Splunk Search

Community Activity

How to show logs happened 2 min before and 2 min after certain log Hi Splunkers,i have search like thisindex=pkg_prespvm host IN (*)\| dedup _raw\| transaction host startswith="[Informat... by ivana27 Path Finder in Splunk Search 03-07-2021 0 1	0	1
Concurrent VPN connections. Hi guys, I'm going crazy and I'm completely lost. I'm trying to create a query that displays concurrent connections. ... by weetabixsplunk Explorer in Splunk Search 03-07-2021 0 1	0	1
Combine Sub searches with different time references Hey, right now I am a bit messed up in the mind and not sure if I try to find an overly complicated solution to a may... by MarcusBB Explorer in Splunk Search 03-07-2021 0 3	0	3
How to get counts of same field with different info Hello,We are logging various info during job level. Message filed carries all the info. I would like to get count of... by Murali51 Explorer in Splunk Search 03-06-2021 0 8	0	8
How to leverage a secondary time field at scale? I have a dataset that has both FINISHDATE and CHANGEDATE fields in text. We use strptime(CHANGEDATE) for _time but w... by woodcock Esteemed Legend in Splunk Search 03-06-2021 1 3	1	3
Where to start learning to write splunk queries by AnonymousPerson New Member in Splunk Search 03-06-2021 0 2	0	2
Read regex based data from a log file using splunk forwarder I have log file which polls an endpoint and if new version has come then only performs the operation. All the polling... by raunakomar New Member in Splunk Search 03-06-2021 0 1	0	1
COmpare or join 2 fields to 3rd output HI All,Need help in comparing 2 fields or join 2 values to build a table for another 2 field.CODE 1: index=opennms "... by jerinvarghese Communicator in Splunk Search 03-06-2021 0 1	0	1
Help calculating error breach rate Hi,I'm trying to build a splunk query to calculate error rate breaches. Essentially, how often in 5 minute intervals,... by jche714 Observer in Splunk Search 03-05-2021 0 3	0	3
Comparing field with weekly average Hi,I am trying to compare a field (Job duration) with its weekly average. Something is wrong with my join. It is retu... by sk Explorer in Splunk Search 03-05-2021 0 4	0	4
How can i calculate the time difference with 1 key value and 1 col of data? Hi there Splunkers,Maybe the title is a little bit weird but the point is, We have an entity who travel between 2 loc... by Felipe_Barahona Engager in Splunk Search 03-05-2021 0 4	0	4
How do I extract a substring beginning by some characters and ending by : Hi,I have this in my message string:Errors in file /u02/app/oracle/diag/rdbms/pwein1a/pwein1a1/trace/pwein1a1_cjq0_28... by proussinbnc Engager in Splunk Search 03-05-2021 0 2	0	2
List indexes that are being used Hello, I am trying to bring up a search that will tell me how much each index is being used, but the search_index fie... by robnewman666 Path Finder in Splunk Search 03-05-2021 0 2	0	2
Need help in append Hello all, I am facing an issue in appending an query. Here my objective is to update the kv store with the list of s... by srinivasgowda Explorer in Splunk Search 03-05-2021 0 9	0	9
JSON formatting I have the below JSON feed that I can see from a straight search. I'm trying to get some stats especially for pools-a... by ThyAbode Loves-to-Learn in Splunk Search 03-05-2021 0 3	0	3
Index specific columns from CSV file. Hello Experts,The CSV file is located on file share and file is having columns Hostname, type, IP. From these three c... by email2vamsi Explorer in Splunk Search 03-05-2021 0 1	0	1
Error using lookup command I am running the below query,sourcetype="email" \| rename SenderAddress as indicator \|lookup tci indicator output type... by Janani_Krish Path Finder in Splunk Search 03-05-2021 0 8	0	8
Configure HTTP Event collector to log client source-IP Hi Team,I am looking to Configure HTTP Event collector to log client source-IP instead of the source host. Is there a... by rakeshkp Loves-to-Learn Everything in Splunk Search 03-04-2021 0 0	0	0
Field extraction for multiple types of values Hello all,I am trying to extract the data from the field evtComponent from the below event, and this has a multiple t... by srinivasgowda Explorer in Splunk Search 03-04-2021 0 2	0	2
Need output value Hi, Output of the below query has been attached, I need only the total value to be displayed in the dashboard. Here t... by VijaySrrie Builder in Splunk Search 03-04-2021 0 1	0	1
Comparision of hourly Log count by average log count of last 7 days. I have a Query need to compare hourly log count of today with the average value of last 7 days, if the count is great... by phanirohith97 Observer in Splunk Search 03-04-2021 0 4	0	4
join search with condition I have two searches:search-A gives values like typestatushostnameidportSizebasecachehttpOFFhost-117NANANANAhttpONhost... by arandy01 Explorer in Splunk Search 03-04-2021 0 4	0	4
Why isn't transaction working for me? I have a process where I load data into database tables. My log file has the following entries for each :TableLoad=... by VictorCrunch Loves-to-Learn in Splunk Search 03-04-2021 0 0	0	0
How to pull latest scan data with full EST date/time? Currently we are having issues with our scan data comming in to out indexer, so we have to use CSV's for scan data .... by UMDTERPS Communicator in Splunk Search 03-04-2021 0 7	0	7
Unique users by application over time periods in a timechart table As a example, I have a search that calculates "Unique Users per Application" and this can be constrained to a particu... by nickstone Path Finder in Splunk Search 03-04-2021 0 5	0	5