Splunk Search

Community Activity

Compare 2 fields from different Index I am trying to look for accounts which are not active anywhere in network.(index=network user=*) OR (index=okta SamAc... by rnikam1412 Loves-to-Learn Everything in Splunk Search 11-09-2021 0 2	0	2
Extract fields from a list How to extract values from below log file using rex?Log:{Attribute(name=xyz, values={'1'}), Attribute(name=attempts, ... by shashank111v Explorer in Splunk Search 11-09-2021 0 3	0	3
Getting a list of unique IDs from a large data set efficiently We have a relatively small set of devices that emit daily in the vicinity of a million events each. Each device has ... by pm771 Communicator in Splunk Search 11-09-2021 0 6	0	6
For loop within Lookup Table Hello! I have a lookup table that looks like the following: hosttimestamphost110:33host24:24 What I would like to do ... by dlawler1 New Member in Splunk Search 11-09-2021 0 4	0	4
How to filter the lookup output with the Where clause Does the Lookup cmd allow for Where clause to filter the output of Lookup? Or do I need to have an extra sub search w... by kalibaba2021 Path Finder in Splunk Search 11-09-2021 0 2	0	2
find time gaps Hi i have log like this, need to find where unusuall time gap between "Packet Processed" and "Send Packet" that exist... by indeed_2000 Motivator in Splunk Search 11-09-2021 0 4	0	4
Why cant i supply a field as value for mvfilter? I'm trying to exclude a value from a multivalue list, but it only works when I input the string as a value, not as a ... by christoffertoft Communicator in Splunk Search 11-09-2021 0 7	0	7
[search] Total Login Failures along with Failures per user Hi All,Can someone help to build a search to check for Total_login_Failures > 10 (per 24H) OR Number of Failures pe... by neerajs_81 Builder in Splunk Search 11-09-2021 0 4	0	4
Long running searches On all SearchHead cluster members with ver 8.0.2, every day we are observing that CPU utilization grows. After rough... by sylim_splunk Splunk Employee in Splunk Search 11-09-2021 1 2	1	2
Transforming Commands I'm having issue with a search of mine. I've been trying to organize the matrix so that it will be ready for my pivot... by jbuddy24 Explorer in Splunk Search 11-08-2021 0 1	0	1
Is there a way to monitor servers through Splunk? Hey everyone, I just had a small search, is there any way to monitor servers using Splunk and get data on their avai... by rahul1502133 Explorer in Splunk Search 11-08-2021 0 8	0	8
help on base search event limit hiI use a basic base search like this <search id="test"> <query>index=toto sourcetype=tutu \| fields sam web_hits</qu... by jip31 Motivator in Splunk Search 11-08-2021 0 11	0	11
How to get the latest date from a lookup Hello All, Anyone know how I can get the latest date from a lookup file? I am using the script below:\| inputlookup a... by Mary666 Communicator in Splunk Search 11-08-2021 0 2	0	2
how to format the output of a splunk query ? Hi, I have a splunk query which results the two outputs (using table) such as "JOB_NAME" and "JOB_ID". For example... by rajs115 Path Finder in Splunk Search 11-08-2021 0 10	0	10
How to remove a specific part of a string My event returns the following:1@test.com/test/2_0" xmlns:d4p1="http://www.w3.org/1999/xlink"> <eb:Description xml:la... by siouxsiesioux Engager in Splunk Search 11-08-2021 0 2	0	2
REST command is not including all columns from CSV Hello Splunk Community I have managed to use REST to add some columns from my CSV files. However, not all the columns... by Mary666 Communicator in Splunk Search 11-08-2021 0 1	0	1
Adding a field for the amount of minutes the failure rate is above a certain threshold Hi, I have the bellow search which works out the successes, failures, success_rate, failure_rate and total however I ... by joe06031990 Communicator in Splunk Search 11-08-2021 0 0	0	0
Joining 2 Multivalue fields to generate new field value combinations I'm working with some json data that contains 1 field with a list of keys and 1 field with a list of values. These p... by ltrand Contributor in Splunk Search 11-08-2021 0 4	0	4
Find values contained on another filed not exact match Hello All, This may seem easy, but its been quite tedious. How can I create one field that has common values from two... by Mary666 Communicator in Splunk Search 11-08-2021 0 4	0	4
Adding a field for the amount of minutes the failure rate is above a certain threshold Hi, I have the bellow search which works out the successes, failures, success_rate, failure_rate and total however I ... by joe06031990 Communicator in Splunk Search 11-08-2021 0 0	0	0
How to set color to result if output is less than equal to current date I wan to set color for output of column if it's date matches current or two days before current date. by himanshuqb Loves-to-Learn in Splunk Search 11-08-2021 0 5	0	5
multiple case statement not working Im working with JSON data and the structure is as per the below data: { [-] application: { [+] } compl... by samneo Path Finder in Splunk Search 11-08-2021 0 3	0	3
Why chart dc(ids) over _time by events is not working after updating plugins such as "/app/3117" and "/app/3137"?? Actually I created several dashboards in splunk using chart command to look at aggregation w.r.t multiple fields and ... by sunilkumar_v New Member in Splunk Search 11-08-2021 0 0	0	0
Searching for active, inactive users. Hey.Im trying to create a search that lists users that have for example more than 90 days between the last 2 logons.I... by michaelnorup Communicator in Splunk Search 11-08-2021 0 14	0	14
Index Earliest and Latest events Hi, I currently have this search that gets the earliest and latest timestamp of index. But since I am running this se... by mrccasi Explorer in Splunk Search 11-08-2021 0 2	0	2