Splunk Search

Community Activity

	Search generates this error - Regex: regular expression is too large This is the search with some anonymization. index=index_1 sourcetype=sourcetype_1 field_1 IN ( [ search index=in... by jwhughes58 Contributor in Splunk Search 10-03-2024 0 6	0	6
	dedup or filter row with condition How do I dedup or filter out data with condition?For example:Below I want to filter out row that contains name="name0... by LearningGuy Motivator in Splunk Search 10-03-2024 0 11	0	11
	The "where count" clause is showing no results I'm trying to create an alert. The alert's query ends with " \| stats values() as by actor.displayName \| stats coun... by anayi Observer in Splunk Search 10-03-2024 0 2	0	2
	How to join two tables for more data Good day,I have done a join on two indexes before to add more information to one event. example get department for a ... by JandrevdM Path Finder in Splunk Search 10-03-2024 0 1	0	1
	How to find the latest event per device Good day,I am trying to find the latest event for my virtual machines to determine if they are still active or decomm... by JandrevdM Path Finder in Splunk Search 10-03-2024 0 4	0	4
	How to have multiple fields (non numeric) in x-axis on a bar chart? My Splunk Search is as followsindex="someindex" cf_space_name="somespace" msg.severity="*" \| rex field=msg.message ".... by th1agarajan Path Finder in Splunk Search 10-02-2024 0 1	0	1
	How to write a cron schedule to run Splunk alerts biweekly on Mondays? I have a requirement to Trigger Splunk Alerts Bi-Weekly Mondays (Not 1st and 3rd OR 2nd and 4th weeks) and if a mont... by prakashbhanu407 New Member in Splunk Search 10-02-2024 0 6	0	6
	Issue with StateSpaceForecast from the MLTK app I have a dashboard that a specific team uses. Today, they asked about why one of the panels was broken. Looking into ... by Abass42 Communicator in Splunk Search 10-02-2024 0 0	0	0
	Regex Help probably a basic questioni have the following data 600 reasonand this rex(?<MetricValue>([^\s))]+))(?<Reason>([^:\|^R]... by darkins Engager in Splunk Search 10-01-2024 0 2	0	2
	Count X's in each field in a table and total them in the last column Hello everyone, I have a table (generated from stats) that has several columns, and some values of those columns have... by alferone Explorer in Splunk Search 10-01-2024 0 3	0	3
	Yesterday data dashboard filtering - An extension of this:https://community.splunk.com/t5/Splunk-Search/Looking-at-yesterdays-data-but-need-to-filter-the-... by nelesama Explorer in Splunk Search 10-01-2024 0 4	0	4
	Lookup search wigh showing matched keyword Hello SplunkersHow can i utilize a lookup in a correlation search showing the detected keyword in the search result ?... by msalghamdi Path Finder in Splunk Search 10-01-2024 0 5	0	5
	Adding a Total column (without using addtotals) Sometimes I set myself SPL conundrum challenges just to see how to solve them. I realised I couldn't do something I ... by tread_splunk Splunk Employee in Splunk Search 10-01-2024 0 8	0	8
	how to get statistical values for different fields I have to create a base search for a dashboard and I am kinda stuck. Any help would be appreciated. index=service msg... by varsh_6_8_6 Explorer in Splunk Search 09-30-2024 0 2	0	2
	Is there a way to monitor the number of files in the dispatch directory over time? Hi I am looking to monitor the dispatch directory over time.I know I can get the current results by using this\| rest ... by robertlynch2020 Influencer in Splunk Search 09-30-2024 0 3	0	3
	eval percent line is not producing values in the table I am working on obtaining all user logins for a specified domain, then displaying what percent of those logins were f... by DLevine_ Explorer in Splunk Search 09-30-2024 0 4	0	4
	How to identify a skipped scheduled accelerated report ? I have noticed that a saved search is chronically skipped, almost 100% but I cannot trace it back to the origin.The s... by Glasses2 Communicator in Splunk Search 09-30-2024 0 4	0	4
	Filter for messages that contains text with quotation marks Hi, I'm having a hard time trying to narrow down my search results. I would like to return only the results that cont... by raculim Explorer in Splunk Search 09-30-2024 0 6	0	6
	How to join search results from two indexes based on multiple conditions I have 2 indexes - index_1 and index_2index_1 has the following fieldsindex1IdcurrEventIdprevEventIdindex_2 has the f... by ravi_lookout Explorer in Splunk Search 09-30-2024 0 10	0	10
	Dynamic eval mvindex. Good morning fellow splunkers.I have a challenge and was wondering if anyone could help me. In some logs with multipl... by BoscoBaracus Engager in Splunk Search 09-30-2024 0 5	0	5
	Splunk dashboard table panel with dynamic token hello, I have an issue when creating some visualization in splunk dashboard. Im using dashboard studio, and my object... by elend Communicator in Splunk Search 09-28-2024 0 5	0	5
	Why does Dashboard Classic not return result even though "Open in search" does? Here is a really simple dashboard: <form version="1.1" theme="light"> <label>Simple input</label> <fieldset submi... by yuanliu SplunkTrust in Splunk Search 09-28-2024 0 1	0	1
	not getting output Hi All I am using Office365, i have an office365 unified group and users are getting removed from this office365 gro... by risingflight143 Explorer in Splunk Search 09-28-2024 0 1	0	1
	How to update enableSched in savedsearch.conf using python script I have to create a custom command using python script to update a particular property(enableSched) from 1 to 0 or 0 t... by sivaranjiniG Communicator in Splunk Search 09-28-2024 0 1	0	1
	Produce single row by combining multiple row and column Hi Splunk,I have a table like belowComponent Green Amber RedResp_time 0 200 4005xx 0 50 1004xx 0 50 100 I want to com... by Naveenkumar Engager in Splunk Search 09-28-2024 0 3	0	3