Splunk Search

Community Activity

Find all possible combinations with two different data sets Using the below sample search I'm trying to get every possible combination of results between two different sets of d... by inmanr Engager in Splunk Search 12-02-2024 0 1	0	1
How to pass a field value to a "Link to search" SPL query from a Dashboard table? Hello,I need help on passing a field value from a Dashboard table into a "Link to search" drilldown but can't figure ... by tdavison76 Path Finder in Splunk Search 12-02-2024 0 9	0	9
LDAPSearch lastLogon doesn't return value I recently migrated from v8 to v9 for Splunk and I am having issues with ldapsearch not returning data that it had pr... by Newb_KB Loves-to-Learn in Splunk Search 12-02-2024 0 5	0	5
Documentation for _introspection Index So I want to build a dashboard with _introspection index , some of the metrics I am looking for are THP (enabled/disa... by PotatoDataUser Explorer in Splunk Search 12-02-2024 0 2	0	2
Need help on regexing a field to only show everything after a character Hello everyone,I am terrible at regex, I am trying to regex a field called "alert.message" to create another field w... by tdavison76 Path Finder in Splunk Search 12-02-2024 0 4	0	4
How to line break raw events Hi, I have a log file on the server which I ingested in splunk through input app where I defined the index , sourcety... by Sailesh6891 Engager in Splunk Search 12-02-2024 0 3	0	3
How to filter events using text box values? How to filter events in the dashboard with help of search box.In the search box i have to give multiple strings like ... by karthi2809 Builder in Splunk Search 12-01-2024 0 7	0	7
Splunk bar chart how can i display percentage and total count index=test pod=poddy1 "severity"="INFO" "message"="IamExample" \| rex field=message "IamExample(?<total>)." \| ... by Cheng2Ready Communicator in Splunk Search 11-29-2024 0 1	0	1
unable to get all event data to newly created index Hi Team,I can see events related to all hosts in internal index but the only few hosts data is available in newly cre... by Jyo_Reel Engager in Splunk Search 11-29-2024 0 2	0	2
How to change color of a Panel based on String? Hi All,I am running a dashboard which returns the total count(stats count) of field mentioning Severity=ok or Severit... by devsru Explorer in Splunk Search 11-28-2024 0 32	0	32
How can i use Global Time Picker in my search I have dataset which have field INSERT_DATE now i want to perform search based the date which is match with Global T... by gauravkumar85 Path Finder in Splunk Search 11-28-2024 0 5	0	5
What is the difference between lastTime and recentTime in a metadata search? What is the difference between lastTime and recentTime in a metadata search? by sfmandmdev Path Finder in Splunk Search 11-28-2024 2 4	2	4
SPL Query Error I am trying to write an spl query to detect an event of a single source IP address or a user fails multiple time to ... by adoumbia Engager in Splunk Search 11-27-2024 0 4	0	4
Split string into fields fieldA:1:10 fieldB:1:3 fieldC:1:2fieldA:1:10 fieldC:1:2fieldA:1:10 fieldC:1:2fieldC:1:1 I want to end up with a field... by darkins Engager in Splunk Search 11-27-2024 0 5	0	5
Splunk lookup I have a 3 node search head cluster and distributed indexers we are getting below error when running any type of sear... by santhipriya Engager in Splunk Search 11-27-2024 0 4	0	4
Splunk search csv number I have a csv file like this that contain more than 100 numbers 111111112222222233333333 I want to search for events t... by Crotyo Observer in Splunk Search 11-26-2024 0 9	0	9
How can I search for a missing field? Let's say I have events A and B: A -- Feb 1 2010 10:10:00 field1=foo field2=bar B -- Feb 1 2010 10:10:01 field1=foo ... by hulahoop Splunk Employee in Splunk Search 11-26-2024 3 15	3	15
Top with optional field results When I search I want to show the top results by a specific field "field1" and also show "field2" and "field3". Proble... by thrtnastrx Observer in Splunk Search 11-25-2024 0 3	0	3
Inconsistent Key-Value Pair Searching in Splunk (Some Events Only Found with Wildcards) Hey Splunk team, I’m facing an issue where Splunk fails to search for certain key-value pairs in some events unless I... by Aithnave Engager in Splunk Search 11-25-2024 0 3	0	3
Summary results for a "per item" query Hello, I have the following query to search Proofpoint logs. index=ppoint_prod host=host1 \| eval time=strftime(_ti... by SplunkUser001 Explorer in Splunk Search 11-25-2024 0 11	0	11
Only show slots of a timechart that have more than x results We search thru the logs of switches and there are some logs that are unconcerning if you just have a couple of them l... by mariojost Engager in Splunk Search 11-25-2024 0 6	0	6
rex help probably an easy one, i have two events as follows thisisfield1 thisisfield2 mynextfield3thisisfield1 mynextfield3mea... by darkins Engager in Splunk Search 11-25-2024 0 7	0	7
How can I determine which fields will work with tstats? I understand that tstats will only work with indexed fields, not extracted fields. How can I determine which fields ... by campbellwarren Engager in Splunk Search 11-24-2024 0 5	0	5
Field Extraction Need help to extract a field that comes after a certain word in a event. I am looking to extract a field called "sn_g... by scout29 Path Finder in Splunk Search 11-22-2024 0 3	0	3
Finding changes in a field We are trying to watch the NIC statistics for our OS interfaces. We are gathering data from a simple ifconfig eth0 \|... by Brad Explorer in Splunk Search 11-22-2024 0 6	0	6