Splunk Search

Community Activity

How to query events where the latest event field is only a specific value? HiI have a request to find all users that have outcome=fail as the latest event. The outcome can be fail or successfo... by Glasses Builder in Splunk Search 04-23-2021 0 2	0	2
How to Use Field Values in Endswith Parameter of Transactions Hello!I am trying to group my log entries based on very specific criteria but can't seem to figure out how to do so.I... by Traer001 Path Finder in Splunk Search 04-23-2021 0 0	0	0
Coalesce that shows the Field and Value in a Table Good Afternoon,I am working on a coalesce query that looks like this: \| makeresults\| eval Name="John", NAME="Johnny",... by JaysonD123 Explorer in Splunk Search 04-23-2021 0 2	0	2
How to check if a field contains a value of another field? I would like to take the value of a field and see if it is CONTAINED within another field (not exact match). The text... by jpolcari Communicator in Splunk Search 04-23-2021 3 15	3	15
Search statistics format not shared New to this so probably a very basic question....A user has a query that comes out with a nicely formatted statistics... by harryc42 Explorer in Splunk Search 04-23-2021 0 4	0	4
calculated fields with strptime Hey there,I have a _raw where I am extracting a timestamp. But this is in a bad format. So I wanted to have a "calcul... by Bastelhoff Path Finder in Splunk Search 04-23-2021 0 2	0	2
Search on existing search results? Preemptive note, I am not looking for instructions on how to run a subsearch. I have results from a completed search ... by Haybuck15 Explorer in Splunk Search 04-23-2021 0 1	0	1
ta-pfense - new test install, no fields Trying to use splunk. Installed ta-pfsense, and I have data showing up from my pfsense firewall, the problem is it s... by nullzeroroute New Member in Splunk Search 04-23-2021 0 0	0	0
Counting sessions with missing events Hey gang - searching for missing data is probably the weakest part of my Splunk skillset. I just have a hard time th... by ShagVT Path Finder in Splunk Search 04-23-2021 0 2	0	2
How to upload a lookup file to a Splunk Cloud "staging area" or through REST API? Hi, In order to automate the deployment pipeline of Splunk Apps into different instances, our team has the requiremen... by jfgomez0912 Explorer in Splunk Search 04-23-2021 1 2	1	2
Blacklisting Wineventlog Hi Team, I got a requirement to filter out for the source [WinEventLog:Security] for 14 host (Host and Computer Name ... by anandhalagaras1 Contributor in Splunk Search 04-23-2021 0 4	0	4
Query to find newly added sourcetypes Hi, I am using below query to find the newly added sourcetypes . \| metadata type=sourcetypes \| eval time=now()-firs... by kteng2024 Path Finder in Splunk Search 04-23-2021 0 3	0	3
Using if condition in input and path fields of spath I have an xml file and using spath for it.My xml is having a tag like:<messages><name>test1</name><message-a><cust-id... by sasireka Loves-to-Learn Lots in Splunk Search 04-23-2021 0 1	0	1
Splunk Query Regular Expression Dear Team, I've below Splunk log and trying to get stats count based on consumer_application. I've tried below regul... by ramzadabala Observer in Splunk Search 04-23-2021 0 1	0	1
How to customize the view of the values a particular field, in table visualization? Hello Splunkers,I have used unicode characters, to display trend, in my splunk dashboard. BUt the size of those chara... by sarvesh_11 Communicator in Splunk Search 04-23-2021 0 10	0	10
How do I filter events by lookup time? I have a lookup table like in splunk this:earliest_timelatest_timeS_NOSRC_IP3/1/20214/1/2021E100210.10.10.10 I want t... by imheejin Explorer in Splunk Search 04-23-2021 0 1	0	1
how to use part of field name to group columns and add values? Hi, I got a set of table that has "_time" as row values and "hosts" as column values like below._timehost-1-1host-1-... by hannahb New Member in Splunk Search 04-23-2021 0 2	0	2
Counting percentage with completion and not completed status Hi, I have following data:And I am trying to create SPL which gets me following result:I tried eventstate and stats c... by k31453 Explorer in Splunk Search 04-22-2021 0 1	0	1
How to pass an attribute from one event to another in order to create a table to summarize data Hi guys!I'm a newbie to Splunk and I would appreciate if you could help me out on this one (Thank you to all the memb... by cindygibbs_08 Communicator in Splunk Search 04-22-2021 0 2	0	2
How do I monitor changes to config files? Hi, Brand new user of Splunk here. I'm currently evaluating Splunk Enterprise. I need a bit of help understanding w... by AndreasMartenss Explorer in Splunk Search 04-22-2021 1 19	1	19
How do i extract a value from one search, use it in a second search, and then output fields from both searches Hi I need to search one index, extract a value from a field from that search, then use that value when searching a di... by ezmo1982 Path Finder in Splunk Search 04-22-2021 0 1	0	1
Get the count of events in a search and use it to calculate another field I need to get the count of the total number of events in the search and use it later to calculate the value of anothe... by deepaksn1214 Engager in Splunk Search 04-22-2021 0 1	0	1
Convert number to string, to avoid being counted by addtotals/addcoltotals Hi, I am creating a report with "chart field1 field2", field2 only has 2 values. So the result has 3 columns: Field1,... by AllenZhang Explorer in Splunk Search 04-22-2021 0 2	0	2
calculate sum of duration Hi everyone,I have calculated a duration field like this for exampleDuration 00:22:02 00:19:26 00:04:26 00:20:16 00:1... by g_paternicola Path Finder in Splunk Search 04-22-2021 0 2	0	2
Delemma when searching Apps a particular TA is not in the list for all apps ? where is it ? I am doing an inventory of all apps on my search head - but one I have noticed is not listed - I have thrown the kit... by jcorcoran508 Path Finder in Splunk Search 04-22-2021 0 1	0	1