Splunk Search

Community Activity

Issue with searches and free version Hello,Two months ago we had the trial for the Enterprise version but now we are using the free version. Since the fre... by Am Explorer in Splunk Search 05-07-2021 0 9	0	9
_time column always moves to end after rendering search results Desired Outcome : I am trying to create a simple timechart to show a count of ports and the relative time line on th... by lancair Observer in Splunk Search 05-07-2021 0 3	0	3
Best way to make alert for each predicted value of result Hello,I'm struggling with the way to make efficient alerts trigger with SPL. I made splunk dashboard to visualize our... by splunkkid Path Finder in Splunk Search 05-07-2021 0 0	0	0
Can i write a base search in another base search <search id="base_query_filter"><query> Index=a,sourcetype=x,eval y=A+B</query></search><search id="base_query"><... by renuka Path Finder in Splunk Search 05-06-2021 0 2	0	2
Different number of events same query I have 2 servers that receive the logs through Syslog and through a universal forwarder I forward them to 2 indexers.... by splunkcol Builder in Splunk Search 05-06-2021 0 1	0	1
Error when trying to use a subsearch (Unable to parse the search: Right hand side of IN must be a collection of literals Hello,I am trying to use a subsearch on another search but not sure how to format it properlySubsearch:eventtype=pan ... by cyp112 Engager in Splunk Search 05-06-2021 0 2	0	2
Conditionally search if search field exists I have a dashboard which provides a handful of filter criteria, for example, `fieldA=A` and `fieldB=B`.One such crite... by cclva Explorer in Splunk Search 05-06-2021 0 1	0	1
Regex : Extract text between first and second semi-colon from the right Hello SMEs:I need some assistance extracting everything between the 1st and 2nd semi-colon ; (FROM THE RIGHT) from a... by mdeterville Path Finder in Splunk Search 05-06-2021 0 4	0	4
Using rex command to extract Message field in Windows Event Logs I want to extract from the Message field in the Windows Event Log just the first few words until the period - example... by Alfred Explorer in Splunk Search 05-06-2021 0 5	0	5
format my successRate query into a week over week comparison i have a working query which is monitoring the success rate based off a value called app_id. i want to extend the cur... by billycn20 Explorer in Splunk Search 05-06-2021 0 4	0	4
measuring overall success rate based off two transactions present in logs, but want to group results by a field I am trying to measure our success rate on our platform. there are two individual events which we care to see in orde... by billycn20 Explorer in Splunk Search 05-06-2021 0 6	0	6
Tracking active sessions over time I have a query where I can see in a snapshot current active users per VPN profile (group). Having a hard time being a... by ajtokar Engager in Splunk Search 05-06-2021 0 2	0	2
How to filter table results based on an aggregation of a column I have this search that produces a table with has a column that lists the number of segments to a schedule. The table... by 3618475 Engager in Splunk Search 05-06-2021 0 3	0	3
Field diff search Hi guys,I know this has been asked many times before but it just wont work for me hence the question.I have one index... by aikn061 Explorer in Splunk Search 05-06-2021 0 7	0	7
Calculate Delta for a value for all hosts Hi,I successfully created an SPL that does what I need for a single host but I cannot get it to work for all hosts. T... by wbolten Path Finder in Splunk Search 05-06-2021 0 3	0	3
Generate Stats from 3 indexes. Hello members,I am new to Splunk and able to produce simple stats using STATS count by command but looking for direct... by new2splunk1 Engager in Splunk Search 05-06-2021 0 2	0	2
Searches for a specific host are not recorded in "SEARCH HISTORY" I am new to SPLUNK learning with the Enterprise Edition. I created a new host with JSON source type. When I search so... by aperezy17 New Member in Splunk Search 05-05-2021 0 0	0	0
Adding two stat results using one common field Hi guys I have two statsindex \|Exception\| countindex \|Error \|countI want is something like this :index \|Exception\|Err... by husainpatanwala Engager in Splunk Search 05-05-2021 0 3	0	3
search help Hi Guys, We can see there are 6 hosts which are sending bulk events (logs) to splunk. But we don’t know who is using ... by roopeshetty Path Finder in Splunk Search 05-05-2021 0 2	0	2
rex -> spath -> field extract not working? Hello -My data looks like (also attached as PNG for better readability):2021-04-28 - 22:01:14.728 - INFO : Action com... by bitbucket Engager in Splunk Search 05-05-2021 0 4	0	4
Wildcard search on non-existent field search I have a generic search that I am using to display data for a handful of applications, which look something like this... by cclva Explorer in Splunk Search 05-05-2021 0 1	0	1
Join two statistics tables without subsearch Hi, I am trying to compare event type count statistics for 2 days using the following search:earliest=-48h latest=-24... by sbarinov Path Finder in Splunk Search 05-05-2021 0 2	0	2
How to split count by product by another value? Hi, I have the following query: \| bin _time span=1d \| stats count as ProductCount by applysourcetype, product, _tim... by maxmukimov Explorer in Splunk Search 05-05-2021 0 7	0	7
LISPY issues with Windows Defender Logs Hey Splunkers,in the last days I'm trying to learn and understand the principles of LISPY to understand the fllowing ... by Lombs Engager in Splunk Search 05-04-2021 1 0	1	0
Regex multiple values from a string Hello,How can I extract multiple values from a string after each slash? For example below, I would like to extract f... by timyong80 Explorer in Splunk Search 05-04-2021 0 6	0	6