Splunk Search

Community Activity

User login Hi ,A newbie to Splunk here. I have found the query for login info for users on a host: index=os source=var/log/sec... by RanjithaN99 Explorer in Splunk Search 08-30-2021 0 6	0	6
search language Hi, how do I get subtotal count for each Host and Total for all count, in additional count for all different status.H... by francly Explorer in Splunk Search 08-30-2021 0 4	0	4
nested if loop I would like to write in splunk a nested if loop: What I want to achieve:if buyer_from_France: do ... by splunkymage Observer in Splunk Search 08-29-2021 0 0	0	0
tstats unable to get any results when specifying dataset in FROM clause Hi,We are in the process of migrating all Apps/Config's from an older standalone instance(7.2.4.2) to a newer SHC(8.1... by att35 Builder in Splunk Search 08-29-2021 0 0	0	0
How do I join a search on a field that is not unique to compare time values? Hello all,I am struggling to find a solution for this. I have two different searches.One shows log entries where syst... by Traer001 Path Finder in Splunk Search 08-28-2021 0 7	0	7
Need Regex help Hi All,I will be getting a list of MD5 hash values in my logs. Need a regex expression for the below. Therefore whene... by SabariRajanT Path Finder in Splunk Search 08-28-2021 0 7	0	7
Find the average of the first 99% range of data My search currently gives me some statistics regarding response times including total count, average, min, max and 99... by sepkarimpour Path Finder in Splunk Search 08-27-2021 0 11	0	11
Issues with props and transforms Hi All,I have just copied across working props and transforms stanza from one HF to another for sqs logs. however it’... by Abha11 Explorer in Splunk Search 08-27-2021 0 2	0	2
How to get the last hour of events but also over the past 6 weeks? I wanted to establish an alert that will look at the past hour for the past 6 weeks and make some comparisons. So for... by aohls Contributor in Splunk Search 08-27-2021 0 4	0	4
99% Percentile time_taken in IIS Hi I am trying to find the min, max and AVG for Percentile 99,90 and 75 with the bellow: index="main" source="C:\\ine... by joe06031990 Communicator in Splunk Search 08-27-2021 0 0	0	0
Search query to remove results from another source. I have the following sourcers: "inserted" and "deleted"In the "inserted" i have these fields:Id, Timestamp1, 2021-08-... by rodrigomarfei Explorer in Splunk Search 08-27-2021 0 4	0	4
Transforming commands works only in verbose mode Suddenly transforming commands stopped working unless I search in verbose mode. What could cause this issue? This onl... by splunker1789 Engager in Splunk Search 08-27-2021 0 0	0	0
How do I generate a random number between a specific range? Hi, How can I generate a random number between 1 to 20. I random() function doesn't allow to specify a range. please ... by sravani27 Path Finder in Splunk Search 08-27-2021 4 6	4	6
I want no. of triggered alerts in a day from total alerts to be generated I want a report when total events less than 9500000 in a day from sourcetype.Also I tried below query, but its giving... by zakkie Engager in Splunk Search 08-27-2021 0 1	0	1
Alert throttle not working with renamed fields I have multiple alerts with searches similar to the one below where fields are renamed to a numeric ordering. The sea... by _stoff Observer in Splunk Search 08-27-2021 0 1	0	1
Sum the values in a field Hi Team,Current tableApplicationFailureSuccessA26B47C58 ExpectedApplicationFailureSuccessD1121 How to add the Applica... by Madhusri Engager in Splunk Search 08-27-2021 0 3	0	3
Why doesn't the the eval- subtraction generates results from two extracted values? Hey Splunk- community,theres another problem which must solved again. The following query....index=machinedata_w05_su... by Felix82 Explorer in Splunk Search 08-27-2021 0 1	0	1
How to use eval with mstats Hi,I want to run something similar to the below on metrics data stored in metrics index, can you please assist:eval i... by nouraali Explorer in Splunk Search 08-27-2021 0 4	0	4
How to match wildcard in a join left? Consider I received the following logs:cn=srv1.example.com;issuer=C=US, O=Amazon, OU=Server CA 1A, CN=Amazon cn=srv1.... by JChris_ Path Finder in Splunk Search 08-27-2021 0 2	0	2
can we decode the splunk logs which is already onboarded into splunk Hi Team,Is there any way to decode the logs which is already onboarded into splunk. Do we have any app to decode.? Pl... by SabariRajanT Path Finder in Splunk Search 08-27-2021 0 3	0	3
Filling in missing '_time' rows (without using timechart) I want to know how I can incrementally go through and add missing times (hours) per user across a number of users. ... by cyberdiver Explorer in Splunk Search 08-27-2021 0 6	0	6
JSON Fields Extraction using REX Hello, I have a requirement where i need to extract part of JSON code from splunk log and assign that field to spath ... by rczone Path Finder in Splunk Search 08-27-2021 0 4	0	4
Having a search trigger another search Is there a way to trigger another search from a search? What I have is a syslog search for traffic on a router. The... by kholleran Communicator in Splunk Search 08-27-2021 3 9	3	9
How do I export large amounts of data? I am having issues with finding a way to export two reports.I have two reports, which I'll call search1 and search2. ... by XOJ Path Finder in Splunk Search 08-26-2021 0 3	0	3
Compare inputlookup and index search Hi,I have a lookupfile that contains a list of hosts, (one column named hosts), this list maybe subject to change.I w... by Scroogemcdougal Engager in Splunk Search 08-26-2021 0 2	0	2