Splunk Search

Community Activity

Combine some results together into a single field label HelloI have a query that examins events can outputs how many of each level of event there areindex=* eval level=lower... by sbrewerton Engager in Splunk Search 05-26-2021 0 1	0	1
How to compare last column with previously violated column under foreach? HiI have a query which results me data in the below format,I am trying to put out a table assigning priority based on... by sangs8788 Communicator in Splunk Search 05-26-2021 0 0	0	0
How to See New Index Log Hi,In our organization, some teams would like to see the new index logs. To explain, they want to see who created a n... by onur Explorer in Splunk Search 05-26-2021 0 1	0	1
How to remove rows with Zero value? Hi guys, I am making a dashboard with Error Duration per RobotId. Since the duration is in seconds, I rounded it to ... by auaave Communicator in Splunk Search 05-26-2021 0 10	0	10
Calculate time delta Hi Guys, I'd like to calculate the time delta. Here is the sample:_time _raw 2021-... by JiachengWei Engager in Splunk Search 05-26-2021 0 5	0	5
Export csv data to specific folder Hi everyone, below is my sample query index=xyz source=ABC \| stats count If I schedule this search then result have t... by Learner Path Finder in Splunk Search 05-26-2021 0 1	0	1
How to get data by _time Hi everyone,index=xyz source="something" \|stats earliest(_time) as minTime latest(_time) as maxTime values(activityNa... by Learner Path Finder in Splunk Search 05-26-2021 0 4	0	4
How to compare larger data in same index with different field Scenarioexample Index:Index=os, Ingesteddata _time, type, id08:00,A,108:10,A,208:11,A,308:12,A,408:13,A,509:00,B,109:... by KongJian Engager in Splunk Search 05-26-2021 0 3	0	3
Limiting Results in Splunk REST API So I am trying to run a splunk search using Splunk REST API which finds a list of triggered alerts. \| rest /services... by sashaank Observer in Splunk Search 05-26-2021 0 0	0	0
How to change a span of 1 week time to start from Monday to friday How to change a span of 1 week time to start from Monday to friday usually span=1w it will show data from monday 00:0... by syedabuthahir Explorer in Splunk Search 05-25-2021 0 4	0	4
Restricted search question I am trying to set up a restricted search for a role so that they can only see data when a field1=customer01. The def... by klim Path Finder in Splunk Search 05-25-2021 0 3	0	3
Macro Argument not applying Hi.I've created the following macro: sessionCount(1)With this definition:datamodel Test summariesonly=true search \| s... by ebs Communicator in Splunk Search 05-25-2021 0 4	0	4
DistributedPeer Connect Timeout error message WARN DistributedPeer - Peer:https:/:8089 Unable to get server info from https://:8089/services/server/info due to: Co... by kedjjang Path Finder in Splunk Search 05-25-2021 1 2	1	2
Look at value ahead of string and table it I have events in my logs. I want to capture "temp" and table itreceived_time="2021-05-25T15:51:22.181+00:00"] 37 poll... by ekucevic Loves-to-Learn Everything in Splunk Search 05-25-2021 0 1	0	1
How to remove duplicates of one field per another field Going to be very tough to explain but I'll give it my best shot. I have some fields I'm trying to report on, IP and I... by Krapht Explorer in Splunk Search 05-25-2021 0 4	0	4
How to get max number of hours without events I have a summary index for hourly event count of a feed. The feed has some hours with event count empty. How can I ge... by vl951f Path Finder in Splunk Search 05-25-2021 0 7	0	7
Regex search help I was asked to " update a search to append a final ' \| regex PatternStringMatch="[A-Z]" query that will look for anyt... by nangrosso Engager in Splunk Search 05-25-2021 0 6	0	6
Dashboard: Split field into unknown number of separate fields and be clickable Hi there,I have challenge which i am not sure if this is possible in Splunk.I have directory data with documents. On ... by hvdtol Path Finder in Splunk Search 05-25-2021 0 1	0	1
File Comparision How can we compare different versions of a file? by akankshayadav Path Finder in Splunk Search 05-25-2021 0 11	0	11
Windows Defender discovery on Splunk? Hi everybody.I'm back using Splunk after some years, so I'm a bit "rusty".This is my scenario: suppose I have a netwo... by SecurityBear Engager in Splunk Search 05-25-2021 0 3	0	3
How can I add a percentage sign to the radial gauge number that is displayed at the bottom? Is it possible to set the format type of a radial gauge to % or somehow decorate the number display with a % sign? q... by jaj Path Finder in Splunk Search 05-25-2021 0 6	0	6
How do I get only certain value from a log in results ? Is it possible to get a particular value from search results in my final output. I'm having a hard time getting them ... by kkrish0602 Loves-to-Learn in Splunk Search 05-25-2021 0 5	0	5
Filter events by length of json field I'm trying put together a query to find some outlier events with very long values within a complex structure. index=m... by ShagVT Path Finder in Splunk Search 05-25-2021 0 1	0	1
Change single quote to double quote I'm working with a data source that has two different versions. In one version the information is double quoted whil... by jwhughes58 Contributor in Splunk Search 05-25-2021 0 3	0	3
How do I add a label to a dashboard using rest command for several lookups ? Hello There, I am able to use the \| rest command to obtain the date that the lookup was last updated in Splunk. Howev... by MeMilo09 Path Finder in Splunk Search 05-24-2021 0 1	0	1