Splunk Search

Community Activity

	Create Timechart from multisearch Hello everyone!I'm trying to create a time chart of a variable that I have to compute as a global percentage between ... by andres91302 Communicator in Splunk Search 04-19-2021 0 4	0	4
	extraction help Hi Teamcan you please help in extracting the 123456 from following stringhello world \"employee\":123456 by valpravin Engager in Splunk Search 04-19-2021 0 1	0	1
	Add field to an Automatic Lookup Hi All, I am trying to replace gentimes from my query due to slowness. I have read that if I add the field to an auto... by MeMilo09 Path Finder in Splunk Search 04-19-2021 0 0	0	0
	trouble with set diff For inventory management purposes, I have been running the below splunk search for years. It first checks Remedy and... by dwharam New Member in Splunk Search 04-19-2021 0 0	0	0
	Difference between base query, master query and independent query Hi,I am new to splunk and I am trying to create a dashboard with optimizing the independent queries and by using all ... by Dheeru Engager in Splunk Search 04-19-2021 0 1	0	1
	extract key-value pairs that match or contain value, where keys vary across indices What's a scalable to extract key-value pairs where the value matches via exact or substring match but the field is no... by alancalvitti Path Finder in Splunk Search 04-19-2021 0 11	0	11
	How to subtract _time from now()? Hi, guys!I need to get the difference in hours between _time and now(). How can I get this number? by raultav Engager in Splunk Search 04-19-2021 0 1	0	1
	How to compute results using rows /cells from a table? Hello Friends, I'm trying to generate a table that summarizes the total count of events A, B and C as follows search ... by andres91302 Communicator in Splunk Search 04-19-2021 0 2	0	2
	Finding events that do not contain a specific string We have some issues with line breaking such that we have events that often consist of multiple logical events, or the... by teedilo Path Finder in Splunk Search 04-19-2021 0 2	0	2
	How to get the "COD SERIE CEI" which has no events between now and 2 hours ago? Hi, guys!I have an event table, which has a field called "COD SERIE CEI". I need to get the "COD SERIE CEI" which has... by raultav Engager in Splunk Search 04-19-2021 0 3	0	3
	How do I extract a field from my raw stdout log data using rex? Can you please help with extracting the fields from the below sample log. I am unable to escape the "'// &" '" in the... by rseri17 Explorer in Splunk Search 04-19-2021 0 6	0	6
	How To Exclude Results From One Search Where a Field Value Matches the Field Value of Another Search Hello!I have two searches that return separate data but have a common field. I am trying to filter my first search by... by Traer001 Path Finder in Splunk Search 04-19-2021 0 1	0	1
	field extraction with Regular expression giving inconsistent results Hey there,I created a field extraction from UI,using regular expression method,where regular expression got created ... by ayadav38 Engager in Splunk Search 04-19-2021 0 1	0	1
	count over time with open/close events Hello Splunkers,I would like to create a timechart for status. The data only comes when there's an update, so general... by sudo_su Engager in Splunk Search 04-19-2021 0 2	0	2
	ARIMA convert integer machine learning I'm trying to run this query below: (index=A sourcetype=jobs_info JOB_NAME IN (ACQUA)) OR (index=B sourcetype=FIRE) ... by nsantiago17 Explorer in Splunk Search 04-19-2021 0 2	0	2
	SPL - Creating a list using two time stamp entries Hi all, I am trying to create a fourth column which would display all values between a given time range in the single... by jacobmcn67 New Member in Splunk Search 04-18-2021 0 1	0	1
	Multiple same fields in one event with different data I have this XML data in one event but there are multiple transactions with same fieldnames . We need to display them ... by mariannedave Explorer in Splunk Search 04-18-2021 0 2	0	2
	Comparing 2 Atrributes in different indexes I have stored data in 2 indexes. One Index has a attribute which can be a substring of the second index _raw event da... by shinobu Explorer in Splunk Search 04-18-2021 0 2	0	2
	Splunk is not able to idetnify transforms.conf lookup configuration Hi,I have a csv file uploaded in the location /opt/splunk/etc/apps/search/lookups/. My transforms file is in /opt/spl... by surejsajeev Explorer in Splunk Search 04-18-2021 0 1	0	1
	Match records based on a WHERE condition defined in a lookup table Hello,Suppose I have raw records like this: user=blabla,org_L1=12345,org_L2=777,department=7890 user=testtt,org_L1=34... by edoardo_vicendo Builder in Splunk Search 04-17-2021 0 2	0	2
	Splunk Backup I am facing problems with restoring splunk. I require the searches, indexed data and users created on one installati... by lohit Path Finder in Splunk Search 04-17-2021 0 6	0	6
	How are AWS logs get ingested into Splunk Enterprise or ES? How are AWS logs get ingested into Splunk Enterprise or ES? Please advise the steps. by SamHTexas Builder in Splunk Search 04-17-2021 0 2	0	2
	Search for user additions to Active Directory privileged groups I would like to run a query for any user additions to privileged Active Directory groups. I am storing the AD groups ... by jlph Loves-to-Learn in Splunk Search 04-17-2021 0 1	0	1
	Tstats with Sparkline limiting values I am working on statsing firewall data into a sparkline. However, when I run the search, the sparkline caps out at 1... by biers04 Explorer in Splunk Search 04-16-2021 0 0	0	0
	Expand search based on chart Hi,Is there a way from a dashboard perspective that I present a chart from 2 big groups and if I click on the legend ... by aquinojason Path Finder in Splunk Search 04-16-2021 0 5	0	5