Splunk Search

Community Activity

	Error in "litsearch" command Good morning, Getting a weird error this morning when trying to run searches. It is saying that m license is expired,... by JoshuaJJ Path Finder in Splunk Search 10-22-2024 0 6	0	6
	Variable earliest/latest in main search I have a working dashboard that displays a number of metrics and KPIs for the previous week. Today, I was asked to e... by DATT Path Finder in Splunk Search 10-22-2024 0 3	0	3
	Drilldown Token from Single Value Panel to Stats Table Panel Need help passing a token value from a Single Value Panel using the ( \| stats count) in conjuction to the ( \| rex fie... by ramuzzini Path Finder in Splunk Search 10-21-2024 0 1	0	1
	Fecth the field based on other field condition Hi,I need help to fetch field based on other field condition.I have lookup table as below,NAME STATEabc-a-0 host1 ma... by myusufe71 Explorer in Splunk Search 10-21-2024 0 1	0	1
	How to tie multiple events together (transaction, join, etc.) Hi,I am trying to tie multiple events describing single transaction together.This is my test example: Event Oct 21 08... by SplunkUser001 Explorer in Splunk Search 10-21-2024 0 1	0	1
	Need help with syntax and rex I have a log with a sample of the followingPOST Uploaded File Size for project id : 123 and metadata id : xxxxxxxxxxx... by LizAndy123 Path Finder in Splunk Search 10-21-2024 0 3	0	3
	Invalid value "$earliest$" for time term 'earliest' Hi SplukersI'm looking for cross compare some events with other system data, using an initial search for the event an... by dataisbeautiful Communicator in Splunk Search 10-21-2024 0 10	0	10
	How to Fetch the output based on the input value from Dropdown Hi,I have an log which show currency field and it will have all the valid currency codes like JPY, CNY, USD etc..I ne... by dhineshv1 Engager in Splunk Search 10-20-2024 0 3	0	3
	Multi sourcetype search for extracted value I am having some issues getting this to work correctly. It does not return all the results. I have different records ... by whipstash Engager in Splunk Search 10-19-2024 0 3	0	3
	count by response time range source aaa\| eval Description=case(rt_sec>10, "G10", rt_sec>20, "G20", rt_sec>30, "G30", rt_sec>40, "G40") \| stats cou... by jibiuthaman Explorer in Splunk Search 10-18-2024 0 3	0	3
	Using Eval Where Clause in Secondary Search from Stats Count Have working query to give me list of all printers, total job count, total page count and show location of printers u... by ramuzzini Path Finder in Splunk Search 10-18-2024 0 2	0	2
	Tweaking xyseries Iam using splunk to generate as below.It is run for 2 days date range where am trying to compare the countClassName16... by bmer Explorer in Splunk Search 10-18-2024 0 2	0	2
	File will not be read, seekptr checksum did not match for a file in splunk Hi TeamSplunk is unable to read a file which has particular content as below. If the file contains other content, the... by hariengg Engager in Splunk Search 10-18-2024 0 3	0	3
	How can I use the result of subquery field as wildcard? I have subquery result ashost1host2host2And I want to put this all host result as host=* in the main query.1. subque... by myusufe71 Explorer in Splunk Search 10-18-2024 0 3	0	3
	Do I need to run this search twice? I have the following fabricated search which is a pretty close representation of what I actually want to do and gives... by tread_splunk Splunk Employee in Splunk Search 10-17-2024 0 1	0	1
	How to add a toggle to hide/unhide fields in a table in Splunk Dashboard? I am working on a dashboard that has a bunch of field and will be used by multiple teams and people who will be needi... by PotatoDataUser Explorer in Splunk Search 10-17-2024 0 1	0	1
	Search/Job missing in job_manager I currently do a search monthly for searches/jobs that take a long time. I then look up the job and if there is an al... by dwong-rtr Explorer in Splunk Search 10-17-2024 0 4	0	4
	Query src + dst subnet and action Dear all, I'm trying to search for denied actions in a subnet, regardless if it is the source or destination. I tried... by tbayer82 New Member in Splunk Search 10-17-2024 0 1	0	1
	Saved Search Scheduling I have a saved search which is scheduled but it is not showing and not running at the scheduled time. by Siddharthnegi Contributor in Splunk Search 10-17-2024 0 4	0	4
	Regex to find Multi Line pattern Hi,I am having some problem to understand How to fetch multiline pattern in a single event.I have logfile in which I ... by Neekheal Observer in Splunk Search 10-16-2024 0 8	0	8
	Extract fields with specific value where multiple combination of "value" exists for same "Key" I've the below event, where I need to display only event which has action=test and category=testdata. test { line1: 1... by Deprasad Path Finder in Splunk Search 10-16-2024 0 3	0	3
	Add latest field with a filter to table that also displays unfiltered rows Hi All, newbie here - Sorry if my subject is poorly worded, I'm a little confused!I'm trying to add a field to the ta... by mrminks Engager in Splunk Search 10-16-2024 0 2	0	2
	Is it possible to match a multivalue field containing regex variables to another field Hello, My team has a search that uses a field called regex, containing a load of different regex expressions to match... by gg_easy Engager in Splunk Search 10-16-2024 0 1	0	1
	Grouping by the words in a field HI,I have a below query, I want to group and count by two different words, one group per word, in a field "text1.valu... by H2ck1ngPr13sT Loves-to-Learn in Splunk Search 10-16-2024 0 4	0	4
	Calculate duration between 2 events everytime those events occur Hello,I am looking to calculate how long it takes to refresh the view using the time of the events "End View Refresh"... by raghul725 Explorer in Splunk Search 10-15-2024 0 10	0	10