Splunk Search

Community Activity

	Extracting a number a my query not working Hi i have a log like this Elapsed time: prediction timer 0.1953 seconds and i created a rex like this rex "Elapsed\... by ramkrishs New Member in Splunk Search 11-14-2021 0 1	0	1
	How to retrieve specific timestamps for specific values ? Hello everyone,I am currently developing a use case in which I have the below info:UsernameUser StatusUser CodeTime o... by malice Observer in Splunk Search 11-14-2021 0 2	0	2
	Any suggestion for my Legend behavior? what can I do? Hi Folks,I have a bar chart where I have more then one bars and legends for a single day, If I click on a single bar ... by sanjum01 Explorer in Splunk Search 11-14-2021 0 1	0	1
	unusual activity HiI have an issue that Splunk might be help to solve it.Here is scenario:Need to find unusual send and receive patter... by indeed_2000 Motivator in Splunk Search 11-13-2021 0 8	0	8
	splunk integration on ocp Hello Team,I am new to splunk and we have integrated splunk with OCP logs.I am able to see the logs but not sure how ... by Roshni Engager in Splunk Search 11-13-2021 0 1	0	1
	Matching event results to a lookup field with a wildcard. Hello! I'm trying to build out a lookup of services on specific servers that I want to know when they've stopped. But... by joeybagofdonuts Explorer in Splunk Search 11-12-2021 0 3	0	3
	suggestions for multiselect value when user starts entering text in Multiselect box Hi All, I want help in multiselect input type.when user starts typing value in multiselect input the suggestions shou... by ND Path Finder in Splunk Search 11-12-2021 0 3	0	3
	Searching back in time to determine newness (or not) of a value in a given field Given a field containing a "userId", I want a count per day of unique userIds by "new" vs "returning". E.g. Ends up w... by JohnR Engager in Splunk Search 11-12-2021 0 1	0	1
	Relation of physical cores to vcores in a Splunk deployment I was wondering what, i.e., the following means : 24 physical cores or 48 vcores . does that mean for a virtual envir... by avoelk Communicator in Splunk Search 11-12-2021 0 3	0	3
	Count per host I'm trying to rename the IP's of our servers to splunknodeshost_ip host_nameip-111-11-1-11Searchheadip-111-11-1-12Sea... by EH Explorer in Splunk Search 11-12-2021 0 1	0	1
	Where condition not working for a multiple value field Hello All, I have a search that uses stats command and displays the results as follows. Note: I have stripped out ... by neerajs_81 Builder in Splunk Search 11-12-2021 0 4	0	4
	How to determine that a field value is "new" on a given day I have a search that displays unique users per day (based on a "user id" field). I also would like another search tha... by JohnR Engager in Splunk Search 11-12-2021 0 4	0	4
	Timeline visualization using attributes of an single event In order to visual a data table with 4 columns: time, resource1, resource2, duration. I know who to do this with dat... by Hung_Nguyen Path Finder in Splunk Search 11-12-2021 0 1	0	1
	All events except one to Null I am getting millions of events/day that I need to send to the null queue. I need to match all events with the except... by jordanperks Path Finder in Splunk Search 11-11-2021 0 5	0	5
	I have a two VIP(DNS) names, and I would like to know the number of hits to it. I have a two VIP names, and I would like to know the number of hits to it. I am new to splunk, and not sure on how to... by spyeduru06 New Member in Splunk Search 11-11-2021 0 0	0	0
	How to query Server Stats Good afternooni'm wondering if I may be able to get a bit of help with this one as I'm struggling on trying to achiev... by gherkin Explorer in Splunk Search 11-11-2021 0 9	0	9
	Logic for looped if greater than statement Hey There, Below I have a field in where ABC > 2500 cuz the value is actually 2800. So then If ABC>than 2500 add 1 da... by MeMilo09 Path Finder in Splunk Search 11-11-2021 0 2	0	2
	Splunk : Spath searching the JSON array I have below two JSON events where under "appliedConditionalAccessPolicies", in one event policy1 has results =failur... by ashishmgupta Explorer in Splunk Search 11-11-2021 0 0	0	0
	getting rows from a table in a panel into another panel how to include specific rows from a table in a panel into another panel in the same dashboard? by lostcauz3 Path Finder in Splunk Search 11-11-2021 0 4	0	4
	return match of mv field from a csv lookup I have an index with a mv field (parts) that I want to match a value in that field with a csv file, but only return t... by richtate Path Finder in Splunk Search 11-11-2021 0 12	0	12
	splunk uba Team Can you please provide me documentation link to learn Splunk UBA platform and related links for monitoring, deve... by sasankganta Path Finder in Splunk Search 11-11-2021 0 1	0	1
	Problems using where command to compare times and filter results I'm having trouble with using the where command to compare times. The search that I'm running is this: index=jamf s... by rjashton Engager in Splunk Search 11-11-2021 0 2	0	2
	Search Scheduler Searches Skipped Hello,I am seeing the below warning on our SH after splunk cloud performed a restart at the backend when i uninstalle... by Roy_9 Motivator in Splunk Search 11-11-2021 0 8	0	8
	How to send an alert when search count is 0 Hi, I am looking for a solution to check the splunk query results . if it returns '0' events i need to trigger an a... by rajs115 Path Finder in Splunk Search 11-11-2021 0 6	0	6
	Getting inconsistent extraction Hello all, I am trying to extract the below highlighted fields, but the extractions at time is failing to get the req... by srinivas_gowda Path Finder in Splunk Search 11-11-2021 0 3	0	3