Splunk Search

Community Activity

How to compare larger data in same index with different field Scenarioexample Index:Index=os, Ingesteddata _time, type, id08:00,A,108:10,A,208:11,A,308:12,A,408:13,A,509:00,B,109:... by KongJian Engager in Splunk Search 05-26-2021 0 3	0	3
Limiting Results in Splunk REST API So I am trying to run a splunk search using Splunk REST API which finds a list of triggered alerts. \| rest /services... by sashaank Observer in Splunk Search 05-26-2021 0 0	0	0
How to change a span of 1 week time to start from Monday to friday How to change a span of 1 week time to start from Monday to friday usually span=1w it will show data from monday 00:0... by syedabuthahir Explorer in Splunk Search 05-25-2021 0 4	0	4
Restricted search question I am trying to set up a restricted search for a role so that they can only see data when a field1=customer01. The def... by klim Path Finder in Splunk Search 05-25-2021 0 3	0	3
Macro Argument not applying Hi.I've created the following macro: sessionCount(1)With this definition:datamodel Test summariesonly=true search \| s... by ebs Communicator in Splunk Search 05-25-2021 0 4	0	4
DistributedPeer Connect Timeout error message WARN DistributedPeer - Peer:https:/:8089 Unable to get server info from https://:8089/services/server/info due to: Co... by kedjjang Path Finder in Splunk Search 05-25-2021 1 2	1	2
Look at value ahead of string and table it I have events in my logs. I want to capture "temp" and table itreceived_time="2021-05-25T15:51:22.181+00:00"] 37 poll... by ekucevic Loves-to-Learn Everything in Splunk Search 05-25-2021 0 1	0	1
How to remove duplicates of one field per another field Going to be very tough to explain but I'll give it my best shot. I have some fields I'm trying to report on, IP and I... by Krapht Explorer in Splunk Search 05-25-2021 0 4	0	4
How to get max number of hours without events I have a summary index for hourly event count of a feed. The feed has some hours with event count empty. How can I ge... by vl951f Path Finder in Splunk Search 05-25-2021 0 7	0	7
Regex search help I was asked to " update a search to append a final ' \| regex PatternStringMatch="[A-Z]" query that will look for anyt... by nangrosso Engager in Splunk Search 05-25-2021 0 6	0	6
Dashboard: Split field into unknown number of separate fields and be clickable Hi there,I have challenge which i am not sure if this is possible in Splunk.I have directory data with documents. On ... by hvdtol Path Finder in Splunk Search 05-25-2021 0 1	0	1
File Comparision How can we compare different versions of a file? by akankshayadav Path Finder in Splunk Search 05-25-2021 0 11	0	11
Windows Defender discovery on Splunk? Hi everybody.I'm back using Splunk after some years, so I'm a bit "rusty".This is my scenario: suppose I have a netwo... by SecurityBear Engager in Splunk Search 05-25-2021 0 3	0	3
How can I add a percentage sign to the radial gauge number that is displayed at the bottom? Is it possible to set the format type of a radial gauge to % or somehow decorate the number display with a % sign? q... by jaj Path Finder in Splunk Search 05-25-2021 0 6	0	6
How do I get only certain value from a log in results ? Is it possible to get a particular value from search results in my final output. I'm having a hard time getting them ... by kkrish0602 Loves-to-Learn in Splunk Search 05-25-2021 0 5	0	5
Filter events by length of json field I'm trying put together a query to find some outlier events with very long values within a complex structure. index=m... by ShagVT Path Finder in Splunk Search 05-25-2021 0 1	0	1
Change single quote to double quote I'm working with a data source that has two different versions. In one version the information is double quoted whil... by jwhughes58 Contributor in Splunk Search 05-25-2021 0 3	0	3
How do I add a label to a dashboard using rest command for several lookups ? Hello There, I am able to use the \| rest command to obtain the date that the lookup was last updated in Splunk. Howev... by MeMilo09 Path Finder in Splunk Search 05-24-2021 0 1	0	1
How to Combine multiple rows into comma separated single row ? Is it possible to combine multiple rows into one row ? COLUMN frow1 frow2 frow3 to something like COLUMN frow1,... by ibob0304 Communicator in Splunk Search 05-24-2021 1 4	1	4
_Splunk_ error collecting event hub data Hi All,I got into a error while setting up Microsoft Azure Add on for Splunk. Everything seems to be correct on confi... by bhsakarchourasi Path Finder in Splunk Search 05-24-2021 0 2	0	2
how to search using subsearch of occurence of a value Hi Team,I have a search query that searches for checking the busy tread and showing their occurrence in the log the v... by VikashSharma47 Explorer in Splunk Search 05-24-2021 0 4	0	4
How do you combine results based on substring? I have results such as "No image", "No Images", "No images: Blank", etc. I want to combine all results that say no im... by sarahw3 Explorer in Splunk Search 05-24-2021 0 25	0	25
Regex help required Hi Team, Can someone provide me the Regex for the below: \|search (UPN=*T@mail.eeir) by SabariRajanT Path Finder in Splunk Search 05-24-2021 0 13	0	13
Why are we seeing a "Server Error" message after each search, login attempt, etc. on our search head and indexer? We have 1 indexer and 1 search head in our Splunk environment. Since this morning, after every search is run, a 'Serv... by nivedita_viswan Path Finder in Splunk Search 05-24-2021 0 3	0	3
field extraction I have logs like below findContractsByPersonId(String) executed in 463 millisecondsfindContractsByPersonId(String) e... by vinod0313 Explorer in Splunk Search 05-24-2021 0 4	0	4