Splunk Search

Community Activity

coalesce values of Outsearch and Subsearch Hi Splunk experts,I have below usecase and using below query index=Index1 app_name IN ("customer","contact") \| rex ... by prasant Path Finder in Splunk Search 08-08-2021 0 4	0	4
dropdown and conditional field value based search i have view that i want to use to filter hosts by development tier (QA, STAGE, PROD). The drop down is configured ... by cfbridgewater New Member in Splunk Search 08-07-2021 0 8	0	8
How to pull additional fields from a lookup that is using wildcards? I'm trying to build a search that will return an event and the severity of that event. I have the events with wildcar... by joeybagofdonuts Explorer in Splunk Search 08-07-2021 0 1	0	1
Cannot find the events sent with HTTP Collector I'm using HTTP collector on my free trial cloud instance.URLs I tried: https://inputs.<MY_SPLUNK_INSTANCE_ID>.splunkc... by sc_admin2 New Member in Splunk Search 08-07-2021 0 1	0	1
Join is not returning events if subsearch is empty. How to fix it I have an Index called myindex:NAMEAGECITYCOUNTRYLEGAL AGEDenis17LondonUKNODenis18 YESMaria17RosarioArgentinaNOMaria... by denissotoacc Path Finder in Splunk Search 08-06-2021 0 1	0	1
Splunk AVG Query I am consuming some data using an API, I want to calculate avg time it took for all my customer, after each ingestion... by rai4shambhavi Explorer in Splunk Search 08-06-2021 0 10	0	10
Search an endpoint ending with numbers I want to search for endpoints /api/work/12345678 i.e api/work/(8 digt number). My below query gives me all the thre... by newtosplunk14 Explorer in Splunk Search 08-06-2021 0 6	0	6
fetching data from lookup and index using join Hi, we have one inputlookup file X1.csv and one index=x2, we want to fetch alarm details from index for device name t... by sam4nik Engager in Splunk Search 08-06-2021 0 1	0	1
how to extract a timestamp from beginning of splunk log statement All my log statements are of below format.{ "source": "stdout", "tag": "practice/myapplication:4444a76b917", "labe... by donB Loves-to-Learn Lots in Splunk Search 08-06-2021 0 3	0	3
How to get raw string as input in custom search ? Hi, I have a custom search get input as raw string, but when I combine splunk don't understand that, it always return... by thanhnhhe130698 Engager in Splunk Search 08-06-2021 0 3	0	3
Splunk Count for last 30 days Hi,I have written a script which runs for every after 1 hr, here the 24 hr window is from 07am to next day 06:00amMy ... by sachin9911 Loves-to-Learn Lots in Splunk Search 08-06-2021 0 7	0	7
Flatten out several multivalue fields to a single value and just be like a row/line entry Good day,As mentioned, I wanted to flatten a series of multivalue fields, and make it just like single row entries, w... by jaysonpryde Path Finder in Splunk Search 08-05-2021 1 2	1	2
Compare logs between different host and match the value. I have two different hosts . hostA-1, hostA-2, hostA-3, hostA-4, hostA-5 . hostB-5, hostB-6, hostB-7, hostB-8. I want... by DougiieDee Explorer in Splunk Search 08-05-2021 0 4	0	4
parse mv json into multiline chart I have a field named Msg which contains json. That json contains some values and an array. I need to get each item ... by brianbcampbell Engager in Splunk Search 08-05-2021 0 2	0	2
Accessing Splunk pre-calculated fields Hello, is there a possibility to access these fields? Thanks, Ava by a_vobard Explorer in Splunk Search 08-05-2021 0 3	0	3
Extract Nested JSON I have events coming from an API that all have the same 10 fields. Viewing the RAW event one of the fields (detail) ... by kernand0 Loves-to-Learn in Splunk Search 08-05-2021 0 4	0	4
Hosts event search by lookup table Hi all,I have created a lookup table and imported it into SPLUNK. It has 2 columns, one called hosts the other called... by ned692000 Engager in Splunk Search 08-05-2021 0 4	0	4
Splunk Enterprise Security Content Management blank Hello,I performed a "fresh" installation of ES 4.6.1 in a search head cluster through deployer. Splunk app version is... by adidibra Engager in Splunk Search 08-05-2021 0 1	0	1
Quick Reference Guide Card Hoping to find some physical copies of the Quick Reference Guide on card stock. I was hoping they would be available... by AzJimbo Path Finder in Splunk Search 08-05-2021 0 2	0	2
Find all newer events logged by application after a certain date Question: How can we find diff between log statements before and after a given date. Applicability: Let's say we rel... by serach2learn New Member in Splunk Search 08-05-2021 0 1	0	1
Get difference of occurence between 2 different day/months/years/date ranges Hi all,First post here - So I'm a Splunk beginner & recently got this tricky task.So let's say I have these rows in m... by isvnplunk Explorer in Splunk Search 08-05-2021 0 4	0	4
Like Command with special charecter Hi Team,I am trying to run below query .. now here problem is its not showing any "Blocked" data .. its showing only... by Susha Engager in Splunk Search 08-05-2021 0 2	0	2
Query with Thousands IDs in searche whit OR Hello, i need help.I have 6500 IIN (like id) and put this id to lookup then tried search: index=alfa [\|inputlookup II... by Dmitriy Explorer in Splunk Search 08-05-2021 0 17	0	17
Query with Thousands of "OR"s Greetings, I want to know the least resource intensive way of searching thousands of URLs in one search. So what I ... by ccsfdave Builder in Splunk Search 08-04-2021 0 10	0	10
How to lookup match on IP return user value within event? Hi, I have a lookup table that consists of 1 column. It contains IP addresses. I have search against an index that ... by brdr Contributor in Splunk Search 08-04-2021 1 5	1	5