Splunk Search

Community Activity

Truncate logs to 10K for all the sources in SPLUNK (cloud)? Default setting is not applicable for HTTP and TCP l how to truncate logs to 10K for all the sources in SPLUNK (cloud)? The default setting is not applicable for HTTP and... by shilpa155 Observer in Splunk Search 03-26-2021 0 0	0	0
Need get last event occurred time of each day Hi All, I would like to get last event occurred time of each day, my searching window area is last 30 days.For exampl... by paragvidhi Engager in Splunk Search 03-25-2021 0 6	0	6
Find null values in multivalue fields Hello,Need to find null values from multivalue field. I am using mvcount to get all the values I am interested for th... by luna Explorer in Splunk Search 03-25-2021 0 3	0	3
Matching Results of a Search on One Value - Based on the Results of Two Events Hello,I am trying to configure alerting for a Failover Cluster by verifying the running server name, then confirming ... by Razziq Explorer in Splunk Search 03-25-2021 0 2	0	2
Search for events surrounding error clusters - transaction event too large I am trying to do analysis on a historical/intermittent issue that is surround a particular error in our logs.This er... by rlaan Path Finder in Splunk Search 03-25-2021 0 3	0	3
Combining records with the same date I have a search that I am using for tracking VPN connection and I have found that I have users having multiple connec... by Dabob Engager in Splunk Search 03-25-2021 0 1	0	1
How to filter the search with the following record Hi there,Can I know how to get the record from ver 1.1 by case sensitive excluding record from ver 1.2? Currently I h... by zhanweiw Explorer in Splunk Search 03-25-2021 0 4	0	4
compare fields by vpn session user and rdp session Hello everyone. There is a task of comparing the sessions of the user who came from the VPN and further with the same... by nalia_v Loves-to-Learn Everything in Splunk Search 03-25-2021 0 1	0	1
Reg. Correlation searches. Do they have to be configured in Splunk Ent. & ES? Could they be only on one of these 2 ? Reg. Correlation searches. Do they have to be configured in Splunk Ent. & ES? Could they be only on one of these 2 ? ... by SamHTexas Builder in Splunk Search 03-25-2021 0 2	0	2
how do I get daily average over a month for all the pages I receive I receive about say between 10 to 20 alerts per day. All these pages shows as an event in my splunk. How do I find ou... by vadud3 Path Finder in Splunk Search 03-25-2021 1 5	1	5
How do I get status & list of my Correlation searches via GUI & How to get the best out of them? How do I get status & list of my Correlation searches via GUI & How to get the best out of them? by SamHTexas Builder in Splunk Search 03-25-2021 0 1	0	1
CASE command in Props.conf Hello SMEs....Seeking helping handI got stuck while putting EVAL-<field-name> in props.conf using case command and it... by pavanbmishra Path Finder in Splunk Search 03-25-2021 0 6	0	6
One alert but two different timings based on the output of the first alert Hi,I need your help in knowing if it is possible to have an alert that triggers at 1 PM everyday and if the search re... by prettysunshinez Explorer in Splunk Search 03-25-2021 0 1	0	1
Find count of employees based on their experience range, 0-5, 5-10, 10-15, and 15-20 Hi there!I am new to Splunk and i have a task that "Find count of employees based on their experience range, 0-5, 5-1... by SA2 Explorer in Splunk Search 03-25-2021 0 5	0	5
How to make Cluster Map to show Countries My Splunk query is giving results but it is showing latitude & longitude details for all the countries.But i want my ... by alexspunkshell Contributor in Splunk Search 03-25-2021 0 0	0	0
Field Extraction (rex maybe?) Hello All,I am not good in Regular Expressions, I need you assist.In my data, I have a field containing IPs and Ports... by a_n Path Finder in Splunk Search 03-25-2021 0 5	0	5
How to setup scheduled search to run after fulfillment of another? Hi! We have some searches on a dashboard that work way too long as they include several subsearches and calculate dat... by iKate Builder in Splunk Search 03-25-2021 1 7	1	7
Time from a search Hi All,I have a query like below.index="abc" host=xxx \| eval Indicator=if(state=="RUNNING", "10", "0") \| timechart sp... by mariamathewtel Explorer in Splunk Search 03-25-2021 0 7	0	7
Calculate total duration when many transactions are overlap in the time Hello dear community,help me on this issue please.When using the concurrency command to find out if transactions over... by wcastillocruz Path Finder in Splunk Search 03-25-2021 0 14	0	14
How can i search for two concatenated strings? I need to search for a string composed of the month - year in Italian.Example: "March-2021"If I enter "March-2021" in... by antonio147 Communicator in Splunk Search 03-25-2021 0 4	0	4
Splunk query working fine in search but not working in dashboard which has single display I have the below query which works fine in the 'Search' but when I take the same query to a dashboard which has panel... by vn50b7z Engager in Splunk Search 03-25-2021 0 3	0	3
help on rex command hello My field sounds like this 03/01/2019 07:10 0 MBAM CLIENT (2.5_64b) EN.$w$ And I need to catch everything after ... by jip31 Motivator in Splunk Search 03-25-2021 0 17	0	17
help on join command which truncate events HelloThe join comamnd below truncate events because I have results if I execute the ode before the join command but I... by jip31 Motivator in Splunk Search 03-25-2021 0 2	0	2
Compare two different values from two different periods I saw a few exampleshttps://community.splunk.com/t5/Splunk-Search/How-do-I-compare-search-results-from-two-different-... by exocore123 Path Finder in Splunk Search 03-25-2021 0 4	0	4
Sort Column Value in Table from Rex Field Hi,I'm trying to sort a value on a table from a rex field in Splunk Search. For instance, I have below value:DateHos... by bruceaperez New Member in Splunk Search 03-24-2021 0 5	0	5