Splunk Search

Community Activity

Regex search help I was asked to " update a search to append a final ' \| regex PatternStringMatch="[A-Z]" query that will look for anyt... by nangrosso Engager in Splunk Search 05-25-2021 0 6	0	6
Dashboard: Split field into unknown number of separate fields and be clickable Hi there,I have challenge which i am not sure if this is possible in Splunk.I have directory data with documents. On ... by hvdtol Path Finder in Splunk Search 05-25-2021 0 1	0	1
File Comparision How can we compare different versions of a file? by akankshayadav Path Finder in Splunk Search 05-25-2021 0 11	0	11
Windows Defender discovery on Splunk? Hi everybody.I'm back using Splunk after some years, so I'm a bit "rusty".This is my scenario: suppose I have a netwo... by SecurityBear Engager in Splunk Search 05-25-2021 0 3	0	3
How can I add a percentage sign to the radial gauge number that is displayed at the bottom? Is it possible to set the format type of a radial gauge to % or somehow decorate the number display with a % sign? q... by jaj Path Finder in Splunk Search 05-25-2021 0 6	0	6
How do I get only certain value from a log in results ? Is it possible to get a particular value from search results in my final output. I'm having a hard time getting them ... by kkrish0602 Loves-to-Learn in Splunk Search 05-25-2021 0 5	0	5
Filter events by length of json field I'm trying put together a query to find some outlier events with very long values within a complex structure. index=m... by ShagVT Path Finder in Splunk Search 05-25-2021 0 1	0	1
Change single quote to double quote I'm working with a data source that has two different versions. In one version the information is double quoted whil... by jwhughes58 Contributor in Splunk Search 05-25-2021 0 3	0	3
How do I add a label to a dashboard using rest command for several lookups ? Hello There, I am able to use the \| rest command to obtain the date that the lookup was last updated in Splunk. Howev... by MeMilo09 Path Finder in Splunk Search 05-24-2021 0 1	0	1
How to Combine multiple rows into comma separated single row ? Is it possible to combine multiple rows into one row ? COLUMN frow1 frow2 frow3 to something like COLUMN frow1,... by ibob0304 Communicator in Splunk Search 05-24-2021 1 4	1	4
_Splunk_ error collecting event hub data Hi All,I got into a error while setting up Microsoft Azure Add on for Splunk. Everything seems to be correct on confi... by bhsakarchourasi Path Finder in Splunk Search 05-24-2021 0 2	0	2
how to search using subsearch of occurence of a value Hi Team,I have a search query that searches for checking the busy tread and showing their occurrence in the log the v... by VikashSharma47 Explorer in Splunk Search 05-24-2021 0 4	0	4
How do you combine results based on substring? I have results such as "No image", "No Images", "No images: Blank", etc. I want to combine all results that say no im... by sarahw3 Explorer in Splunk Search 05-24-2021 0 25	0	25
Regex help required Hi Team, Can someone provide me the Regex for the below: \|search (UPN=*T@mail.eeir) by SabariRajanT Path Finder in Splunk Search 05-24-2021 0 13	0	13
Why are we seeing a "Server Error" message after each search, login attempt, etc. on our search head and indexer? We have 1 indexer and 1 search head in our Splunk environment. Since this morning, after every search is run, a 'Serv... by nivedita_viswan Path Finder in Splunk Search 05-24-2021 0 3	0	3
field extraction I have logs like below findContractsByPersonId(String) executed in 463 millisecondsfindContractsByPersonId(String) e... by vinod0313 Explorer in Splunk Search 05-24-2021 0 4	0	4
How to write subquery to run the sub query for timings different from dashboard timings Hi,We need help in drawing the trend for multiple timings in the splunk.Below is my query - index=nextgen sourcetype... by SG Path Finder in Splunk Search 05-24-2021 0 12	0	12
File Latest and Oldest I have a file which I uploaded once (say 1 year ago), i uploaded it again (say 6 months ago) with some changes, and t... by akankshayadav Path Finder in Splunk Search 05-23-2021 0 3	0	3
Multi-value field grouping Hi,I'm sending AWS SSM patching logs to splunk. I'm transforming these via a Lambda and getting the following events... by boffhead New Member in Splunk Search 05-23-2021 0 0	0	0
Using Sparklines with mstats How do I draw a Sparkline from data that comes from a metrics index (ie accessed via the mstats command)?I've tried v... by eddieddieddie Path Finder in Splunk Search 05-23-2021 2 0	2	0
Combining two search and charting successfull event and errors in one chart. Hello everyone,Seeking your help. I have logs where Transaction_ID is unique to transaction. Depending on each tran... by kermit_maness Engager in Splunk Search 05-23-2021 0 1	0	1
Check box for base search Hi guys,For a dashboard panel, I am running base search and hoping to have a checkbox that returns the timechart data... by prajwal_94 Explorer in Splunk Search 05-23-2021 0 1	0	1
ITSI app - Issues in service analyser - Could not load service analyse I have copied ITSI app from one Splunk server to another server . But later when i am trying to access the service a... by ethanthomas Path Finder in Splunk Search 05-22-2021 0 0	0	0
How to return false if all results for a user are the same Hi thereI am trying to construct a search query which checks the ASN a user logs in from within a time period.I would... by DevNull Observer in Splunk Search 05-22-2021 0 1	0	1
Were to use where and when to use OR when to use AND Hi Guys, I am novice somewhat, and confusion has struck.Where does the \| where clause go in the query? Is it before s... by MeMilo09 Path Finder in Splunk Search 05-22-2021 0 2	0	2