Splunk Search

Community Activity

How to combine a search that relies on latest(_time) for two different fields Hi,I want to create a search that is able to grab both the start and end times of a specific action, but to create th... by ebs Communicator in Splunk Search 06-06-2021 0 1	0	1
Display stats percentage in row instead of columns Hi Splunk experts, I'm generating stats from 3 indexes (System A, B, C) and the results look like this:Table 1:The to... by new2splunk1 Engager in Splunk Search 06-05-2021 0 4	0	4
Dashboard to show count of unique alerts based on host Hello, I have alerts that look like belowMay 13 17:15:30 11.2.3.22 0000017768: NOXXXXXX10A: May 13 2021 17:15:30.467 ... by harry_123 Loves-to-Learn Lots in Splunk Search 06-04-2021 0 13	0	13
license utilization for big increase in paloalto index - solution and root cause index=_internal host="ip" source=license_usage.log type="Usage" [\| inputlookup all_cs_indexes.csv \| renam... by vijaykuma New Member in Splunk Search 06-04-2021 0 1	0	1
How to create dashboard which takes multiple(bulk) inputs ? Hello,I am creating a dashboard, no matter which input can be used, but need is to paste multiple input into dashboar... by splunkerer Path Finder in Splunk Search 06-04-2021 0 6	0	6
Adding filter to query using IN Can I please get some assistance on the below?I'm trying to add a filter TRAN_CLASS!=6 to the below query. When I add... by shrogers Loves-to-Learn Everything in Splunk Search 06-04-2021 0 4	0	4
Integrate Oracle Unified Directory with splunk We have requirement to Integrate Oracle Unified Directory(Authentication and OS logs) with splunk. Action points: Pre... by vijaykuma New Member in Splunk Search 06-04-2021 0 0	0	0
Checking log if some values exist Hello Splunkers,please help.I have two types of search result and i want to make alert only when 1.) occured:1.) 2021... by ivana27 Path Finder in Splunk Search 06-04-2021 0 1	0	1
Need to add the input lookup file in the search Hello All"Good Day"index="aedc"\| rex field=source "-_(?<source>\S+)"\| rex "(?<ModuleID>MY\d+)"\| rex "(?<Path>/F.\s\S+... by renuka Path Finder in Splunk Search 06-04-2021 0 3	0	3
Perform SUM and DIFF on multiple fields Hi,I'am sending some events each minute to Splunk : TIMEIDINOUT08:00A1008:00B00 08:01A2108:01B2208:01C40 08:02A... by Atif Explorer in Splunk Search 06-04-2021 0 3	0	3
head and sort a column inside a table generated by `stats` `base search \| stats values(zipcode), count(zipcode) as c by country \| sort -c \| head 10`which gives me most appeared... by RmDok Loves-to-Learn Lots in Splunk Search 06-04-2021 0 3	0	3
Customize Choropleth Map legend Hello,I have a dashboard with Choropleth map presenting events from various countries (categorical Color mode).In the... by a_n Path Finder in Splunk Search 06-04-2021 0 0	0	0
How to check which lookup file or table have have an specific field im looking for the field "is_prohibited=true". This is field is located in one of lookup table, event type, or tag. H... by junier16 Explorer in Splunk Search 06-03-2021 0 1	0	1
Convert timepicker token to epoch time for eval, regardless of timepicker combination I need to compare my timepicker values (timePicker token) to the field date_e which returns an epoch value. I conve... by dojiepreji Path Finder in Splunk Search 06-03-2021 0 3	0	3
Extract field from Filepath I've got a number of files coming from directories similar to this....C:\File Transfer\Relay Files\8Series_files\WB-C... by teco_akelly Engager in Splunk Search 06-03-2021 0 1	0	1
Help in field extraction Hello,Sorry for a newbie question, I have the following event thats generated{<!-- -->@timestamp: 2021-06-03T17:39:34.720+00:... by badari Engager in Splunk Search 06-03-2021 0 3	0	3
Splunk usage for Rpaas user I need to know more details about splunk usage for Paas/Rpaas users.Can you define us some brief explanation please... by anil1432 Explorer in Splunk Search 06-03-2021 0 0	0	0
SPLUNK output from search query Hello,I am trying to search the splunk log but I am getting the output in payload format. is there a way I can get it... by abidkar Loves-to-Learn Lots in Splunk Search 06-03-2021 0 17	0	17
KV Store percentage depending of a value Good morningIn a kv store we have 3 columns: Subcontrol, Value1 and Value2.We are trying to calculate the percentage ... by javier_reina Explorer in Splunk Search 06-03-2021 0 0	0	0
How to change phone number format in splunk how can we change the phone number format. i used sed mod it is working fine but i want to store the formatted phone ... by ajees_basha Explorer in Splunk Search 06-03-2021 0 10	0	10
tstats, no using stats-function-field, using row-field. Hi, I use tstats, but tstats use required argument ( stats-func ).I want to write SPL.\| tstats summariesonly=t <field... by nasha430 Explorer in Splunk Search 06-03-2021 0 7	0	7
Creating a table that includes a column for date/time of an event Hello! I'll try to keep things as brief and concise as I can, but what you need to know is that I'm currently buildin... by Kuronoa New Member in Splunk Search 06-02-2021 0 1	0	1
Dockerized Splunk Time Zone Forced to UTC I'm having an issue with dockerized splunk post 8.1.3 free. The timezone in the web interface remains as UTC. With 8.... by raidercom Communicator in Splunk Search 06-02-2021 1 1	1	1
Replace placeholders in message templates with property values We are importing structured logs stored as json lines in a text file. An example event:{ "time": "...", "template": "... by nathanjr Engager in Splunk Search 06-02-2021 0 2	0	2
Multiple stats count logic I have an alert which tirggers on following:index=xxx sourcetype=xxx_cdr_event host=at \|search cause_code IN (500... by ainu77 Loves-to-Learn Lots in Splunk Search 06-02-2021 0 0	0	0