Splunk Search

Community Activity

	How can we optimize a query that consumes lots of cpu? We have the following code that ran for one and a half hours last week and consumed lots of cpu. How can we optimize ... by danielbb Motivator in Splunk Search 07-26-2021 0 9	0	9
	Search improvement Hi - looking for a more efficient way to do this, if anyone has any tips: index=xyz sourcetype=abc NOT user_email=una... by ibmbaranski Engager in Splunk Search 07-26-2021 0 1	0	1
	Log format for Splunk key=value Hello guys,do you advice this log format:key=value instead of key="value" ? Thanks. by splunkreal Motivator in Splunk Search 07-26-2021 0 2	0	2
	Loop through single column list in Inputlookup csv and check if column values are found across multiple index events Hello. I have an input lookup csv file with a single column named “Domain” that has a list of domain names in that co... by dk777 New Member in Splunk Search 07-26-2021 0 1	0	1
	How to get the difference of columns from two different tables? (the number of rows in the column is different) Hi! My task is as follows: I want to compare the increment of a certain type of errors: the average value of each typ... by iyanushkevich Loves-to-Learn Lots in Splunk Search 07-26-2021 0 4	0	4
	Transaction not grouping results with startswith and endswith filter I am doing the labs for Fundamentals Part 2 and I am not understanding something I have to use the startswith and end... by dasfx Engager in Splunk Search 07-26-2021 0 2	0	2
	Group widgets/panel in a dashboard with a common border How to add group widgets/panel in a dashboard with a common border?Eggroup1 : panel1, panel 2 - combined border fo... by VS0909 Communicator in Splunk Search 07-26-2021 0 1	0	1
	specifying field in Field Extraction in search, w/ rex command I can specify which field I want to apply the Regex as following example\| rex field=event "... by Rabbit Loves-to-Learn in Splunk Search 07-25-2021 0 5	0	5
	Heavy forwarder and sysmon Hello friends, Suppose I install Microsoft Sysmon on a Windows server. I then go install the Universal Forwarder on ... by verifi81 Path Finder in Splunk Search 07-25-2021 0 2	0	2
	Regex help Hi,I have below sources,source = C:\Stats\user1\Tmpdata\Mappers\Consolesx\start.logsource = C:\Stats\user2\Tmpdata\... by SS1 Path Finder in Splunk Search 07-25-2021 0 4	0	4
	Help with Dashboarding Hello,Here is the whole context and question:https://community.splunk.com/t5/Splunk-Search/Aggregate-query-help/m-p/5... by aag Engager in Splunk Search 07-25-2021 0 1	0	1
	How do I implement multiple rename commands based on user input I have a single algorithm with 2 methods. Each method produces the same type of data but with different fields names ... by actionabledata Path Finder in Splunk Search 07-24-2021 0 0	0	0
	Multiple Rows into one row with primary key Hi, I have data that looks like this (as you can see user_id 9 has filled numerous rows). This is just a csv ingested... by jimhill Engager in Splunk Search 07-24-2021 0 4	0	4
	Dynamically Change panel background color based on returned value (no js possible) Hi. First, I've been using this forum for a few months now as I'm new to Splunk. Thanks to all the contributors on ... by AdrianH Explorer in Splunk Search 07-24-2021 0 4	0	4
	Combine two stacked bar charts side by side Hi All, I have a use case to align two stacked graphs side by side. So, there are 4 columns with values for any parti... by Abhishek_ Observer in Splunk Search 07-24-2021 0 2	0	2
	Firewall logs sourcetype=cp_log action!=Drop OR action!=Reject OR action!=dropped I am socked ,when i am searching with above quer... by rahul8777 Explorer in Splunk Search 07-24-2021 0 2	0	2
	how to set limit Hello Experts,I am new to Splunk and trying to build basic queries in Splunk to build use cases. Currently I am worki... by parthou Explorer in Splunk Search 07-23-2021 0 8	0	8
	How can I display values of a common field occurring in two different event ID's? There are various event codes like eventID = "123" , eventID ="456", eventID = "789" . There are some "appID" field... by ASTARS47 New Member in Splunk Search 07-23-2021 0 1	0	1
	Aggregate query help Hi Team - I am trying to first search and then aggregate results from following Splunk logs:Raw format: "buildDimens... by aag Engager in Splunk Search 07-23-2021 0 2	0	2
	How do I get Spunk to parse the events returned by a custom generating command? I have a custom generating command that returns events to Splunk, however those events are not parsed, so the kv data... by mlf Path Finder in Splunk Search 07-23-2021 0 0	0	0
	Splunk dashboard : Text input token is caching the previously entered value. I have a dashboard with multiple inputs. These inputs are like filters on top of basic search. I want1. if phone mdn ... by bhavika100 Explorer in Splunk Search 07-23-2021 0 4	0	4
	Field extraction with multiple matches per line Hi all, I'm trying to pull out the MAC addresses from a series of records which is mostly working using the followin... by martinpugh Explorer in Splunk Search 07-23-2021 0 3	0	3
	How to join 2 indexes Hi All,I want to join two indexes and get a result. Search Query -1index=Microsoft\| eval Event_Date=mvindex('eventDat... by alexspunkshell Contributor in Splunk Search 07-23-2021 0 9	0	9
	How to edit my search to omit results of a subsearch from the main search using NOT? Hello Splunkers, I've been trying to solve this problem for a while now but I am still not able to NOT the contents o... by lbogle Contributor in Splunk Search 07-23-2021 0 10	0	10
	How to skip/ignore one letter character from filtered log Hello Team, rex field=_raw "string_list=%25(?<new_field1>\w+)%25" Above condition will get a word between %25 to %25,... by Rakesh915473 Explorer in Splunk Search 07-23-2021 0 4	0	4