Splunk Search

Community Activity

Using regex to filter by file directory I have a field in splunk named commandline. I want to filter this field just by values containing "C:\"This appears ... by nwalker15 Engager in Splunk Search 03-16-2021 0 2	0	2
Compare search results to current data I have a search that looks at AD data to determine if a user was disabled more than 6 months ago. My intention was f... by sfefcu Path Finder in Splunk Search 03-16-2021 0 2	0	2
combine two tables into a multi series visualisation Hi Splunkers, I have the below tables generates from the below queries and i'm looking for a consolidated multi-serie... by splunk_ier Engager in Splunk Search 03-16-2021 0 0	0	0
How to calculate duration time after office hour within a month Im currently having trouble with query to get result of user activity duration after office hour within a month.i exp... by Splunkin Explorer in Splunk Search 03-16-2021 0 5	0	5
how to find percentage? Hi, @gcusello @dmarling I Have a doubt in calculating the percentage.First query:(index=71412-cli sourcetype=show_int... by priyastalin Explorer in Splunk Search 03-16-2021 0 5	0	5
Error lookup table Hello I am new to Splunk and I want to connect my salesfoce org to splunk app, but there is no data retrieved from th... by Oubayda Loves-to-Learn Lots in Splunk Search 03-16-2021 0 0	0	0
Increase Time on event TimeStamp for two different times Hey Splunksters,How can I go about getting to the next hour and 15 min - when min is 15 min past the hour for a times... by Mary666 Communicator in Splunk Search 03-15-2021 0 9	0	9
Basic Query help I just want to look for a hash signature in Splunk. Example: d09a773dab9a20e6b39176e9cf76ac6863fe388d69367407c317c716... by mnmn777 Observer in Splunk Search 03-15-2021 0 3	0	3
Compare data between two sourcetype I have two different sourcetypes src_a, src_b.src_a: This is a CSV uploaded from Server (has expected results for eac... by VandanaBansal Loves-to-Learn in Splunk Search 03-15-2021 0 4	0	4
Retrieve the name of the current search I would like to be able to retrieve the name of the current search to pass to a macro in the search.Saved Search name... by Scott_Kudelski Explorer in Splunk Search 03-15-2021 0 3	0	3
Track users web activity after arriving the landing page Greetings all,I'm currently working on a A/B testing dashboard to see which landing page is having more engagement. O... by Montalvolll Explorer in Splunk Search 03-15-2021 0 0	0	0
Import a matrix Q1: is there a way to import a matrix into Splunk? Q2: What SPL command gives me all values set to true and tells m... by youngsuh Contributor in Splunk Search 03-15-2021 0 3	0	3
How to perform "custom" inner join? Hi everyone, See if someone could give me a hand. My scenario is similar to this:Table 1IDID2Whatever rest columns...... by designer46 Explorer in Splunk Search 03-15-2021 0 4	0	4
Scheduled search for populating summary index ignores the last 30 seconds of events Hello,I recently faced an issue when populating a summary index. I scheduled a saved search to run every hour (with t... by Sharzi Explorer in Splunk Search 03-15-2021 0 3	0	3
tstat hourly time span without snapping to hour, relative to start of absolute time range instead Hello,I am trying to collect stats per hour using a data model for a absolute time range that starts 30 minutes past ... by akarollil Explorer in Splunk Search 03-15-2021 0 4	0	4
sub search join not working , returning incorrect results Hello, I have 3 queries as below and all 3 return starid, I need to check if starid from query 1 exists on starid fro... by msrama5 Explorer in Splunk Search 03-15-2021 0 3	0	3
compare two fields in json data and display data in the third field for the matched data Hi all,I have only started working on splunk recently and i am stuck at one query. So, I have JSON data like below: c... by nikitha15 Explorer in Splunk Search 03-15-2021 0 1	0	1
Reading from a specific log file Hi, I am very new to Splunk. I would like to know how to search just the latest log file from the below screenshot.... by rsmall13 Explorer in Splunk Search 03-15-2021 0 3	0	3
Real time alerts Hi, I'm looking to create a real-time alert, but I don't see the alert type option of 'real-time' as shown below. We... by rsmall13 Explorer in Splunk Search 03-15-2021 0 0	0	0
help on token which has to return empty values hello I use a scheduled search where I stats events like this :\| stats last(LastReboot) as "Last reboot date" by host... by jip31 Motivator in Splunk Search 03-15-2021 0 1	0	1
JSON - an array, many fields, mvzip and mvexpand issue Hi, am I doing this correct or is there another way to tabulate this JSON?I've seen many examples on the forums of pe... by JimboSlice Path Finder in Splunk Search 03-15-2021 1 8	1	8
Count field on specific value using streamstats Hi Splunkers, Anyone can help, I need to count field Flag where value is 0.I've tried using this command " streamstat... by bernanda Explorer in Splunk Search 03-15-2021 0 2	0	2
help on transpose command hello In the search below, I need to display anything if the Hostname is not foundActually, I have the fields display... by jip31 Motivator in Splunk Search 03-15-2021 0 2	0	2
How to get data through REST API into SPLUNK APP HiWe have to retrieve DATA through REST API and then display the data in the dashboard.After reading documents, the a... by emily12234 Explorer in Splunk Search 03-14-2021 0 1	0	1
How to join table of usertypes with user detail I have a table of users and their position level across an organization. How would i join the table of positions and ... by spammenot66 Contributor in Splunk Search 03-14-2021 0 3	0	3