Splunk Search

Community Activity

	How can I Find what system or host a user is currently logged in to? Hi,I am very new to Splunk.I searched for this but, could not find a match..Is it possible to find what system or hos... by TGel Observer in Splunk Search 04-20-2021 0 3	0	3
	Subsearch Join with a where clause <= comparison to field from main search I have a problem I'm trying to solve in a subsearch query.The problem I'm trying to solve, is to monitor when two sep... by kfancy New Member in Splunk Search 04-20-2021 0 2	0	2
	searching issue Hi Guys,We have this query which will give the output as a table with 3 columns in it by name Servername, ServerIP an... by roopeshetty Path Finder in Splunk Search 04-20-2021 0 4	0	4
	Search w/Inputlookup Subsearch Not Working Hello Experts,I am new to Splunk and trying to get a search query with subsearch to work. Here is what I have so far:... by Kevin_S Explorer in Splunk Search 04-20-2021 0 4	0	4
	how to get data as per _time when count is 0 index=dummy <mySearchCondition>\| search response_code1!=200\| stats countwhen i search for this query i get output as ... by Learner Path Finder in Splunk Search 04-20-2021 0 1	0	1
	Adding field to event without altering existing field I have an index that have a field called ISSUER_NAME, but now we have a new set of events (different log structure) t... by phamxuantung Communicator in Splunk Search 04-20-2021 0 1	0	1
	Different type of parcing in a single index The requirement is, there is a single index . Data in three different format and there is an InputType coming in the ... by ethanthomas Path Finder in Splunk Search 04-19-2021 0 3	0	3
	Trying to create and populate a ProcessingTime field from 2 time fileds I have a log that that has multiple utc times listed. The logs are ingested into Splunk and I have created a field ex... by kesrich Explorer in Splunk Search 04-19-2021 0 3	0	3
	Create Timechart from multisearch Hello everyone!I'm trying to create a time chart of a variable that I have to compute as a global percentage between ... by andres91302 Communicator in Splunk Search 04-19-2021 0 4	0	4
	extraction help Hi Teamcan you please help in extracting the 123456 from following stringhello world \"employee\":123456 by valpravin Engager in Splunk Search 04-19-2021 0 1	0	1
	Add field to an Automatic Lookup Hi All, I am trying to replace gentimes from my query due to slowness. I have read that if I add the field to an auto... by MeMilo09 Path Finder in Splunk Search 04-19-2021 0 0	0	0
	trouble with set diff For inventory management purposes, I have been running the below splunk search for years. It first checks Remedy and... by dwharam New Member in Splunk Search 04-19-2021 0 0	0	0
	Difference between base query, master query and independent query Hi,I am new to splunk and I am trying to create a dashboard with optimizing the independent queries and by using all ... by Dheeru Engager in Splunk Search 04-19-2021 0 1	0	1
	extract key-value pairs that match or contain value, where keys vary across indices What's a scalable to extract key-value pairs where the value matches via exact or substring match but the field is no... by alancalvitti Path Finder in Splunk Search 04-19-2021 0 11	0	11
	How to subtract _time from now()? Hi, guys!I need to get the difference in hours between _time and now(). How can I get this number? by raultav Engager in Splunk Search 04-19-2021 0 1	0	1
	How to compute results using rows /cells from a table? Hello Friends, I'm trying to generate a table that summarizes the total count of events A, B and C as follows search ... by andres91302 Communicator in Splunk Search 04-19-2021 0 2	0	2
	Finding events that do not contain a specific string We have some issues with line breaking such that we have events that often consist of multiple logical events, or the... by teedilo Path Finder in Splunk Search 04-19-2021 0 2	0	2
	How to get the "COD SERIE CEI" which has no events between now and 2 hours ago? Hi, guys!I have an event table, which has a field called "COD SERIE CEI". I need to get the "COD SERIE CEI" which has... by raultav Engager in Splunk Search 04-19-2021 0 3	0	3
	How do I extract a field from my raw stdout log data using rex? Can you please help with extracting the fields from the below sample log. I am unable to escape the "'// &" '" in the... by rseri17 Explorer in Splunk Search 04-19-2021 0 6	0	6
	How To Exclude Results From One Search Where a Field Value Matches the Field Value of Another Search Hello!I have two searches that return separate data but have a common field. I am trying to filter my first search by... by Traer001 Path Finder in Splunk Search 04-19-2021 0 1	0	1
	field extraction with Regular expression giving inconsistent results Hey there,I created a field extraction from UI,using regular expression method,where regular expression got created ... by ayadav38 Engager in Splunk Search 04-19-2021 0 1	0	1
	count over time with open/close events Hello Splunkers,I would like to create a timechart for status. The data only comes when there's an update, so general... by sudo_su Engager in Splunk Search 04-19-2021 0 2	0	2
	ARIMA convert integer machine learning I'm trying to run this query below: (index=A sourcetype=jobs_info JOB_NAME IN (ACQUA)) OR (index=B sourcetype=FIRE) ... by nsantiago17 Explorer in Splunk Search 04-19-2021 0 2	0	2
	SPL - Creating a list using two time stamp entries Hi all, I am trying to create a fourth column which would display all values between a given time range in the single... by jacobmcn67 New Member in Splunk Search 04-18-2021 0 1	0	1
	Multiple same fields in one event with different data I have this XML data in one event but there are multiple transactions with same fieldnames . We need to display them ... by mariannedave Explorer in Splunk Search 04-18-2021 0 2	0	2