Splunk Search

Community Activity

	Splunk dashboard using drilldown showing detailed info, but also sending email alert for us if result > 0 Guys, I've created a dashboard where I hunt IOCs from OTX intelligence across several logs in Splunk.This dashboard ... by Luciana Explorer in Splunk Search 06-22-2021 0 25	0	25
	Dashboard - How to trigger second search based on first search where condition is : first result count Please, Can someone help me here?Basically , in the first search IF the search stats count >=1 then, a second search ... by Luciana Explorer in Splunk Search 06-22-2021 0 11	0	11
	How can I use the chart to show top 100 of a json list? I have a json list like this:package: [{duration: 100, name: a}, {duration: 90, name: b} ...]and I want to show the t... by LMN007 Engager in Splunk Search 06-22-2021 0 2	0	2
	Splunk wildcard for specific position of character in a host list I have a table with more than 50000 hostnames. I want to run a wild card for 5th & 6th character in a hostname list.M... by utk123 Path Finder in Splunk Search 06-22-2021 0 2	0	2
	Simple regex extraction not working? Hi. I have an event that has the line "Total time taken for process: 535 ms" in it. it's not in a field it's just a r... by eid1550 New Member in Splunk Search 06-22-2021 0 1	0	1
	How to separate sets of information with same field values without using transaction Hello,I have log entries that look like this:2021-06-21 16:36:14 Error Fix Success for issue submitted by user:142021... by Traer001 Path Finder in Splunk Search 06-22-2021 0 3	0	3
	Split apart MV column into other columns Hi,I have a MV field that I need to split apart into other mv fieldsHere is the result of the query What I want it to... by dcase999 Engager in Splunk Search 06-22-2021 0 4	0	4
	Single Value Color Change I have a panel that is a single value that only shows the Health Status as "UP" or "DOWN". If it is "UP" I want it t... by 3666142 Path Finder in Splunk Search 06-22-2021 0 3	0	3
	Joining data from same index on single field value and multifield field Hi I'm trying to join data from same index but with different marker field and multiple values in second index. Examp... by MarekKrzak Observer in Splunk Search 06-22-2021 0 1	0	1
	seemingly empty log returned with search query We keep getting this "empty" log back whenever we do a search within this host/sourcetype. It doesn't seem to matter ... by kmaron Motivator in Splunk Search 06-22-2021 0 0	0	0
	statistics by month HiTry to build a table for the below requirementFirst Column: url2nd Column: jun20213rd Column: May2021.....URL ... by aintechco New Member in Splunk Search 06-22-2021 0 3	0	3
	Remove Line from stats based on value of line So I am writing a query and It all gets piped into stats at the end. There is a value that I want to use to remove li... by WindWalker Engager in Splunk Search 06-22-2021 0 1	0	1
	Case with multiple potential wildcard matches I have a field with error messages that I need a case statement to cleanup for reporting. In this case some of the me... by aohls Contributor in Splunk Search 06-22-2021 0 3	0	3
	Detecting and changing date format. I have a field "Date" as below. However, there are some inconsistency in the date format. How can I get the "30/1/20... by moinyuso96 Path Finder in Splunk Search 06-22-2021 0 1	0	1
	How to feed a query? I am trying to run a simple query, but with a catch. I want to run something like this:index=weblogs somedomain.com ... by jacques Loves-to-Learn in Splunk Search 06-22-2021 0 7	0	7
	Time range not substituted by search We have a SHC at version 8.1.3. When we try to use "earliest" and "latest" in search we get results based on the ear... by coreyCLI Communicator in Splunk Search 06-22-2021 0 1	0	1
	Field value comparison Hi,want to achieve daily,weekly ,monthly, yearly reportempDirectory.csv contains Employee ID,Employee Name, Manager... by abdul Explorer in Splunk Search 06-22-2021 0 1	0	1
	Is it possible to control which file gets indexed first? For example, I would like certain rows "ABC" to have less indextime than "DEF". In normal search, "DEF" would have th... by moinyuso96 Path Finder in Splunk Search 06-21-2021 0 0	0	0
	dbxquery inside a search How do I take the results of a search pass a field into a dbxquery and then display results from both the search and ... by balcv Contributor in Splunk Search 06-21-2021 0 0	0	0
	How to detect outliers if there are also periods with no events I use timechart to count the events per month by department\| timechart span=1mon count AS Aantal by departmentafter t... by rrovers Contributor in Splunk Search 06-21-2021 0 4	0	4
	eval and timechart How can I get STP as a bar chart ? im getting error when i try to do it like this i want to display STP for each mon... by sphiwee Contributor in Splunk Search 06-21-2021 0 4	0	4
	JSON Search Time Extractions Truncated I've been troubleshooting an issue with a search time field extractions of a JSON field being truncated at 4096 chara... by wilcomply13 Explorer in Splunk Search 06-21-2021 0 0	0	0
	variable passed into subsequent search Is it possible to use the value derived from one search and pass it to another search? For example, I have a search a... by rberman Path Finder in Splunk Search 06-21-2021 0 4	0	4
	conditionally using random() Based on my dataset, I have 10 items in total and I wanna generate a new field randomly for each different item. E.g.... by abby_xr Splunk Employee in Splunk Search 06-21-2021 0 0	0	0
	Eval function explanation Can someone help me break down this portion of a search? Is it saying, look for anything older than 30 minutes? eval ... by trojan_81 Path Finder in Splunk Search 06-21-2021 0 1	0	1