Splunk Search

Community Activity

	how to exclude the subsearch result from main search hello,Can anyone tell me how to exclude the subsearch result from main search?I want to exclude the result that faile... by ycho1 Explorer in Splunk Search 10-28-2021 0 4	0	4
	Evalaute field from different areas Hi, I would like to determine a field from different areas of a log. eg see below for my expectations. Note: You can ... by vgodavarty0116 Engager in Splunk Search 10-28-2021 0 1	0	1
	Calculate sum of duration for Sub calls I have data in the following structure received for every event. Some events have just one or two sub calls and some ... by rajkskumar Explorer in Splunk Search 10-28-2021 0 0	0	0
	How to add new data in lookup from SPL query output ? My lookUp is a KV Store lookup. It has three column 'is_active' , 'user', 'robot'.I have a SPL query that gives me ... by zacksoft_wf Contributor in Splunk Search 10-28-2021 0 3	0	3
	Account deleted query \| datamodel "Change_Analysis" "Account_Management" search \| where 'All_Changes.tag'="delete" AND 'All_Changes.user'!=... by cyber_Maddy Engager in Splunk Search 10-27-2021 0 1	0	1
	Can you use an if statement for the value of two different fields? Hello,I'm a bit new to Splunk, so I'm still learning.I have created two fields, an opscounter, and a deopcounter. The... by jacsilva Observer in Splunk Search 10-27-2021 0 4	0	4
	Regex expression to extract fields I have two fields below that show up in our log files. I used Splunk tool to create the Regex to extract the fields ... by cgbsplunk Explorer in Splunk Search 10-27-2021 0 5	0	5
	mvexpand multi-value fields when not null Hi all. I'm trying to create a table from AWS WAF logs. There is a section of the log that is called ruleGroupList{... by khenson Engager in Splunk Search 10-27-2021 0 0	0	0
	Search help - find total sum of lengths of array My current search returns a series of events like: {'field1' : {'field2' : [obj1, obj2, obj3]}}{'field1' : {'field2' ... by ys2119 Loves-to-Learn in Splunk Search 10-27-2021 0 3	0	3
	Filtering out HTTP/1.1 200 logs from being forwarded to splunk. Hi,We have a large amount of data in /opt/app/axtract_fe1/var/log/apache2/main_collector_access-*.log file, and we do... by ssoftility Loves-to-Learn in Splunk Search 10-27-2021 0 1	0	1
	command "where" not working the "where" command checks only one condition doesn't work like thatmy search:. . . . \| where NOT (id_old = id OR use... by gitingua Communicator in Splunk Search 10-27-2021 0 9	0	9
	How do I properly configure schedule search/cron/alert times? This question is based on a comment from @woodcock on this post: https://community.splunk.com/t5/Splunk-Search/Why-ar... by jackjack Path Finder in Splunk Search 10-27-2021 0 1	0	1
	Test by GustavMahler Explorer in Splunk Search 10-27-2021 0 1	0	1
	Subsearch in splunk Is there any way we can add some filter in subsearch savedsearch so that we wont skip any data/records as its limitin... by Prachi_Chatur Observer in Splunk Search 10-27-2021 0 1	0	1
	search user check It is necessary to check if the user is in the index in this file or not. If not, then add to the file, if it is in t... by gitingua Communicator in Splunk Search 10-27-2021 0 5	0	5
	extract errorcode HiHere is th e log:2021-10-26 08:17:19,117 WARN AbCD-App2-0000 [SqlExceptionHelper] SQL Error: -268, SQLState: 230002... by indeed_2000 Motivator in Splunk Search 10-27-2021 0 3	0	3
	How to chance color of the row based on field name Hi experts,i have below table.. how do i change background colour of the row where error Categories = Total_error_rat... by saravana22 Explorer in Splunk Search 10-27-2021 0 3	0	3
	How to pass Input Tokens as arguments to custom search - js-python script Dear community,I have been trying to integrate splunk for my scripting purpose for some time now and it's time to rea... by Bart Explorer in Splunk Search 10-26-2021 0 1	0	1
	How to split the call based on TimeTaken I would like to create a Pie chart to show how many calls took less than 100ms, 200ms, and 300ms. index=star env=prod... by marinewcreater Explorer in Splunk Search 10-26-2021 0 4	0	4
	extract all "cause by" HiI have lots "Caused by:" in (single or multiple) eventsHow extract all line that contain "Caused by:"like this:Cau... by indeed_2000 Motivator in Splunk Search 10-26-2021 0 4	0	4
	How can I generate a search to find hosts which are missing a certain sourcetype? I have a sourcetype which is a log created by the AV application on the host. I would like to find hosts which are mi... by systemsatpayzon Path Finder in Splunk Search 10-26-2021 0 5	0	5
	use lookup file inside if statement Hi, I'm trying to use a lookup file inside an if statement, and it doesn't return any data. I would appreciate it if ... by Sharzi Explorer in Splunk Search 10-26-2021 0 1	0	1
	Duration of spike I am trying to determine the length of spike to see if it goes beyond our requirements. Here is a test of my search:i... by bkowen Observer in Splunk Search 10-26-2021 0 0	0	0
	ERROR AdminManagerDispatch - Admin handler 'alert_manager' not found. Hi everyone.I was watching some events from the internal logs and I saw so many events related to "ERROR AdminManager... by saraque Observer in Splunk Search 10-26-2021 0 0	0	0
	Regex for a nullQueue multiple strings I am trying to set a regex that works when i use say regexr.com but doesn't apply in my transforms/props file.I am wa... by agentguerry Path Finder in Splunk Search 10-26-2021 0 5	0	5