Splunk Search

Community Activity

backup/export regex saved in extracted field Hi,Is there any way to backup/export regex saved in extracted fields as we want to use new instance as a search head ... by sh_tavousi Explorer in Splunk Search 05-03-2021 0 1	0	1
Search - Merge Fields to Dedup Hi I wish to dedup and consolidate customer details across two cities.E.g. I have 2 records of the same customer acr... by gc12345 Engager in Splunk Search 05-03-2021 0 3	0	3
Lookup not working if used twice on same table Hello Community,I need your help to understand why if I use twice a "lookup" command on the same table lookup (out-of... by gpugliese Explorer in Splunk Search 05-03-2021 1 2	1	2
What is the max search limit for a macro Hello,I have a macro that calls other macros in order to have a simple view of the code search.The thing is that when... by xyz123 Explorer in Splunk Search 05-02-2021 0 2	0	2
Need to create rex group expression Apr 30 09:13:30 localhost haproxy[22865]: 10.10.10.10:31872 [30/Apr/2021:09:13:30.362] verint rest_service/rest-hostn... by ravir_jbp Explorer in Splunk Search 05-02-2021 0 3	0	3
Negate using the IN operator? Might be a silly question, given the IN search command, is it possible to negate the query using NOT?For example:... ... by karadikid Explorer in Splunk Search 05-02-2021 0 1	0	1
Merge rows in one I have data of the kind Name Parameter1 Parameter2 Parameter3 A 1 A ... by alex_orl Engager in Splunk Search 05-01-2021 2 5	2	5
avoiding joins with rexed fields and unmatched fieldnames in the sources: I would love a little guidance on how I could improve this search by getting away from Join. I think I am hitting so... by mjones414 Contributor in Splunk Search 05-01-2021 0 2	0	2
Multiple events from a specific system in a certain time interval Hi Splunkers,I need your help on the following data set.Index=auditbeathost --> log sourcecommand --> command run by ... by splunkerer Path Finder in Splunk Search 05-01-2021 0 3	0	3
splunk timestamp calculation query Hi guys, I am looking for a splunk query for following table JobNameJobtime Job1 2021-05-01 22:19:23 2021-05-0... by Csingh Engager in Splunk Search 05-01-2021 0 1	0	1
How to break Multiline events into single event We are ingesting network events into a log file. And it looks like below Network_Event=ThresholdViolationNetwork_Even... by keshavgupta Engager in Splunk Search 05-01-2021 0 3	0	3
rex for extracting particular keyword in logs I am searching for exceptions/the type of exception in logs and using below query-index=abcd ("Exception" OR "excep... by prajwal_94 Explorer in Splunk Search 05-01-2021 0 1	0	1
foreach and fit I have a timechart with more than 1 time series and would like to run the fit command on each of the time series sepa... by pjohnson1 Path Finder in Splunk Search 04-30-2021 0 2	0	2
Basic percentage question I am trying to count click through, the percent of total clicks over total searches. index=basesearch action=click O... by user93 Communicator in Splunk Search 04-30-2021 0 1	0	1
use "others" for lookup results Hi,Currently I am using a lookup table to match an account code to an application. How can I make it in such a way th... by aquinojason Path Finder in Splunk Search 04-30-2021 0 3	0	3
Date extraction command Question for LDAP dump hi there- I tried a few things already, but looking to get guidence on this one- I am using the LDAP query module in ... by daryllj Path Finder in Splunk Search 04-30-2021 0 2	0	2
Creating a chart based on time values, not epoch time Is it possible to create a chart using time values "4:53:43" vs. converting them to epoch time "1505930393"? I'd li... by loatswil Path Finder in Splunk Search 04-30-2021 0 3	0	3
What is the max search limit for a macro Hello, I have a macro that calls other macros in order to have a simple view of the code search.The thing is that whe... by xyz123 Explorer in Splunk Search 04-30-2021 0 0	0	0
Extract InProgress Transaction I want to filter out transactions(where status ="InProgress ") that started in the previous slot and those completed ... by manvi_spl8 New Member in Splunk Search 04-30-2021 0 3	0	3
How to compare events using two values of a multi-value field. Hello all, I have been struggling for a while now to create a query for comparing the events using two different valu... by parthmadane Explorer in Splunk Search 04-30-2021 0 6	0	6
Calculate time difference with extracted fields and offset time zones I've got logs that contain a timestamp in 24 hour YYYY-MM-DD HH:MM:ss:SSS format (example: 2021-04-29 18:43:07.557). ... by mrhodes93 Explorer in Splunk Search 04-30-2021 0 1	0	1
Search with a Variable Hi Team How are u?I have a little questionI have a index with same informations, index="epo" source="endpoint" In ... by JuanAntunes Explorer in Splunk Search 04-30-2021 0 3	0	3
Why are empty emails being sent using map & sendemail commands in my search and how do I prevent this? Hi. I tried to send an email for each event when triggered. I used map and sendemail commands, but there is an emp... by splunkrocks2014 Communicator in Splunk Search 04-29-2021 0 7	0	7
Splunk 8.0 sendemail/subsearch issues after upgrading Recently upgraded from 7.2.3 to 8.0 and a previously configured scheduled alert is not longer sending emails correctl... by aallred Engager in Splunk Search 04-29-2021 1 6	1	6
How to Use Earliest Starting Field in Transaction Hello,I have events that look like this (for a user with id 123):2021-04-29 14:30:45 Notification Received [User Id:1... by Traer001 Path Finder in Splunk Search 04-29-2021 0 2	0	2