Splunk Search

Community Activity

Remove all events of a client based on one or more values of field Hi thereIm trying to filter my search results based on numerical top values of a field.For example. I have 5k events ... by rel82wi Engager in Splunk Search 11-10-2021 0 4	0	4
Exclude path from URL in Search Results HiI want to exclude the path from search results, i.e.:www.testsite.comwww.testsite.com/path1www.testsite.com/path2ww... by spfingst87 Loves-to-Learn in Splunk Search 11-10-2021 0 4	0	4
How to extract the substring from a string I want to extract the substring: "xenmobile" from string: "update task to xenmobile-2021-11-08-19-created completed!... by febbi Explorer in Splunk Search 11-10-2021 0 2	0	2
Use Lookup Table To Identify Hosts That Have/Have Not Logged So I'm trying to do something that may or may not be possible. I want to first create a lookup table that maps IP a... by typicallywrecke Engager in Splunk Search 11-10-2021 0 4	0	4
Compare 2 fields from different Index I am trying to look for accounts which are not active anywhere in network.(index=network user=*) OR (index=okta SamAc... by rnikam1412 Loves-to-Learn Everything in Splunk Search 11-09-2021 0 2	0	2
Extract fields from a list How to extract values from below log file using rex?Log:{Attribute(name=xyz, values={'1'}), Attribute(name=attempts, ... by shashank111v Explorer in Splunk Search 11-09-2021 0 3	0	3
Getting a list of unique IDs from a large data set efficiently We have a relatively small set of devices that emit daily in the vicinity of a million events each. Each device has ... by pm771 Communicator in Splunk Search 11-09-2021 0 6	0	6
For loop within Lookup Table Hello! I have a lookup table that looks like the following: hosttimestamphost110:33host24:24 What I would like to do ... by dlawler1 New Member in Splunk Search 11-09-2021 0 4	0	4
How to filter the lookup output with the Where clause Does the Lookup cmd allow for Where clause to filter the output of Lookup? Or do I need to have an extra sub search w... by kalibaba2021 Path Finder in Splunk Search 11-09-2021 0 2	0	2
find time gaps Hi i have log like this, need to find where unusuall time gap between "Packet Processed" and "Send Packet" that exist... by indeed_2000 Motivator in Splunk Search 11-09-2021 0 4	0	4
Why cant i supply a field as value for mvfilter? I'm trying to exclude a value from a multivalue list, but it only works when I input the string as a value, not as a ... by christoffertoft Communicator in Splunk Search 11-09-2021 0 7	0	7
[search] Total Login Failures along with Failures per user Hi All,Can someone help to build a search to check for Total_login_Failures > 10 (per 24H) OR Number of Failures pe... by neerajs_81 Builder in Splunk Search 11-09-2021 0 4	0	4
Long running searches On all SearchHead cluster members with ver 8.0.2, every day we are observing that CPU utilization grows. After rough... by sylim_splunk Splunk Employee in Splunk Search 11-09-2021 1 2	1	2
Transforming Commands I'm having issue with a search of mine. I've been trying to organize the matrix so that it will be ready for my pivot... by jbuddy24 Explorer in Splunk Search 11-08-2021 0 1	0	1
Is there a way to monitor servers through Splunk? Hey everyone, I just had a small search, is there any way to monitor servers using Splunk and get data on their avai... by rahul1502133 Explorer in Splunk Search 11-08-2021 0 8	0	8
help on base search event limit hiI use a basic base search like this <search id="test"> <query>index=toto sourcetype=tutu \| fields sam web_hits</qu... by jip31 Motivator in Splunk Search 11-08-2021 0 11	0	11
How to get the latest date from a lookup Hello All, Anyone know how I can get the latest date from a lookup file? I am using the script below:\| inputlookup a... by Mary666 Communicator in Splunk Search 11-08-2021 0 2	0	2
how to format the output of a splunk query ? Hi, I have a splunk query which results the two outputs (using table) such as "JOB_NAME" and "JOB_ID". For example... by rajs115 Path Finder in Splunk Search 11-08-2021 0 10	0	10
How to remove a specific part of a string My event returns the following:1@test.com/test/2_0" xmlns:d4p1="http://www.w3.org/1999/xlink"> <eb:Description xml:la... by siouxsiesioux Engager in Splunk Search 11-08-2021 0 2	0	2
REST command is not including all columns from CSV Hello Splunk Community I have managed to use REST to add some columns from my CSV files. However, not all the columns... by Mary666 Communicator in Splunk Search 11-08-2021 0 1	0	1
Adding a field for the amount of minutes the failure rate is above a certain threshold Hi, I have the bellow search which works out the successes, failures, success_rate, failure_rate and total however I ... by joe06031990 Communicator in Splunk Search 11-08-2021 0 0	0	0
Joining 2 Multivalue fields to generate new field value combinations I'm working with some json data that contains 1 field with a list of keys and 1 field with a list of values. These p... by ltrand Contributor in Splunk Search 11-08-2021 0 4	0	4
Find values contained on another filed not exact match Hello All, This may seem easy, but its been quite tedious. How can I create one field that has common values from two... by Mary666 Communicator in Splunk Search 11-08-2021 0 4	0	4
Adding a field for the amount of minutes the failure rate is above a certain threshold Hi, I have the bellow search which works out the successes, failures, success_rate, failure_rate and total however I ... by joe06031990 Communicator in Splunk Search 11-08-2021 0 0	0	0
How to set color to result if output is less than equal to current date I wan to set color for output of column if it's date matches current or two days before current date. by himanshuqb Loves-to-Learn in Splunk Search 11-08-2021 0 5	0	5