Splunk Search

Community Activity

	Date Format and Time Format Hello,What would be my TIME_FORMAT for prop configuration file for this events2021-06-08T13:26:53.665000-04:00\|PGM\|mt... by SplunkDash Motivator in Splunk Search 08-13-2021 0 5	0	5
	Splunk Time difference search I have two results of servers list as per last 30 days and last 12 hrs. I want to compare and find out which servers ... by Sirius27 New Member in Splunk Search 08-12-2021 0 3	0	3
	search 2 logfiles from same source, but different fields. I have an index which contains data from many logfiles. I want to search for specific data in log1 and display with ... by dbrooks_CIR New Member in Splunk Search 08-12-2021 0 1	0	1
	Indexed field is not showing up when I use "=" in the search. We use cribl for field extraction. `Action` is a field that is being parsed from cribl and it should be a indexed fie... by paras Explorer in Splunk Search 08-12-2021 0 1	0	1
	TIME_PREFIX for props Hello, how can I write TIME_PREFIX for props conf file for following sample event. Any help will be highly appreciate... by SplunkDash Motivator in Splunk Search 08-12-2021 0 2	0	2
	Return NOT matching events Hi,I am trying to return values that DO NOT MATCH the search between an index and .csv fileEx - this returns the valu... by munisb Explorer in Splunk Search 08-12-2021 0 1	0	1
	PROPS Config...Different Time Formats within Same Source File Hello,I am a source file which has events with 2 different file formats. How would I write TIME_FOMAT for my PROPS ... by SplunkDash Motivator in Splunk Search 08-12-2021 0 1	0	1
	PROF Conf Issues Hello, I was trying to write PROPS configuration file following sample events...2021-06-08T13:26:53.665000-04:00\|PGM\|... by SplunkDash Motivator in Splunk Search 08-12-2021 0 1	0	1
	How to list field and their values? My log is formatted like this:labels: {<!-- --> app: splunk-kubernetes-metrics app.kubernetes.io/managed-by: Helm... by truongvinh2112 New Member in Splunk Search 08-12-2021 0 4	0	4
	How to change the order of fields when chart is used index="www1" sourcetype="access_combined_wcookie" action=* status<=400\| timechart span=1d count(action) by clientip u... by nnonm111 Path Finder in Splunk Search 08-12-2021 0 1	0	1
	How to improve performance of a "loadjob" search which takes a long time to fetch the results? I am using loadjob to load an already scheduled report that contains more than 2 million results. But when i try to f... by samkaj Explorer in Splunk Search 08-12-2021 0 7	0	7
	Need help with lookup query Hi All,I am using below query to search for certain logs:index=int_gcg_apac_solace_166076 host="mwgcb-csrla0U" sour... by Mrig342 Contributor in Splunk Search 08-12-2021 0 2	0	2
	How to count the number of opened and closed incidents? Hi There, I have got incidents data in below format: dateRaised, IncID, Location, Status, closedDate 05-05-20, 1234... by madhav_dholakia Contributor in Splunk Search 08-12-2021 0 5	0	5
	Get the details events after using stats I have a query index = "index1" \|spath output=error_code input=RAW_DATA path=MsgSts.Cd \|dedup SESSIONID \|stats count ... by phamxuantung Communicator in Splunk Search 08-12-2021 0 2	0	2
	How to delete everything before and including string, using regex? Dear Community, I have the following search query: index="myIndex" host="myHost" source="mySource.log" 20210811053... by Bleepie Communicator in Splunk Search 08-12-2021 0 4	0	4
	How to pass a mutliple values into a Token? Hi all,Is it possible pass multiple value to a Token from one search to another? This is what I try to do.First Panel... by Tomas_K Explorer in Splunk Search 08-11-2021 0 3	0	3
	multisearch with a lookup and index? I'm looking to combine data from a lookup file to data from our security server to create a comparison chart between ... by msage Path Finder in Splunk Search 08-11-2021 0 5	0	5
	Dealing with Lists I have network logs that show various network device communication that are in an index in Splunk. I have another in... by richtate Path Finder in Splunk Search 08-11-2021 0 13	0	13
	Querying partial match from lookup Hi, I've a lookup that looks like this - clientid url abc accounts//balanceabc accounts//namexyz /user/*/details An... by pjtbasu Explorer in Splunk Search 08-11-2021 0 2	0	2
	How to split a row into two columns We want to replicate this table (especially the circled row).We have to divide data (from 1 to 3 and from 4 to 6) for... by Raghork Loves-to-Learn Lots in Splunk Search 08-11-2021 0 0	0	0
	Filtering specific digit at the end of a field value Hi community,i have the following tstats output"\| tstats count WHERE fromzone="INTRANET" index=__* by index sourc... by brennson90 Path Finder in Splunk Search 08-11-2021 0 2	0	2
	Loop on the values of a column of a table Hello,I have the following SPL command : \|tstats count where index=main host IN (H1,H2) by host, _time span=1h \| pred... by silverdiver New Member in Splunk Search 08-11-2021 0 1	0	1
	How could I create a timespan for alternating events? Hey Splunk- community, I need your help again. My data are events which reports disturbments. "action=kommend" marks ... by Felix82 Explorer in Splunk Search 08-11-2021 0 4	0	4
	how to get max val by time in splunk index="performance" sourcetype="physical_cpu"\| addtotals fieldname=CPU_SUM CPU_*\| rex mode=sed field=_raw "s/ //g"\| e... by chohye12 New Member in Splunk Search 08-11-2021 0 3	0	3
	Generating alert based on condition Hi All ,i have configured alerts for the search below:index="ebs_red_0" host="dev-obiee-ux0*" source="/obiee_12c/app/... by Ashutosh_30 Loves-to-Learn in Splunk Search 08-11-2021 0 2	0	2