Splunk Search

Community Activity

	Splunk indexing 1,000s of events from one host in millisecond, then receives nothing until we restart splunk I have a Splunk deployment which is monitoring a fair number of network devices. One in particular is having an issue... by pSull Engager in Splunk Search 11-22-2021 0 5	0	5
	json parsing HiI have logs in below format, which is mix of delimiter (\|) and json. now I want to extract statuscode and statuscod... by onthakur Explorer in Splunk Search 11-22-2021 0 1	0	1
	Timechart not gives correct values after stats My query ,index=s_New sourcetype IN (Compare,Fire)\| stats values() as values(sourcetype) as sourcetype by sysid _t... by dtccsundar Path Finder in Splunk Search 11-22-2021 0 10	0	10
	Table with count and latest date Hi all,i need to create a table that count for every product how many events are accepted or rejected.In addition to ... by giuces Engager in Splunk Search 11-22-2021 0 3	0	3
	Cross filter two lookups where field contains other field Hello, I'm trying to filter one lookup with the values of an other lookup.This is the situation:Lookup roles.csv cont... by RobHoz Engager in Splunk Search 11-22-2021 0 2	0	2
	How to find items from one index across other index's. We have specific ID's that track how request process through the system. What I want to do search for all these ID's ... by SMM10 Explorer in Splunk Search 11-21-2021 0 2	0	2
	Extract domains from raw data into a new field and create a table with count I have raw data, I would like to search for domains within the data, output it to a field and then run stats to show ... by lilvermi New Member in Splunk Search 11-21-2021 0 1	0	1
	Error in IndexScopedSearch Hi I got this error when I search on specific index.index="myindex"Error in 'IndexScopedSearch': The search failed. M... by indeed_2000 Motivator in Splunk Search 11-20-2021 0 2	0	2
	How to extract one value from log in a query I am trying to extract the name of log output but struggling with how to. I have this query<query>index=dap ("user lo... by mbojorq3 New Member in Splunk Search 11-19-2021 0 1	0	1
	how to merge two sourcetype for coverage dashboard ( one gets count increase and other will have decrease in count ) I am using below query,index=A sourcetype IN (Compare,Fire)\| fillnull value="" \| search Name="SWZWZQ0001" OR Name="... by dtccsundar Path Finder in Splunk Search 11-19-2021 0 2	0	2
	Mismatch ']' in the search of Python Splunk SDK package My python is 3.8.5 and splunk-sdk is 1.6.16. My Splunk developer gives me a URL and I get its search string to retri... by bergen288 Engager in Splunk Search 11-19-2021 0 7	0	7
	Match Common Values from Multiline Fields from Different Indexes Hello, thank you for taking the time to read and consider my question. I'm trying to integrate a .json file which con... by cfloquet Path Finder in Splunk Search 11-19-2021 0 11	0	11
	Extract New Fields Hi there, I'm trying so hard to do a new field in Splunk, but i don't know where i do "wrongs".I would like to extrac... by bogdan_nicolesc Communicator in Splunk Search 11-19-2021 0 5	0	5
	Anomaly detection in Splunk Hi all,I am new to Splunk and have been trying to work on a use case to detect anomalous switches from one type of ac... by axm1295 New Member in Splunk Search 11-19-2021 0 2	0	2
	How to use fillnull in one sourcetype while using IN Hi ,Like below ,Sourcetype =FireName OS Compare_VersionCompare_Agent InstalledsysidABC11 wind... by dtccsundar Path Finder in Splunk Search 11-19-2021 0 4	0	4
	How to find a Name in one sourcetype and not in other sourcetype after outer join i am not able differentiate which sourcetype the Name belongs too after outer join.This is needed becoz when the Name... by dtccsundar Path Finder in Splunk Search 11-19-2021 0 6	0	6
	How to display field values as a percentage? Hi - I have been not having much luck creating what I need.I am looking for the best way to display the percentages o... by Glasses Builder in Splunk Search 11-18-2021 0 1	0	1
	Is it possible to write a query to find same URLs visited by multiple clients in a proxy log? Hi,I am working with my proxy logs and trying to find a way to get same URLs visited by multiple clients. To add clar... by sureshtskumar Explorer in Splunk Search 11-18-2021 0 4	0	4
	Searching for the last 100 events, irrespective of time I am trying to search through transactions and check their response codes so that we can determine a percentage of fa... by JeremyJ123 New Member in Splunk Search 11-18-2021 0 1	0	1
	Identifying stale computers on network I am looking to identify specific assets that have not been logged into in over a set time. I am fairly new to all of... by Durwood Engager in Splunk Search 11-18-2021 0 6	0	6
	Need help with Regex Hello all, kindly help with Regex..I am seeing the below messages in splunkd logs. Though values are actually being e... by bhargavi Path Finder in Splunk Search 11-18-2021 0 5	0	5
	Cannot break AWS Cloudtrail events Hi, The cloudtrail logs in splunk come in without proper event break; I only got it to recognize the first event's ti... by colny Engager in Splunk Search 11-18-2021 0 4	0	4
	mvcount by value Hi,I would like to count the values of a multivalue field by value. For example: \| makeresults \| eval values_type=sp... by rafadvega Path Finder in Splunk Search 11-18-2021 0 1	0	1
	Using - append=t prestats=t and getting the "BY" to work correclty @Kenshiro70 I have just read your most brilliant answer hearhttps://community.splunk.com/t5/Splunk-Search/What-exact... by robertlynch2020 Influencer in Splunk Search 11-18-2021 0 0	0	0
	rex and extracted fields I have a search string that gives me count of txns processed by a job.......\| rex field=_raw "Total txns:(?<TxnsCount... by Mick_OBrien Path Finder in Splunk Search 11-18-2021 0 11	0	11