Splunk Search

Community Activity

	Regex inside eval is not working I am trying to do a stats count where 2XX https response means as success and any non 2XX means that it's a failure. ... by pjtbasu Explorer in Splunk Search 06-23-2021 0 1	0	1
	[ Search] Finding the same user connecting to Okta from Separate IPs Currently trying to work out a search that would allow me to generate a notable event if a user has made successful c... by mattdev Loves-to-Learn Lots in Splunk Search 06-23-2021 0 0	0	0
	How to get two different field values In a query Hi TeamI am looking to get two different field values in a single query in Splunk, example, I have two different coun... by aaa2324 Explorer in Splunk Search 06-23-2021 0 3	0	3
	Calculate elapsed time from two events Hi,I'm sure I'm not the first to ask this question, but I can't seem to find an answer that covers what I am trying t... by timrich66 Communicator in Splunk Search 06-23-2021 0 12	0	12
	How to trigger second search based on first search where condition I have a dbquery alert which will trigger when first query has more than 250 records then second search will trigger ... by ibob0304 Communicator in Splunk Search 06-23-2021 0 15	0	15
	How to resolve "the max number of concurrent historical searches on this instance has been reached" on Skipped search? How to resolve "the max number of concurrent historical searches on this instance has been reached" on Skipped search... by SamHTexas Builder in Splunk Search 06-23-2021 0 2	0	2
	Is it possible to change default colors for charts? Is it possible to change the default colors for charts (seriesColors), preferably so that it survives an upgrade? I ... by dominiquevocat SplunkTrust in Splunk Search 06-22-2021 0 9	0	9
	Splunk dashboard using drilldown showing detailed info, but also sending email alert for us if result > 0 Guys, I've created a dashboard where I hunt IOCs from OTX intelligence across several logs in Splunk.This dashboard ... by Luciana Explorer in Splunk Search 06-22-2021 0 25	0	25
	Dashboard - How to trigger second search based on first search where condition is : first result count Please, Can someone help me here?Basically , in the first search IF the search stats count >=1 then, a second search ... by Luciana Explorer in Splunk Search 06-22-2021 0 11	0	11
	How can I use the chart to show top 100 of a json list? I have a json list like this:package: [{duration: 100, name: a}, {duration: 90, name: b} ...]and I want to show the t... by LMN007 Engager in Splunk Search 06-22-2021 0 2	0	2
	Splunk wildcard for specific position of character in a host list I have a table with more than 50000 hostnames. I want to run a wild card for 5th & 6th character in a hostname list.M... by utk123 Path Finder in Splunk Search 06-22-2021 0 2	0	2
	Simple regex extraction not working? Hi. I have an event that has the line "Total time taken for process: 535 ms" in it. it's not in a field it's just a r... by eid1550 New Member in Splunk Search 06-22-2021 0 1	0	1
	How to separate sets of information with same field values without using transaction Hello,I have log entries that look like this:2021-06-21 16:36:14 Error Fix Success for issue submitted by user:142021... by Traer001 Path Finder in Splunk Search 06-22-2021 0 3	0	3
	Split apart MV column into other columns Hi,I have a MV field that I need to split apart into other mv fieldsHere is the result of the query What I want it to... by dcase999 Engager in Splunk Search 06-22-2021 0 4	0	4
	Single Value Color Change I have a panel that is a single value that only shows the Health Status as "UP" or "DOWN". If it is "UP" I want it t... by 3666142 Path Finder in Splunk Search 06-22-2021 0 3	0	3
	Joining data from same index on single field value and multifield field Hi I'm trying to join data from same index but with different marker field and multiple values in second index. Examp... by MarekKrzak Observer in Splunk Search 06-22-2021 0 1	0	1
	seemingly empty log returned with search query We keep getting this "empty" log back whenever we do a search within this host/sourcetype. It doesn't seem to matter ... by kmaron Motivator in Splunk Search 06-22-2021 0 0	0	0
	statistics by month HiTry to build a table for the below requirementFirst Column: url2nd Column: jun20213rd Column: May2021.....URL ... by aintechco New Member in Splunk Search 06-22-2021 0 3	0	3
	Remove Line from stats based on value of line So I am writing a query and It all gets piped into stats at the end. There is a value that I want to use to remove li... by WindWalker Engager in Splunk Search 06-22-2021 0 1	0	1
	Case with multiple potential wildcard matches I have a field with error messages that I need a case statement to cleanup for reporting. In this case some of the me... by aohls Contributor in Splunk Search 06-22-2021 0 3	0	3
	Detecting and changing date format. I have a field "Date" as below. However, there are some inconsistency in the date format. How can I get the "30/1/20... by moinyuso96 Path Finder in Splunk Search 06-22-2021 0 1	0	1
	How to feed a query? I am trying to run a simple query, but with a catch. I want to run something like this:index=weblogs somedomain.com ... by jacques Loves-to-Learn in Splunk Search 06-22-2021 0 7	0	7
	Time range not substituted by search We have a SHC at version 8.1.3. When we try to use "earliest" and "latest" in search we get results based on the ear... by coreyCLI Communicator in Splunk Search 06-22-2021 0 1	0	1
	Field value comparison Hi,want to achieve daily,weekly ,monthly, yearly reportempDirectory.csv contains Employee ID,Employee Name, Manager... by abdul Explorer in Splunk Search 06-22-2021 0 1	0	1
	Is it possible to control which file gets indexed first? For example, I would like certain rows "ABC" to have less indextime than "DEF". In normal search, "DEF" would have th... by moinyuso96 Path Finder in Splunk Search 06-21-2021 0 0	0	0