Splunk Search

Community Activity

	Case with multiple potential wildcard matches I have a field with error messages that I need a case statement to cleanup for reporting. In this case some of the me... by aohls Contributor in Splunk Search 06-22-2021 0 3	0	3
	Detecting and changing date format. I have a field "Date" as below. However, there are some inconsistency in the date format. How can I get the "30/1/20... by moinyuso96 Path Finder in Splunk Search 06-22-2021 0 1	0	1
	How to feed a query? I am trying to run a simple query, but with a catch. I want to run something like this:index=weblogs somedomain.com ... by jacques Loves-to-Learn in Splunk Search 06-22-2021 0 7	0	7
	Time range not substituted by search We have a SHC at version 8.1.3. When we try to use "earliest" and "latest" in search we get results based on the ear... by coreyCLI Communicator in Splunk Search 06-22-2021 0 1	0	1
	Field value comparison Hi,want to achieve daily,weekly ,monthly, yearly reportempDirectory.csv contains Employee ID,Employee Name, Manager... by abdul Explorer in Splunk Search 06-22-2021 0 1	0	1
	Is it possible to control which file gets indexed first? For example, I would like certain rows "ABC" to have less indextime than "DEF". In normal search, "DEF" would have th... by moinyuso96 Path Finder in Splunk Search 06-21-2021 0 0	0	0
	dbxquery inside a search How do I take the results of a search pass a field into a dbxquery and then display results from both the search and ... by balcv Contributor in Splunk Search 06-21-2021 0 0	0	0
	How to detect outliers if there are also periods with no events I use timechart to count the events per month by department\| timechart span=1mon count AS Aantal by departmentafter t... by rrovers Contributor in Splunk Search 06-21-2021 0 4	0	4
	eval and timechart How can I get STP as a bar chart ? im getting error when i try to do it like this i want to display STP for each mon... by sphiwee Contributor in Splunk Search 06-21-2021 0 4	0	4
	JSON Search Time Extractions Truncated I've been troubleshooting an issue with a search time field extractions of a JSON field being truncated at 4096 chara... by wilcomply13 Explorer in Splunk Search 06-21-2021 0 0	0	0
	variable passed into subsequent search Is it possible to use the value derived from one search and pass it to another search? For example, I have a search a... by rberman Path Finder in Splunk Search 06-21-2021 0 4	0	4
	conditionally using random() Based on my dataset, I have 10 items in total and I wanna generate a new field randomly for each different item. E.g.... by abby_xr Splunk Employee in Splunk Search 06-21-2021 0 0	0	0
	Eval function explanation Can someone help me break down this portion of a search? Is it saying, look for anything older than 30 minutes? eval ... by trojan_81 Path Finder in Splunk Search 06-21-2021 0 1	0	1
	building search query Hi Guys,I am just wondering if anyone can put me in the right direction - I have a question about search queries in S... by dilenthakuri Explorer in Splunk Search 06-21-2021 0 5	0	5
	How to check macro using sourcetype I'm searching for list of indexes using\|tstats count where index=* sourcetype=log4j by index sourcetypeI got results... by sasankganta Path Finder in Splunk Search 06-21-2021 0 1	0	1
	create event for every hour in a search window I need to create a field "search_hours" with values for every hour in (%H:00) format within the search window, whethe... by middlemiddle Explorer in Splunk Search 06-21-2021 0 0	0	0
	timechart sum index="acoe_np_spa_metrics" \| search Project="" AND Volume="" \| timechart span=1mon count(eval(D_Status="F")) as ... by sphiwee Contributor in Splunk Search 06-21-2021 0 1	0	1
	How to search a list of sourcetypes by index and save it as a dashboard panel? I need to get the list of Sourcetypes by Index in a Dashboard. I got this search from Splunk forums which gives the ... by athorat Communicator in Splunk Search 06-21-2021 0 6	0	6
	Subtracting two epoch times after within stats table Hello - we are trying to calculate the possible_duration between the first event and last event in the following base... by jason_hotchkiss Communicator in Splunk Search 06-21-2021 0 4	0	4
	fill the table Hi AllBelow is my query to tabulate a few fields together and count them on basis of its value .I need help with a si... by Learnersplunk21 Engager in Splunk Search 06-21-2021 0 0	0	0
	Splunk is not searching results Index=A sourcetype=B and I can see under fields category filed "C" with count of 10k+ values ..But if I search with ... by sasankganta Path Finder in Splunk Search 06-21-2021 0 6	0	6
	Count New IPs Accessed Over Time We have a daily report that generates an event each time an IP is accessed each day. In order to determine the numbe... by ky129q Engager in Splunk Search 06-21-2021 0 2	0	2
	Is there a function that reveals how long a search job took in Splunk Python's SDK? I am able to print the results of the query with the Splunk Python SDK, is there also a function within it that tells... by ebs Communicator in Splunk Search 06-20-2021 0 0	0	0
	Why is there a time difference in search time between sc_admin and user? Hi.We're running a search through a user role we created specifically for querying through the Splunk API. The search... by ebs Communicator in Splunk Search 06-20-2021 0 0	0	0
	Can I save mvexpand when matching a multivalue lookup? I have a lookup that can return multivalue for two fields, one of them a timestamp, like thiskeytextdatekey1abc\|def20... by yuanliu SplunkTrust in Splunk Search 06-20-2021 0 10	0	10