Splunk Search

Community Activity

How to read an array of fields from a single event and make into different records ? Hi,In Splunk, I have Test Automation results logs which has details like Test case name, Test Status, Error, Duration... by JP Explorer in Splunk Search 07-20-2021 0 13	0	13
Using Time Modifiers in search for timechart Hello - I was reading this: https://docs.splunk.com/Documentation/SCS/current/Search/TimemodifiersBut it is not very... by jason_hotchkiss Communicator in Splunk Search 07-20-2021 0 2	0	2
Search for a snapshot count total for the last 20 mins on every hour I'm looking to do a search that captures a snapshot of how many devices from certain subnets we have had going throug... by FC50 Path Finder in Splunk Search 07-20-2021 0 9	0	9
Converting a field from a string to a number So, long story short...I am trying to determine the event count by source, which host is producing the most events in... by jason_hotchkiss Communicator in Splunk Search 07-20-2021 0 4	0	4
Extracting a field after a certain text string Hello, I'm trying to extract some SSID info into a field in Splunk. This info comes after a certain text string in so... by FC50 Path Finder in Splunk Search 07-20-2021 0 3	0	3
what is the format to use for a date in a search / dashboard I tried to specify an exact date for a search time range, but couldn't make it work relative and epoch date works : ... by mataharry Communicator in Splunk Search 07-20-2021 3 11	3	11
Suppose i have some process to run to give input and output count based on that we were calculating rejection percentage Suppose i have some process to run to give input and output count based on that we were calculating rejection percent... by 9198459056 Loves-to-Learn Everything in Splunk Search 07-20-2021 0 0	0	0
How to perform incremental search I have some events data in which I have fields like Eventid, EventTime, EventRunId, AccountID etc. As per my use case... by hmlathigara Observer in Splunk Search 07-20-2021 0 1	0	1
Help with Palo Alto Network and Splunk Good afternoon!I have Palo Alto generating logs and redirecting them to Splunk, I am wanting to use Palo Alto Network... by JoseMaría Explorer in Splunk Search 07-20-2021 0 0	0	0
Variable reference in To: field of an email alert. Hi Splunk Team.Can I use variable reference in To: field of an email alert? I have a distribution_list variable assoc... by mdzmuran Observer in Splunk Search 07-20-2021 0 3	0	3
Calculate after stats command L.s.,I want to get the latency from the input from a forwarder to an index. So whe use the app Meta_woot. It creates ... by jariw Path Finder in Splunk Search 07-19-2021 0 4	0	4
Can I specify app name in Splunk query and run that query from any app ? Can I specify app name in Splunk query and run that query from any app ? by VS0909 Communicator in Splunk Search 07-19-2021 0 3	0	3
File will not be read, seekptr checksum did not match I am getting the error below"File will not be read, seekptr checksum did not match (file=<file name>0). Last time we ... by mcohen13 Loves-to-Learn in Splunk Search 07-19-2021 0 0	0	0
Multiple stats command bin _time span=1h \| stats count(eval(eventDay==curDay)) AS cv by uid \| stats count(eval(eventDay!=curDay)) AS ce by ... by lkslsaks Loves-to-Learn in Splunk Search 07-19-2021 0 2	0	2
Specify App Name in Splunk Query I want to execute a query in app1, but I want to get the data from app2For eg:Execute query in app1 "index="abc", Th... by VS0909 Communicator in Splunk Search 07-19-2021 0 5	0	5
How to detect when files are deleted, modified, or read on Windows Server? Hello there, I'm trying to monitor file access on our file server (Windows 2012 R2) with Splunk Light but I can't q... by elindemann Engager in Splunk Search 07-19-2021 0 3	0	3
Windows TA field extractions are not working Hi, When I search for Windows Event Logs using : index=oswin sourcetype=XmlWinEventLog I'm not getting any pars... by iainsmart Engager in Splunk Search 07-19-2021 0 4	0	4
1% slowest requests Iis Hi,I am looking on generating a search to find the 1% slowest requests from IIS logs however I am not sure if this is... by joe06031990 Communicator in Splunk Search 07-19-2021 0 0	0	0
Disjoint results of multiple searches I have 2 query searches, one returns set result A and the other one returns set result B. I would like to get the res... by mhagoel Engager in Splunk Search 07-19-2021 0 1	0	1
Multivalue-Field Filter I receive a bunch of messages that all are assigned to a group by the groupID.I also have a dynamic set of a range as... by doki971 Loves-to-Learn Everything in Splunk Search 07-19-2021 0 10	0	10
alert when directory or subdirectory does not have file that created today HiI have file server that everyday backups of servers copy on that server on below path:/backup/files//backup/files/s... by indeed_2000 Motivator in Splunk Search 07-19-2021 0 3	0	3
How can I perform a lookup of a value against Threat Intelligence datamodel to see if it is present or not? Hi, I am using the Threat Intelligence datamodel in my Splunk ES environment. It is being populated with a Threat Int... by ezmo1982 Path Finder in Splunk Search 07-19-2021 0 0	0	0
Compare 2 Multivalue Fields I am looking to run a search and filter out whitelisted exceptions in a lookup file. 2 of the fields could contain m... by pkohn117 Explorer in Splunk Search 07-19-2021 0 5	0	5
Join with calculated earliest Hi,I don't know if it is possible, but I would like to specify the time range of a join subsearch from a calculated v... by szabolcs Explorer in Splunk Search 07-19-2021 0 4	0	4
Need calculate a count of each "Su M Tu W Th F Sa" between two dates Hello,i´m looking to get this result between each start /end time.hope you could help me For example:Start timeEndti... by cpm003 Path Finder in Splunk Search 07-19-2021 0 5	0	5