Splunk Search

Community Activity

Search Time Issue I'm having a bit of issue with my current logic. Ideally my lookup would contain three months of data, however when t... by wilcomply13 Explorer in Splunk Search 07-21-2021 0 2	0	2
How to calculate shift users from SSL VPN login sessions I am wanted to calculate shift Analysts VPN session start and end time duration to exactly capture the shift during 2... by elxbee Loves-to-Learn in Splunk Search 07-21-2021 0 5	0	5
kv store search, send alert and also store the the alert sent information Hi everyone, I am trying to use Splunk to catch a flag and also send an alert in a report if department = "business ... by longmen Path Finder in Splunk Search 07-21-2021 0 14	0	14
json field extraction Hi Splunk Experts,Below is a sample event, I have below spath msg.message.details, I am trying to extract certain fi... by prasant Path Finder in Splunk Search 07-21-2021 0 4	0	4
Count with few eval and timechart Hi,i have a problem with a few queries. I have something actually like this: index = nsw_prod_eximee ERROR \| rex fi... by michalmartofel Observer in Splunk Search 07-21-2021 0 2	0	2
Join - how do I fillnull on a join? Join is much more efficient. Is it possible to fillnull on a join so that I can collect the results for events for w... by the_wolverine Champion in Splunk Search 07-21-2021 2 3	2	3
Different events number while searching via python sdk Hi,I am using python SDK to search with this configuration:query_kwargs = {<!-- -->'earliest_time': earliest, ... by osnathy83 Observer in Splunk Search 07-21-2021 0 0	0	0
Inputlookup some data not matching with dbxquery I have a dbxquery which pulls some applicationdata which includes servername. Also I have a inputlookup which fetche... by rijuth New Member in Splunk Search 07-20-2021 0 2	0	2
Search - Combine different events which are results of a single search command Hi,My Jenkins sends my testresults data for the same job (Automation regression tests job) to Splunk in multiple eve... by JP Explorer in Splunk Search 07-20-2021 0 2	0	2
Time Chart Command Question I am reading:The following section: https://docs.splunk.com/Documentation/Splunk/latest/SearchReference/timechartlimi... by jason_hotchkiss Communicator in Splunk Search 07-20-2021 0 2	0	2
Col operation Hi everyone,Is it possible to achieve this: My search has resulted in four columnsColumn1 Column2 Colu... by mandyst Engager in Splunk Search 07-20-2021 0 2	0	2
How to read an array of fields from a single event and make into different records ? Hi,In Splunk, I have Test Automation results logs which has details like Test case name, Test Status, Error, Duration... by JP Explorer in Splunk Search 07-20-2021 0 13	0	13
Using Time Modifiers in search for timechart Hello - I was reading this: https://docs.splunk.com/Documentation/SCS/current/Search/TimemodifiersBut it is not very... by jason_hotchkiss Communicator in Splunk Search 07-20-2021 0 2	0	2
Search for a snapshot count total for the last 20 mins on every hour I'm looking to do a search that captures a snapshot of how many devices from certain subnets we have had going throug... by FC50 Path Finder in Splunk Search 07-20-2021 0 9	0	9
Converting a field from a string to a number So, long story short...I am trying to determine the event count by source, which host is producing the most events in... by jason_hotchkiss Communicator in Splunk Search 07-20-2021 0 4	0	4
Extracting a field after a certain text string Hello, I'm trying to extract some SSID info into a field in Splunk. This info comes after a certain text string in so... by FC50 Path Finder in Splunk Search 07-20-2021 0 3	0	3
what is the format to use for a date in a search / dashboard I tried to specify an exact date for a search time range, but couldn't make it work relative and epoch date works : ... by mataharry Communicator in Splunk Search 07-20-2021 3 11	3	11
Suppose i have some process to run to give input and output count based on that we were calculating rejection percentage Suppose i have some process to run to give input and output count based on that we were calculating rejection percent... by 9198459056 Loves-to-Learn Everything in Splunk Search 07-20-2021 0 0	0	0
How to perform incremental search I have some events data in which I have fields like Eventid, EventTime, EventRunId, AccountID etc. As per my use case... by hmlathigara Observer in Splunk Search 07-20-2021 0 1	0	1
Help with Palo Alto Network and Splunk Good afternoon!I have Palo Alto generating logs and redirecting them to Splunk, I am wanting to use Palo Alto Network... by JoseMaría Explorer in Splunk Search 07-20-2021 0 0	0	0
Variable reference in To: field of an email alert. Hi Splunk Team.Can I use variable reference in To: field of an email alert? I have a distribution_list variable assoc... by mdzmuran Observer in Splunk Search 07-20-2021 0 3	0	3
Calculate after stats command L.s.,I want to get the latency from the input from a forwarder to an index. So whe use the app Meta_woot. It creates ... by jariw Path Finder in Splunk Search 07-19-2021 0 4	0	4
Can I specify app name in Splunk query and run that query from any app ? Can I specify app name in Splunk query and run that query from any app ? by VS0909 Communicator in Splunk Search 07-19-2021 0 3	0	3
File will not be read, seekptr checksum did not match I am getting the error below"File will not be read, seekptr checksum did not match (file=<file name>0). Last time we ... by mcohen13 Loves-to-Learn in Splunk Search 07-19-2021 0 0	0	0
Multiple stats command bin _time span=1h \| stats count(eval(eventDay==curDay)) AS cv by uid \| stats count(eval(eventDay!=curDay)) AS ce by ... by lkslsaks Loves-to-Learn in Splunk Search 07-19-2021 0 2	0	2