Splunk Search

Community Activity

count time between each period time Hello dear community,I have a splunk search where I look for all the events that occur over a specific period of time... by wcastillocruz Path Finder in Splunk Search 05-21-2021 0 0	0	0
Using custom metrices indexes. How to use metrics index to store metrics data from events on SH?Does is it possible to have multiple values and mul... by yogeshpunia66 Loves-to-Learn in Splunk Search 05-21-2021 0 0	0	0
Display ticket status and count Need help with a query please:I have ticket data where the life cycle is Assigned, Work in Progress, Fixed, Closed an... by nischal45 Engager in Splunk Search 05-21-2021 0 3	0	3
How to color the Scheduled Report table results in mail ? I have one scheduled report which will provide below table results in email. Requirement is to color the 'Validation ... by georgear7 Communicator in Splunk Search 05-21-2021 0 2	0	2
How to return alternative subsearch results if a first subsearch returns empty string In general terms, I've been trying to create a search that can perform a subsearch using a few fields that are presen... by DSan New Member in Splunk Search 05-21-2021 0 0	0	0
In order to events occured from past 3 mon till now by haripotu Loves-to-Learn Everything in Splunk Search 05-21-2021 0 1	0	1
timechart of events first appearance I am trying to find events based on when they were initially logged and grouped by some column. For example, from th... by josephpe Explorer in Splunk Search 05-21-2021 0 3	0	3
Create alert based on success rate per a group Hi all,I need to create an alert based on a success rate less than a specific value. My data is as follows:store = "s... by MaratD Explorer in Splunk Search 05-21-2021 0 3	0	3
File Comparision I have a file which is being indexed(say today) and then again indexed after updating(say tomorrow). I have to compar... by akankshayadav Path Finder in Splunk Search 05-21-2021 0 9	0	9
Expire Rows in a Lookup After 30 Days Hi Splunkheads, Need some advice here. I have built a simple lookup table and simple search for known bad ip addresse... by dmbr Explorer in Splunk Search 05-20-2021 0 1	0	1
Why is a power user unable to search a particular index? I have admin user and power user (role=power), when i search a particular index (iis_web) it does not return the out... by shreyasathavale Communicator in Splunk Search 05-20-2021 0 3	0	3
bin by date that is not the time field Hi,So I have a goal to count user visits, but the log polls too frequently, so we are going to define a visit by one ... by user93 Communicator in Splunk Search 05-20-2021 0 3	0	3
Breakdown the Totals I want to add more columns that will show the sessions. Such as sudo su ssh etc. Currently I have this:index="name ... by kbohlken Observer in Splunk Search 05-20-2021 0 1	0	1
Different search results quetion Hello all,Running the following search (direct count) at different times of the day for the same time period I receiv... by johefu Loves-to-Learn in Splunk Search 05-20-2021 0 2	0	2
Rex Hello!!I have a field value that looks like:abcd124567-1609173498I only want to remove abcd-1609173498 and have the 1... by Logan20 New Member in Splunk Search 05-20-2021 0 1	0	1
How to combine multiple rows in a field to one row in the same field? I have a data set as seen below.exec arguments/bin/shsh-cuname -p ** /dev/null/sbin/ldconfig/bin/sh... by splunkerer Path Finder in Splunk Search 05-20-2021 0 4	0	4
Dynamic date comparison I am creating a search that detects compliance received from palo alto signatureswe are receving 4 sets of dates:app-... by RonD Explorer in Splunk Search 05-20-2021 0 2	0	2
Using fillnull_value or fillnull value with Tstats I am trying to fill the null values and using a datamodel. I want to use tstats and fill null values will "Null" usin... by Godspeed_74 Loves-to-Learn Lots in Splunk Search 05-20-2021 0 6	0	6
Detailed search for the triggered alerts in Splunk Hi team,I'm trying to build a search which will search for the alerts which have been triggered for a hosts during sp... by szukacz Engager in Splunk Search 05-20-2021 0 3	0	3
Rex need to extract field till first occurrence of /r HiI need to extract hostname or IP address from raw log. My log looks like below:somerandometest host: abc@email.com... by Sangu Explorer in Splunk Search 05-20-2021 0 2	0	2
Show last update from indexed csv file Hi, I have a csv file that is updated by a script once a minute. The output is similar to: time,queuename,vpn,last-me... by jugarugabi Path Finder in Splunk Search 05-20-2021 0 4	0	4
Trying to ignore a value based on the field Hello team, I am trying to ignore the value "Total" if its concurrent Os_type matches "Linux" Below is what I tried.\|... by srinivasgowda Explorer in Splunk Search 05-20-2021 0 3	0	3
creating timechart grouped data tables hi all, newbee question here but i can't seem to find an answer. I am trying to create a timechart table grouped tabl... by stephenreece78 Engager in Splunk Search 05-20-2021 0 2	0	2
Timechart woes I've been searching and trying options for a couple of days now with this search and cannot find a solution.I am usin... by timrich66 Communicator in Splunk Search 05-20-2021 0 10	0	10
Can I use lookup output inside calculated field? I have an attribute that is determined by two inputs, one with many possible values, the other few. I can enlist the... by yuanliu SplunkTrust in Splunk Search 05-19-2021 1 4	1	4