Splunk Search

Community Activity

stats, eventstats,streamstats which one return max field by second field? hihow can i show max duration per servername? index="my-index" \| rex "duration\[(?<duration>\d+.\d+)"\| rex "id... by indeed_2000 Motivator in Splunk Search 09-20-2021 0 2	0	2
Null value for Country when using iplocation Hi,When using iplocation to get the Country list ,maximum i am getting null values for Country.How to get the exact c... by Madhusri Engager in Splunk Search 09-20-2021 0 1	0	1
Extracting Source Network Address from Windows Logs Im working on extracting Source Network Address's from Splunk I've spent the past few hours defining my query and aft... by hiteshkh Explorer in Splunk Search 09-20-2021 0 3	0	3
How do a search with a string comma separated values ? Hello team! How are u?I have a question about how to search with a comma separated values: Example:I have an index wi... by JuanAntunes Explorer in Splunk Search 09-20-2021 0 4	0	4
how to expand multiple ip addresses on more fields? Hi, i have more ip address in a field like this:host \| IP h1 10.0.2.2; 10.0.2.1h2 10... by francesco1g Engager in Splunk Search 09-20-2021 0 1	0	1
Search between specific time range Hi,Due to come compliance issue, there is a need to search for logs from 10pm to the following day 10am. This has to ... by splunknewbie81 Engager in Splunk Search 09-20-2021 0 8	0	8
Searching ranges of event codes from windows event logs A user within my organization was attempting to search for various windows events that indicated that somebody modifi... by LiquidTension Path Finder in Splunk Search 09-20-2021 2 2	2	2
Query email sent success or failed Please suggest a splunk query to find whether email abc@def.com successfully sent emails or any emails failed between... by shanaz Engager in Splunk Search 09-20-2021 0 2	0	2
Search in two table Hi,I have two table.The first have few ip what i switched dotdecimal splunk_server="xyserver" index=main source="/v... by AnnexQ Explorer in Splunk Search 09-20-2021 0 6	0	6
Remove original and duplicate items from a query Hi, from two columns, in order to create a report, i need to remove the elements that are present twice, not only rem... by francesco1g Engager in Splunk Search 09-20-2021 0 1	0	1
Grouping of value Hello guys,I need help building the query for this value to group it like the output I have given below.Current:apple... by kelz Explorer in Splunk Search 09-19-2021 0 2	0	2
Null value for Country when using iplocation Hi,When using iplocation to get the Country list ,maximum i am getting null values for Country.How to get the exact c... by Madhusri Engager in Splunk Search 09-19-2021 0 1	0	1
How to find rolling average for last7 days and fill the time gaps where there is no event in last 7 days Hello,I have a requirement to find the rolling average and variance % as per below requirement. If there is no event... by mnj1809 Path Finder in Splunk Search 09-19-2021 0 11	0	11
How can I use the IN operator after tstats to see if a list of strings exists in a field? Hi, I want to change this first (sanitized) query to use a data model instead but I'm unsure how to incorporate "[fie... by russell120k Engager in Splunk Search 09-19-2021 0 2	0	2
extract errors from unstructured log file with rex HiI have several unstructured log file that need extract error messges with rex spl command.1-what is the optimize wa... by indeed_2000 Motivator in Splunk Search 09-19-2021 0 5	0	5
Outer join not working It seem that outer join is not working for me and I have no idea why.I have this two events:Event 1 (index="faults"):... by fvarela Explorer in Splunk Search 09-19-2021 0 4	0	4
Group events by _time while indexing I have logs with same _time(msg field) like belowtype=CWD msg=audit(1631697722.980:2773): cwd="/" type=PATH msg=audi... by sivaranjiniG Communicator in Splunk Search 09-19-2021 0 2	0	2
Converting variable File Size Units with dot points to bytes Hi there,I am building a Synology Splunk TA to share with the community. In the logs, file sizes can be presented in ... by satiex Explorer in Splunk Search 09-18-2021 0 2	0	2
Newbie question - creating events vs time HiNew to Splunk and learning how to create a simple dashboard. What I'd like to see is status=403 or status=200 over ... by kam_emea Engager in Splunk Search 09-18-2021 0 1	0	1
Eval Substring Match? Anyone have a good method for doing substring matches where field1 is my searched field and field2 is my substring I ... by wilcomply Observer in Splunk Search 09-18-2021 0 2	0	2
Group by time intervals from other search results I have 2 indexies: one with business events [main], another with server performance metrics [metrics].Say, in [main] ... by mikhailBard Observer in Splunk Search 09-18-2021 0 2	0	2
How to find 7days rolling events count Hello,I want to find the 7 days rolling sum as per the attached sample data. For example in the attached sample data,... by mnj1809 Path Finder in Splunk Search 09-18-2021 0 3	0	3
how to show multiple columns in table along with timestamp Hi team, I have one requirement to prepare a query to get a value from json and do chart count around it. For this I ... by rkishoreqa Communicator in Splunk Search 09-17-2021 0 3	0	3
Multiple stats count Hi Folks,My test data are like :DOC_ID,PROCESS_ID,RECEIVERDOC_10,PROC_A100,REC_0001DOC_10,PROC_A100,REC_0002DOC_20,PR... by Atif Explorer in Splunk Search 09-17-2021 0 1	0	1
merge two search results Hi, I have three search results giving me three different set of results, in which three is one common filed called ... by KarunK Contributor in Splunk Search 09-17-2021 0 11	0	11