Splunk Search

Community Activity

[SUSE] Crash - Splunk SH is not able to perform a search against indexers. We are testing our upgrade from Splunk 7.3.1 to 8.1.2. Once we upgrade the SH regardless of the indexers' version 7.3... by sylim_splunk Splunk Employee in Splunk Search 03-16-2021 0 2	0	2
[8.0.6] Scheduler stops dispatching scheduled searches intermittently. Our Splunk SH cluster scheduler stopping, users complaining that alerts/scheduled reporting not running or processin... by sylim_splunk Splunk Employee in Splunk Search 03-16-2021 1 1	1	1
Based on key passed want to fetch value data from csv file I have one csv file with empid as key and name as value..sample Data looks like emp id is E101 value is John ..now ... by sandeepshelar4 Loves-to-Learn Lots in Splunk Search 03-16-2021 0 1	0	1
Export Windows Event LOG Hi,I need to import the security and application logs of many windows servers to splunk, but for security reasons I c... by robertocapizzo9 Loves-to-Learn in Splunk Search 03-16-2021 0 1	0	1
Truncate Timechart X Axis To Just Seconds So I have a timechart that I'm using to plot latencies. I am trying to just capture the seconds and miliseconds. I do... by woody1 Observer in Splunk Search 03-16-2021 0 2	0	2
Using regex to filter by file directory I have a field in splunk named commandline. I want to filter this field just by values containing "C:\"This appears ... by nwalker15 Engager in Splunk Search 03-16-2021 0 2	0	2
Compare search results to current data I have a search that looks at AD data to determine if a user was disabled more than 6 months ago. My intention was f... by sfefcu Path Finder in Splunk Search 03-16-2021 0 2	0	2
combine two tables into a multi series visualisation Hi Splunkers, I have the below tables generates from the below queries and i'm looking for a consolidated multi-serie... by splunk_ier Engager in Splunk Search 03-16-2021 0 0	0	0
How to calculate duration time after office hour within a month Im currently having trouble with query to get result of user activity duration after office hour within a month.i exp... by Splunkin Explorer in Splunk Search 03-16-2021 0 5	0	5
how to find percentage? Hi, @gcusello @dmarling I Have a doubt in calculating the percentage.First query:(index=71412-cli sourcetype=show_int... by priyastalin Explorer in Splunk Search 03-16-2021 0 5	0	5
Error lookup table Hello I am new to Splunk and I want to connect my salesfoce org to splunk app, but there is no data retrieved from th... by Oubayda Loves-to-Learn Lots in Splunk Search 03-16-2021 0 0	0	0
Increase Time on event TimeStamp for two different times Hey Splunksters,How can I go about getting to the next hour and 15 min - when min is 15 min past the hour for a times... by Mary666 Communicator in Splunk Search 03-15-2021 0 9	0	9
Basic Query help I just want to look for a hash signature in Splunk. Example: d09a773dab9a20e6b39176e9cf76ac6863fe388d69367407c317c716... by mnmn777 Observer in Splunk Search 03-15-2021 0 3	0	3
Compare data between two sourcetype I have two different sourcetypes src_a, src_b.src_a: This is a CSV uploaded from Server (has expected results for eac... by VandanaBansal Loves-to-Learn in Splunk Search 03-15-2021 0 4	0	4
Retrieve the name of the current search I would like to be able to retrieve the name of the current search to pass to a macro in the search.Saved Search name... by Scott_Kudelski Explorer in Splunk Search 03-15-2021 0 3	0	3
Track users web activity after arriving the landing page Greetings all,I'm currently working on a A/B testing dashboard to see which landing page is having more engagement. O... by Montalvolll Explorer in Splunk Search 03-15-2021 0 0	0	0
Import a matrix Q1: is there a way to import a matrix into Splunk? Q2: What SPL command gives me all values set to true and tells m... by youngsuh Contributor in Splunk Search 03-15-2021 0 3	0	3
How to perform "custom" inner join? Hi everyone, See if someone could give me a hand. My scenario is similar to this:Table 1IDID2Whatever rest columns...... by designer46 Explorer in Splunk Search 03-15-2021 0 4	0	4
Scheduled search for populating summary index ignores the last 30 seconds of events Hello,I recently faced an issue when populating a summary index. I scheduled a saved search to run every hour (with t... by Sharzi Explorer in Splunk Search 03-15-2021 0 3	0	3
tstat hourly time span without snapping to hour, relative to start of absolute time range instead Hello,I am trying to collect stats per hour using a data model for a absolute time range that starts 30 minutes past ... by akarollil Explorer in Splunk Search 03-15-2021 0 4	0	4
sub search join not working , returning incorrect results Hello, I have 3 queries as below and all 3 return starid, I need to check if starid from query 1 exists on starid fro... by msrama5 Explorer in Splunk Search 03-15-2021 0 3	0	3
compare two fields in json data and display data in the third field for the matched data Hi all,I have only started working on splunk recently and i am stuck at one query. So, I have JSON data like below: c... by nikitha15 Explorer in Splunk Search 03-15-2021 0 1	0	1
Reading from a specific log file Hi, I am very new to Splunk. I would like to know how to search just the latest log file from the below screenshot.... by rsmall13 Explorer in Splunk Search 03-15-2021 0 3	0	3
Real time alerts Hi, I'm looking to create a real-time alert, but I don't see the alert type option of 'real-time' as shown below. We... by rsmall13 Explorer in Splunk Search 03-15-2021 0 0	0	0
help on token which has to return empty values hello I use a scheduled search where I stats events like this :\| stats last(LastReboot) as "Last reboot date" by host... by jip31 Motivator in Splunk Search 03-15-2021 0 1	0	1