Splunk Search

Community Activity

[help]Get the time duration within a specific start and end value? Hi team,I have below data in splunk. And I want to get the time duration when below range.ACT start with "AUTOSAVEFOR... by cheriemilk Path Finder in Splunk Search 08-24-2021 0 3	0	3
How to find the _time difference in a list of eventTypes by algorithm (non-sequencial order)? Hello Splunk Community I'm working on a SPL to give _time difference of list of eventTypes as per the algorithm. Curr... by iamsplunker Communicator in Splunk Search 08-24-2021 0 4	0	4
conditional average Hi need to calculate the average based on a condition. testing=true vs testing=false (lets say field A)field B has t... by andreaswpv Explorer in Splunk Search 08-24-2021 0 2	0	2
Nested search query Hello Experts,Requirement is to show the no. of jobs started, completed in last 4 hours.I have injested job log files... by Karthikeyan Engager in Splunk Search 08-24-2021 0 5	0	5
Extract data from filename Hi Experts,I have a a job log file, that gets ingested to Splunk with naming convention "trace_08_19_2021_06_36_03_**... by Karthikeyan Engager in Splunk Search 08-24-2021 0 5	0	5
Search eval strftime result of current day across lookup. I'm using the following to eval current_day:\| inputlookup Files_And_Thresholds\| eval current_day=lower(strftime(relat... by middlemiddle Explorer in Splunk Search 08-24-2021 0 4	0	4
report acceleration Hi,I have the bellow search:I am trying to use acceleration reporting however because the event stats I can't, I have... by joe06031990 Communicator in Splunk Search 08-24-2021 0 0	0	0
Summary stats from distinct (overflowing) counters. Hello.I have a set of hosts which send some stats. In my case these are rsyslog impstats statistics but it can be any... by PickleRick SplunkTrust in Splunk Search 08-24-2021 0 0	0	0
How to group together rows with similar names into a single row This is the table. How can I group together similar names into one entry and the count is added for both of them. For... by sam1010 Explorer in Splunk Search 08-24-2021 0 3	0	3
want the current day of the week with now() then i want to use value to compare data for past 4 weeks for same DOW Need help : I have a splunk query where i want to evaluate today (day of week) using now() and then use it to compare... by MayankChandra Engager in Splunk Search 08-24-2021 0 7	0	7
Can any one help me to write splunk query which gives volume($ amount) or calculate each source ingesting data I am looking for a splunk query which can calculate each sourcetype ingesting data in splunk. you can take below samp... by question_queen New Member in Splunk Search 08-23-2021 0 3	0	3
How to split multiple lines of data into a single individual line in splunk using \n? As i mentioned below prod column has multiple values and i want to split it based on \n next line command and get the... by Shan Builder in Splunk Search 08-23-2021 0 6	0	6
TAXII files being downloaded but not processed by Enterprise Security Hi Splunkers.We are having an issue whereby a TAXII feed has stopped being incorporated into the Enterprise Security ... by torowa Path Finder in Splunk Search 08-23-2021 1 0	1	0
Nested JSON (Returns Empty) Hi All,Have a search that is not returning what I would like. Need to unest some JSON but having issues.Here is an ex... by morgantay96 Path Finder in Splunk Search 08-23-2021 0 1	0	1
Using dedub on same results within 1 minute range HiI'm trying to find user that login on Non-working hour between 4pm-4am by looking at eventcode=4624.I need to exclu... by SkuLLo99 Loves-to-Learn in Splunk Search 08-23-2021 0 5	0	5
Consolidation From Different Sources Hey Everyone!I'm in need of some help, advice, Ouija board (lol)...whatever can do the trick. I am wanting to know if... by Cyber_Nerd3 Engager in Splunk Search 08-23-2021 0 7	0	7
Similar events within 1s of each other? I have logs like of this form:[2021-08-19T13:59:05.607] [INFO] collect - [4a2b9170-0130-11ec-95b3-17c017e0ec5d] {"uid... by HenrikN Engager in Splunk Search 08-23-2021 0 2	0	2
search filed values from sourcetype1 to another sourcetype2 Hi,I need help in searching field value from the first search to another search with deferent sourcetype and combine ... by shrinivaskittur Explorer in Splunk Search 08-23-2021 0 4	0	4
Combining Separate Searches Hello,I am attempting to combine 2 reports (1 is a normal stats search return and the other is a pie chart using the ... by Cyber_Nerd3 Engager in Splunk Search 08-23-2021 0 0	0	0
Splunk search - is it possible to automatically expand a result property wrap? Hi,In my query:index="my_local" \| sort -DateI get a list of items, and if I look at one item (and lick "show as raw t... by gunnist Explorer in Splunk Search 08-23-2021 0 3	0	3
PROPS CONF-Text file with header Hello, I have some issues to create PROPS Conf file for following sample data events. It's a text file with header in... by SplunkDash Motivator in Splunk Search 08-23-2021 0 0	0	0
Password spraying search Hi, I am attempting to create a search for a password spraying attempt. I need the IP address and Hostname made with ... by kuriakose Explorer in Splunk Search 08-23-2021 0 3	0	3
Looking for a result each day in the week HelloIn my base search I'm looking for stores with the minimum count of 1 for 4 differend kind of errors. I count the... by rjoller Explorer in Splunk Search 08-23-2021 0 4	0	4
List of realtime searches showing deleted reports/alerts Hi, I have the following SPL as a dashboard panel which shows realtime searches. This is so I can contact the owners ... by shazbot79 Path Finder in Splunk Search 08-23-2021 0 5	0	5
how to remove a portion of string Hi all,my data as below:11111_aaaa/ppppaaaa1110_bb/kjmI want to remove anything after /, like this11111_aaaa1110_bb T... by leecholim Engager in Splunk Search 08-23-2021 0 7	0	7