying to join two indexes to display data from our local printers. I have an index getting data from ou... by ramuzzini Path Finder in Splunk Search 11-06-2024 0 8	0	8
Trouble with time in join I have an index with events containing a src_ip but not a username for the event. I have another index of VPN auth ... by jdmeek Explorer in Splunk Search 11-06-2024 0 2	0	2
Eventcount retrieving different numbers of events from tstats First of all, English isn't my native language, so I apologize in advance for any error I could write in this support... by Noctisae Engager in Splunk Search 11-06-2024 0 8	0	8
Query Logs with the latest time I have this queryis not mapped to ink name\| rex "(?<time>\d{4}-\d{2}-\d{2}\s\d{2}:\d{2}:\d{2}).*Ink Type '(?<ink_type... by mursidehsani Explorer in Splunk Search 11-05-2024 0 3	0	3
how to search for admins who make changes to their own accounts? I am trying to make a search that will fire only when an admin makes a change to their own account.I want to know if ... by ajmach343 Explorer in Splunk Search 11-05-2024 0 3	0	3
How to group data to send email alerts Hi,I have a huge set of data with different emails in it , I want to setup email alerts for few parameters.But the is... by Dayalss Engager in Splunk Search 11-05-2024 0 3	0	3
Finding the length of multivalue/singlevalue field Hello There, I would like to pass two diffrent values as a token, the search consists of code as a token, where co... by smanojkumar Contributor in Splunk Search 11-05-2024 0 5	0	5
How to Capture Both Matched and Unmatched Events After a Lookup Filter I'm working with a query where I'm using a lookup to enrich events based on the work_queue field and then filtering t... by krishna1 Explorer in Splunk Search 11-04-2024 0 1	0	1
Show only null result How can I make it show me only what appears as null in the Call.CallForwardInfo.OriginalCalledAddr field? Right now I... by Miguel3393 Path Finder in Splunk Search 11-04-2024 0 4	0	4
How to display a value of zero in a chart for negative values returned in a search? Hi Everyone, Need some help on how to display the output value as zero in a chart when a negative result is returned... by tohalan New Member in Splunk Search 11-04-2024 0 2	0	2
Return one value from field-B when counting field-A I have data similar to:Field-A Field-BA1 B1A1 B2A1 B3A2 B4A3 B5A2 ... by sta_splunk Engager in Splunk Search 11-04-2024 0 3	0	3
Search an index for two fields with a join Good day,I am trying to figure out how I can join two searches to see if there is a service now ticket open for someo... by JandrevdM Path Finder in Splunk Search 11-04-2024 0 4	0	4