Splunk Search

Community Activity

Add count of field instead of just count it Hi I have log file that each minute store 1 event like this8:00 18:01 18:02 1 instead of counting i want store ... by indeed_2000 Motivator in Splunk Search 07-08-2021 0 7	0	7
color statistic table cell dynamically on certain rule using other field value Want to change color of statistic table cell value on certain rule using other field.TABLE:Region, Device, Service, L... by Abhineet Loves-to-Learn Everything in Splunk Search 07-08-2021 0 1	0	1
How to combine event and summary indexes into a single search? Is it possible to setup a dashboard query that uses the main event index for "today", and summary index for all other... by timgren Path Finder in Splunk Search 07-08-2021 0 1	0	1
Running an eval after a sub-search make my comparison negative I am trying to make a comparison of one field against itself but from a previous day. The use case is I'm trying to ... by mybestfriendbob Explorer in Splunk Search 07-08-2021 0 3	0	3
How to run/optimize long ad-hoc searches with lookup I'm trying to see if there are hits with Kaseya related domains in my Web datamodel. As I understand we need to use w... by dauren_akilbeko Communicator in Splunk Search 07-08-2021 0 2	0	2
Not able to create a table from fields extracted from a JSON using regex Hi All,I wrote a regular expression to extract fields from an event containing data in the JSON format. The regular e... by nikhil108 Observer in Splunk Search 07-08-2021 0 3	0	3
Remove double quotes and slashes from the field i am having field like this below. message :"{"\payement":"xxx", "\account:" xxx"}" I want the first and last q... by Rukmani_Splunk Path Finder in Splunk Search 07-08-2021 0 4	0	4
Microsoft Office 365 Reporting Add-on not obeying interval configuration Hi, we are using version 1.2.4 on Splunk 7.3.7, and we noticed our interval setting of (interval=600 / 10 mins) is no... by becksyboy Contributor in Splunk Search 07-08-2021 0 4	0	4
syslogs for network equipments to forward syslog to splunk indexer Greetings!! I would like to ask about Syslog logs for network devices, I have added new network devices by doing co... by pacifikn Communicator in Splunk Search 07-07-2021 0 4	0	4
TIME_PREFIX and TIME_FORMAT for Props configuration File Hi,How I would write TIME_PREFIX and TIME_FORMAT for props configuration file for the following events (4- sample ev... by SplunkDash Motivator in Splunk Search 07-07-2021 0 3	0	3
How to display zero value in a chart with multiple fields Hi! i am trying to create a search to display zero values in my chart. However my current search has multiple calcula... by yvassilyeva Path Finder in Splunk Search 07-07-2021 0 5	0	5
Splunk Fundamentals Module 5 Hi, I am testing out Splunk Fundamentals 1, and on Module 5 of the lab portion, after running the search, I am not ge... by avergar5 Engager in Splunk Search 07-07-2021 1 5	1	5
search all event after specific string Hi1-I want to search result return everything after specific event till now.for example: index=main \| search "start ... by indeed_2000 Motivator in Splunk Search 07-07-2021 0 2	0	2
Splunk REST API with NodeJs: trouble getting started creating a search job I'm new to this, and would appreciate any help from someone who uses NodeJs with Splunk. I can successfully query pas... by mattee1283 New Member in Splunk Search 07-07-2021 0 0	0	0
How can I calculate counts for active Qualys vulnerabilities I am ingesting Qualys data via the Qualys Technology Add-on for Splunk (v1.8.7). To reduce daily volume, I have chose... by ejwade Contributor in Splunk Search 07-07-2021 0 2	0	2
subtracting 2 timestamps and then evaluating if that result is longer than 1 hour I have two timestamps that are in this format within my log events:start: 2005-07-05T04:28:34.453494Zend: 2005-07-05T... by samnew4598 Explorer in Splunk Search 07-07-2021 0 2	0	2
How to write rex with sed mode so that it shows/extracts all unique numbers with specific digits masked ? Hi, novice splunker here. How could I search or extract all the unique numbers while keeping certain digits masked? ... by user290317 Explorer in Splunk Search 07-07-2021 1 5	1	5
New lookup is not working Hi team,I already worked with the lookup feature of splunk, tables, definitions and automatic lookup, and is working ... by gustavoortega New Member in Splunk Search 07-07-2021 0 2	0	2
How to overwrite the indexer data. Is there any possibility to over write the index data ,for example the data is indexing by the below query.\| inputlo... by vinod743374 Communicator in Splunk Search 07-07-2021 0 4	0	4
How to combine multiple searches in same alert HI,I have 3 searches that give results for errors and journey length. I wanted to add all these searches together and... by SG Path Finder in Splunk Search 07-07-2021 0 0	0	0
How to combine multiple searches in same alert HI,I have 3 searches that give results for errors and journey length. I wanted to add all these searches together and... by SG Path Finder in Splunk Search 07-07-2021 0 0	0	0
Fill in 0 for timechart with missing values I'm generating a chart with event count by date. The problem is for dates with no events, the chart is empty. I wan... by the_wolverine Champion in Splunk Search 07-07-2021 5 7	5	7
How to use regex to filter out logs? Hi community,I have the need to exclude AIX logs containing a certain field value.This is the regex the parser is usi... by martaBenedetti Path Finder in Splunk Search 07-07-2021 0 5	0	5
Best way of making base search Hello everyone! I need some help with figuring out how to make this base search the best way without hitting the 500.... by N-W Explorer in Splunk Search 07-06-2021 0 6	0	6
Splunk Fundamentals Module 5 Lab In Module 5 Lab #8, I am asked to perform a search using the "fail* AND password" command over ALL TIME. The search r... by Floyd22 Engager in Splunk Search 07-06-2021 0 0	0	0