Splunk Search

Community Activity

How do you combine results based on substring? I have results such as "No image", "No Images", "No images: Blank", etc. I want to combine all results that say no im... by sarahw3 Explorer in Splunk Search 05-24-2021 0 25	0	25
Regex help required Hi Team, Can someone provide me the Regex for the below: \|search (UPN=*T@mail.eeir) by SabariRajanT Path Finder in Splunk Search 05-24-2021 0 13	0	13
Why are we seeing a "Server Error" message after each search, login attempt, etc. on our search head and indexer? We have 1 indexer and 1 search head in our Splunk environment. Since this morning, after every search is run, a 'Serv... by nivedita_viswan Path Finder in Splunk Search 05-24-2021 0 3	0	3
field extraction I have logs like below findContractsByPersonId(String) executed in 463 millisecondsfindContractsByPersonId(String) e... by vinod0313 Explorer in Splunk Search 05-24-2021 0 4	0	4
How to write subquery to run the sub query for timings different from dashboard timings Hi,We need help in drawing the trend for multiple timings in the splunk.Below is my query - index=nextgen sourcetype... by SG Path Finder in Splunk Search 05-24-2021 0 12	0	12
File Latest and Oldest I have a file which I uploaded once (say 1 year ago), i uploaded it again (say 6 months ago) with some changes, and t... by akankshayadav Path Finder in Splunk Search 05-23-2021 0 3	0	3
Multi-value field grouping Hi,I'm sending AWS SSM patching logs to splunk. I'm transforming these via a Lambda and getting the following events... by boffhead New Member in Splunk Search 05-23-2021 0 0	0	0
Using Sparklines with mstats How do I draw a Sparkline from data that comes from a metrics index (ie accessed via the mstats command)?I've tried v... by eddieddieddie Path Finder in Splunk Search 05-23-2021 2 0	2	0
Combining two search and charting successfull event and errors in one chart. Hello everyone,Seeking your help. I have logs where Transaction_ID is unique to transaction. Depending on each tran... by kermit_maness Engager in Splunk Search 05-23-2021 0 1	0	1
Check box for base search Hi guys,For a dashboard panel, I am running base search and hoping to have a checkbox that returns the timechart data... by prajwal_94 Explorer in Splunk Search 05-23-2021 0 1	0	1
ITSI app - Issues in service analyser - Could not load service analyse I have copied ITSI app from one Splunk server to another server . But later when i am trying to access the service a... by ethanthomas Path Finder in Splunk Search 05-22-2021 0 0	0	0
How to return false if all results for a user are the same Hi thereI am trying to construct a search query which checks the ASN a user logs in from within a time period.I would... by DevNull Observer in Splunk Search 05-22-2021 0 1	0	1
Were to use where and when to use OR when to use AND Hi Guys, I am novice somewhat, and confusion has struck.Where does the \| where clause go in the query? Is it before s... by MeMilo09 Path Finder in Splunk Search 05-22-2021 0 2	0	2
Reconnaissance of BOTSv3 Hello,I have completed the BOTSv1 investigation. But when it comes to BOTSv3, it is about cloud. May I know on how to... by splunkbegineer New Member in Splunk Search 05-22-2021 0 0	0	0
Splunk BOTSv3 help Hello Everyone,I am starting my investigation after completion of the BOTSv1 and 2. When it comes to BOTSv3, it is ta... by splunkbegineer New Member in Splunk Search 05-22-2021 0 0	0	0
How to retrieve results for event only if its field does not match that of another event Hello,I am trying to get only the events from my logs that have started a task (in this case, going to a room) and ha... by Traer001 Path Finder in Splunk Search 05-21-2021 0 1	0	1
How can I find out which props/transforms does the Message field extraction? The Message field of wineventlog is being handled by the default configurations or of the TA and I would like to chan... by danielbb Motivator in Splunk Search 05-21-2021 0 4	0	4
metric stats Hello,I'm still very new to splunk and I could use some help. I hope this question is not too general. I would like t... by gerbert Path Finder in Splunk Search 05-21-2021 0 2	0	2
How to use a Lookup table or an Imported CSV file to perform a search Hello Everyone and welcomeis there a way to import a csv file to then use it a search parameter to search for events ... by andres91302 Communicator in Splunk Search 05-21-2021 0 1	0	1
Field calculation for flow of events Dear Splunkers, I have a flow of events and need to perform alarm when some value, e.g. metricValue is greater than t... by yudzhin Explorer in Splunk Search 05-21-2021 0 0	0	0
User agent browser type display issue Hi team I tried the below spl eval command index=aws Website="*"\| stats count(eval(match(User_Agent, "Firefox"))) as ... by jaibalaraman Path Finder in Splunk Search 05-21-2021 0 6	0	6
count time between each period time Hello dear community,I have a splunk search where I look for all the events that occur over a specific period of time... by wcastillocruz Path Finder in Splunk Search 05-21-2021 0 0	0	0
Using custom metrices indexes. How to use metrics index to store metrics data from events on SH?Does is it possible to have multiple values and mul... by yogeshpunia66 Loves-to-Learn in Splunk Search 05-21-2021 0 0	0	0
Display ticket status and count Need help with a query please:I have ticket data where the life cycle is Assigned, Work in Progress, Fixed, Closed an... by nischal45 Engager in Splunk Search 05-21-2021 0 3	0	3
How to color the Scheduled Report table results in mail ? I have one scheduled report which will provide below table results in email. Requirement is to color the 'Validation ... by georgear7 Communicator in Splunk Search 05-21-2021 0 2	0	2