Splunk Search

Community Activity

Check to see if value is in a field if not get from next field Hello,How can I check to see if value is in one field first, if not check the next field?I have so far the below, it ... by MeMilo09 Path Finder in Splunk Search 05-18-2021 0 1	0	1
Timecharting null values Is there a way, that anyone is aware of, to timechart off of a field sumarry. I can break down the fieldsummary by ti... by bspargur Engager in Splunk Search 05-18-2021 0 6	0	6
Use an eval statement to find a percentage index=proxy sourcetype=bar\| stats count by blockedAction\| addtotals fieldname=grandTotal\| eval percentBlocked = round... by jregexsaurus Engager in Splunk Search 05-18-2021 0 2	0	2
Restricted Searches on extracted fields Is it possible to do restricted searches for a role based on an extracted field? I can see it can be done by index bu... by klim Path Finder in Splunk Search 05-18-2021 0 0	0	0
field extraction using regex - removing curly brackets I wonder if anybody can help me with a regex to break this field into single lines CustomResults="{pcap_filter_resu... by jaydiare Explorer in Splunk Search 05-18-2021 0 3	0	3
Compare main search field contain value of another field value stored in lookup table I would like to compare(not exact match) urls in my proxy log with url stored in lookup tableEg for URL in proxy logP... by rameshpillai New Member in Splunk Search 05-18-2021 0 1	0	1
How to subtract one date from another date? Hi All, How can I subtract one date from another? Please help. thanks! by OmarDee Explorer in Splunk Search 05-18-2021 1 10	1	10
how to clean the splunk alarm? Hello, expert,I set up an alarm as following, and run it as cronjob by 5mins. Do you have any idea on clean the alarm... by jenniferhao Explorer in Splunk Search 05-18-2021 0 1	0	1
Token eval Question I'm trying to check the value of a token and if it is equal to "X" change it to an * but if it is equal to anything e... by timm7474 Explorer in Splunk Search 05-18-2021 0 4	0	4
splunk search query for last 6 months day wise pool licence and need to generate report HI all i have prepared splunk search query for every day poolwise license but i need last 6 months poolwise data a... by Mahi4rus Explorer in Splunk Search 05-18-2021 0 0	0	0
time chart I have two queries and i want to display both the query result in line chart (one line in the line chart from the res... by vinod0313 Explorer in Splunk Search 05-18-2021 0 4	0	4
field Extraction When i want to extract BiosMake fields with fields extraction.I have this error:Error in 'rex' command by christian75 Engager in Splunk Search 05-18-2021 0 5	0	5
Is there a search to show bundle size in the Dispatch Runner configuration initialization? We are getting: Dispatch Runner: Configuration initialization for splunk\var\run\searchpeers\ really long string of ... by randy_moore Path Finder in Splunk Search 05-18-2021 1 13	1	13
Having issues with latest and earliest time in search Hello all, I am trying to run the below query and when I change the earliest to last 7 days I am getting the below er... by srinivas_gowda Path Finder in Splunk Search 05-18-2021 0 5	0	5
indexed_kv_limit Error I am running a query to parse a two-level nested JSON that takes out only the second level dict and puts it in the fo... by surejsajeev Explorer in Splunk Search 05-17-2021 0 1	0	1
How to Calculate Response Time for each transaction? by samrat1220 Loves-to-Learn in Splunk Search 05-17-2021 0 1	0	1
Look for field. If doesn't exist, add I am looking to have a eval search that looks for a field name of "Name" and adds the value. If the field doesn't exi... by Becherer Explorer in Splunk Search 05-17-2021 0 1	0	1
o365 admin center workload Hi guys,I'm trying to create a search that triggers an alert every time a user has been signed out of their o365 sess... by weetabixsplunk Explorer in Splunk Search 05-17-2021 0 0	0	0
Grouping within multivalued fields I have built a query that exports data by a date range and based on a scan or source. Currently I'm grouping them int... by chaday00 Path Finder in Splunk Search 05-17-2021 0 2	0	2
compare last 5 days data I would like to listed those events (reuirements) which state are changed to Agreed from last 3 days.Today have a dat... by kig121 Loves-to-Learn Lots in Splunk Search 05-17-2021 0 3	0	3
Export MV field values to CSV I have specific events with rows and rows of MV data. They have a header and footer data but the bulk of the body is... by saulverde Path Finder in Splunk Search 05-17-2021 0 3	0	3
Getting a list of active users usernames from a list of email addresses I have a CSV with multiple hundred email addresses and I am trying to run a report to determine which accounts are ac... by agenco01 Engager in Splunk Search 05-17-2021 0 3	0	3
Too long query? Hi, I have an issue with a query of mine. The length of it is exactly 378 lines, and however I managed to save it on... by Villo Observer in Splunk Search 05-17-2021 0 4	0	4
Field extraction Help Description Recorded value for [Turn On Test 123]Recorded value for [Turn On Test 456]Execute all... by moinyuso96 Path Finder in Splunk Search 05-17-2021 0 4	0	4
Changing rows to columns and maintaining association Hello,I have a table of items and I need to convert the results in the rows "pa_name" and "pa_valor" to columns and k... by _Mauro_Costa_ Explorer in Splunk Search 05-17-2021 0 3	0	3