Splunk Search

Community Activity

	Disjoint results of multiple searches I have 2 query searches, one returns set result A and the other one returns set result B. I would like to get the res... by mhagoel Engager in Splunk Search 07-19-2021 0 1	0	1
	Multivalue-Field Filter I receive a bunch of messages that all are assigned to a group by the groupID.I also have a dynamic set of a range as... by doki971 Loves-to-Learn Everything in Splunk Search 07-19-2021 0 10	0	10
	alert when directory or subdirectory does not have file that created today HiI have file server that everyday backups of servers copy on that server on below path:/backup/files//backup/files/s... by indeed_2000 Motivator in Splunk Search 07-19-2021 0 3	0	3
	How can I perform a lookup of a value against Threat Intelligence datamodel to see if it is present or not? Hi, I am using the Threat Intelligence datamodel in my Splunk ES environment. It is being populated with a Threat Int... by ezmo1982 Path Finder in Splunk Search 07-19-2021 0 0	0	0
	Compare 2 Multivalue Fields I am looking to run a search and filter out whitelisted exceptions in a lookup file. 2 of the fields could contain m... by pkohn117 Explorer in Splunk Search 07-19-2021 0 5	0	5
	Join with calculated earliest Hi,I don't know if it is possible, but I would like to specify the time range of a join subsearch from a calculated v... by szabolcs Explorer in Splunk Search 07-19-2021 0 4	0	4
	Need calculate a count of each "Su M Tu W Th F Sa" between two dates Hello,i´m looking to get this result between each start /end time.hope you could help me For example:Start timeEndti... by cpm003 Path Finder in Splunk Search 07-19-2021 0 5	0	5
	find top maximum transaction duration HiI have log file like this:2021-07-15 00:00:01,869 INFO APP.InEE-p1-1234567 [AppListener] Receive Message[A123]: Q[p... by indeed_2000 Motivator in Splunk Search 07-19-2021 0 10	0	10
	Splunk query to display % failures Need help with a Splunk query to display % failures % failures = A1/A2 *100A1= Total number of events returned by th... by VS0909 Communicator in Splunk Search 07-19-2021 0 5	0	5
	calculate difference for each group actionfeatureversionlocationcount?difference?Af1v1WA1200Af1v1OR11010Af1v1CA1155Bf1v1AZ1200Af1v2WA141Af1v2OR105Bf1v2AZ... by 5296 Loves-to-Learn Lots in Splunk Search 07-19-2021 0 1	0	1
	Sum of duration problem I created some of the columns using regex. So all of the codes for the regex needs to be included. I would like to fi... by moinyuso96 Path Finder in Splunk Search 07-18-2021 0 2	0	2
	Calculate Transaction Duration Hii have log file like this: 2021-07-15 00:00:01,869 INFO client.InEE-server1-1234567 [AppListener] Receive Message[A... by indeed_2000 Motivator in Splunk Search 07-17-2021 0 6	0	6
	How to link multiple sourcetypes based on multiple fields I have a few sourcetypes, looking something like this:sourcetype=weatherdate, location, temperaturesourcetype=actions... by Laurengineer Engager in Splunk Search 07-17-2021 0 1	0	1
	Junk characters showing when I use stats with list command to get the logins and logout of a VPN Dear Community Members ,In splunk cloud instance :I am trying to get VPN login and logout for users in a single table... by asing13 Path Finder in Splunk Search 07-17-2021 0 2	0	2
	How to fix Splunk from incorrectly extracting hostname field in syslog events? Hi there, we have an issue with hostname extraction from syslog events. Normaly the extraction works fine, but for ... by krusty Contributor in Splunk Search 07-17-2021 0 7	0	7
	Enrichment with sub-search in a certain time period by using index Hi Folks,I am trying to enrich my search with subsearch in the same time bucket/bin. The search can be found below.De... by splunkerer Path Finder in Splunk Search 07-17-2021 0 1	0	1
	Mulit lookup with same event-field, lookup-destfield and event-destfield Hi AllI'm new on splunk and have following problem.We need data from a table depending on the value of a variable. Fo... by Lukas85 New Member in Splunk Search 07-17-2021 0 1	0	1
	Rex syntax to define result data Hello, I am looking to clean up the result data from a Splunk query.How do I remove all the text prior to the user na... by jsturgeon New Member in Splunk Search 07-16-2021 0 1	0	1
	Splunk ES and Correlation searches Hello Splunkers.I'm working on some of the usecases on ES and one of the request that I've got from my upper manageme... by revanthammineni Path Finder in Splunk Search 07-16-2021 0 2	0	2
	Need to remove duplicate data We have 3 different (Active,Closed,Resolved) records for same Incident and we need to retrieve only Active incident r... by shashi584 Explorer in Splunk Search 07-16-2021 0 6	0	6
	search different index I have 3 different indexes and they asked me to search by document number.The structure of the logs is different inc... by splunkcol Builder in Splunk Search 07-16-2021 0 2	0	2
	Datamodel acceleration date range forced to last month Hi, i need help with some datamodel acceleration issues in CIM.The problem is that i accelerated a datamodel with 1y ... by joshiro Communicator in Splunk Search 07-16-2021 0 3	0	3
	Need to pull IP from Message field Hey all, I'm trying to separate out the IP address (Source Network Address:) from the Windows event Message field. I'... by radalliance Engager in Splunk Search 07-16-2021 0 3	0	3
	How to extract value from log events with type as json object or json array?? Our event log has request and response. Request and response body can either be a json object or json array. I need t... by bhavika100 Explorer in Splunk Search 07-16-2021 0 5	0	5
	Several email distribution lists on alert Hi Splunk Community.I have an alert, which runs a query regularly, for example hourly 247365. If the alert is trigg... by mdzmuran Observer in Splunk Search 07-16-2021 0 3	0	3