Splunk Search

Community Activity

Using results from one search as a filter for another Hi,I'm trying to filter the results from one search based on the results from another search.Example:Consider the fol... by dmacl Explorer in Splunk Search 10-01-2021 0 6	0	6
Change hour interval to days and replace the value with average I have a column that has events recorded in an interval of 1 hour.Example:Date ... by sndpgiri Engager in Splunk Search 10-01-2021 0 3	0	3
Rename fields based on Token value Hi,I have some data which spans multiple systems example below:"system" "app" "fld1" "fld2" "fld3"sys1 appA ... by mcaulsc Path Finder in Splunk Search 10-01-2021 0 7	0	7
Multiple key value pairs in a timechart based on the counts of 2 fields Here's an example of some error logs that simply show which app reported an error and which country:_time(s)sourcetyp... by datatan Engager in Splunk Search 09-30-2021 0 1	0	1
how to show table pagination with start and end instead of << previous & Next >> Hi All.. I need help with table pagination by default splunk provides pagination option as << prev & next >> instead... by mvishal Explorer in Splunk Search 09-30-2021 1 2	1	2
Show a part of message for dasboard stats table I have the following query and I am using it in a dashboard to show the errors categorized. index=myindex sourcetype=... by alwinaugustin Engager in Splunk Search 09-30-2021 0 3	0	3
Change _Time to another field on a Single Query Hello,I need to find a way to use another field for _Time on a single query (I don't want to change props just for 1 ... by erog Engager in Splunk Search 09-30-2021 0 1	0	1
LINE_BREAKER Help Needed I need help breaking the following data into segments. The data is currently lumped together. I have been working wit... by babcolee Path Finder in Splunk Search 09-30-2021 0 2	0	2
How are values in lookups matched? When a field value is passed to a lookup, what are the limits on how it can match the value in the lookup? Specifical... by gkanapathy Splunk Employee in Splunk Search 09-30-2021 10 5	10	5
custom sort field values Hello dears,How can i sort these field values ?Field = "port"0/1/0/2/0/8/0/7/0/2/0/3/0/5/0/2/0/6/0/3/0/16/0/20/18/0/6... by corehan Explorer in Splunk Search 09-30-2021 0 16	0	16
Software Versions not comparing correctly I am sure I am sure I am missing something easy but, for some reason, when I compare these two values (they are in st... by Abe_T Explorer in Splunk Search 09-30-2021 0 6	0	6
searching for repeated events from the same user Hi All,I am looking to create an alert based on the following base search. index=wineventlog w19tax.exe app_name=W19T... by tkerr1357 Path Finder in Splunk Search 09-30-2021 0 2	0	2
how to to calculate average size of a syslog message for a particular source Hello dear All, 1* How to calculate average size of a syslog message for a particular source in GB using Splunk query... by pacifikn Communicator in Splunk Search 09-30-2021 0 2	0	2
How to check CIDR overlaps I have lookup with CIDR advanced field which contains: id cidr_field 1 1.1.1.1/24 2 8.8.8.8/24 If I se... by yko84109 Loves-to-Learn in Splunk Search 09-30-2021 0 3	0	3
Require Splunk query to assign field value to another field as value we have two device AUSTDPVPN1 and AUSTDPVPN2 and current user logged in count on device as 0 and 2867.I want whenever... by Abhineet Loves-to-Learn Everything in Splunk Search 09-30-2021 0 9	0	9
Need Help Creating a Nested Stats Table and Grouping by Multiple Values Hey guys, I need some quick help creating a nested stats table and grouping by multiple values within that table. My ... by TheColorBlack Path Finder in Splunk Search 09-30-2021 0 1	0	1
foreach and server limits I was wondering... how are foreach-generated searches treated regarding the searches limits?I mean - normally you hav... by PickleRick SplunkTrust in Splunk Search 09-30-2021 0 2	0	2
Help with search of evaluated field Hello,I need a help with a search that seems very easy, but I'm unable to achieve the results I want.The events are r... by rodrigomarfei Explorer in Splunk Search 09-30-2021 0 3	0	3
Exclude specific String from search I am new to Splunk and would appreciate if anyone helps me on this. I would like to set up a Splunk alert for SocketT... by dababi1234 New Member in Splunk Search 09-30-2021 0 5	0	5
Pass field from joined search into primary search table Hello I would like to pass a value from a joined search (e.g. in this case the "Side") to the final table.I tried dif... by gabrieleguidoni Loves-to-Learn in Splunk Search 09-30-2021 0 1	0	1
Correlation from Data Model Hi Guys,I have a question about the data model. Eventually, I want to create complex correlation rules by finding m... by korhanacar Engager in Splunk Search 09-30-2021 0 0	0	0
Json field extract I have a json like this: { "A": [ { "B": [ { "status": "2", "value": "1" ... by priyangshupal Engager in Splunk Search 09-30-2021 0 1	0	1
Lateral Movement Windows Logs Hello there,I have spent a good time researching lateral movement in Splunk, unfortunately I have not found much.I ha... by splunkcol Builder in Splunk Search 09-29-2021 0 2	0	2
Eval Command (IF) Hi Team When i tried running the below eval command, i am getting some error message often.I wrote this below command... by jaibalaraman Path Finder in Splunk Search 09-29-2021 0 8	0	8
When alert triggers, add detail to inline table So I have a search that triggers based upon how much memory is being used on any of my linux machines. index=nix so... by tmarlette Motivator in Splunk Search 09-29-2021 0 0	0	0