Splunk Search

Community Activity

I'm looking to compare the _indextime to the _time field to look for anomalies I'm looking to do some alerting or analysis to help troubleshoot lag time and logging. I'd like to compare the _index... by crlunde Loves-to-Learn Everything in Splunk Search 02-19-2021 0 1	0	1
splunk I have two queries and i want to append those two queries and i need new column for separationfor ex:i got below resu... by vinod0313 Explorer in Splunk Search 02-19-2021 0 1	0	1
Changing max length of field I have a field that is more than 10,000 characters. I updated props.conf to include [source::log.txt] TRUNCATE=20000... by sc0tt Builder in Splunk Search 02-19-2021 0 8	0	8
How to check field values containing an underscore in splunk? Hi All, I was trying to filter out the usernames which contains underscore in splunk. I had tried with regex Accoun... by iamarkaprabha Contributor in Splunk Search 02-19-2021 0 3	0	3
Comparing 2 results and showing difference My scenario is that I am trying to alert in the event where a user has been provided to an application but that same ... by willadams Contributor in Splunk Search 02-19-2021 0 2	0	2
How to exclude the results from subsearch I have one query which looks like:Query1:index=test "TestRequest" \| dedup _time \| rex field=_raw "Price\":(?<price>.... by nits Explorer in Splunk Search 02-18-2021 0 4	0	4
parse and index json fields from string message Hello,I have log in the format "2021-02-18T16:17:12,189Z [main] INFO logname -streamstart-k1:V1,K2:V2,K3:V3,streamsto... by vashodha Loves-to-Learn Lots in Splunk Search 02-18-2021 0 4	0	4
Extract a string Hi everyone, I have the below string.isadhakdahdj asdh, hosadhao activity=Follow Up, entryName=Initial Outreach, asas... by rbachu1 Explorer in Splunk Search 02-18-2021 0 2	0	2
Compare 2 queries in a dashboard hello All, I have created a dashboard with two panels. The first panel runs a search (query below) for time-window-1 ... by Joe20 Explorer in Splunk Search 02-18-2021 0 1	0	1
Splunk field extraction Hello All, I am new to splunk and I have a question regarding the splunk field extraction. Consider the following ex... by Joe20 Explorer in Splunk Search 02-18-2021 0 2	0	2
How to convert seconds to [h]:mm:ss? Hi Guys! I have an error duration in seconds, how can I convert it to [h]:mm:ss? I used the below query but the if ... by auaave Communicator in Splunk Search 02-18-2021 1 6	1	6
Using bar dashboard with drilldowns > link to search > custome (with $click.value$ variable) I am trying to use the Drilldown on Click > Link to Search > custom :LOGRC_TYPE=F8 \| eval FUNC_TRAN =AFI_LOG03FUN+"-... by aneyraba New Member in Splunk Search 02-18-2021 0 0	0	0
Passing dynamic parameters in search running from cli Hi, Is there was to dynamically pass a value like below in Splunk for running a search from cli.I am trying to write ... by bsrikanthreddy5 Path Finder in Splunk Search 02-18-2021 0 2	0	2
Extracting XML value with <> using regex I need to create a regex to match the fieldname for first match and fieldvalue for the second match. Issue happens w... by michaelrosello Path Finder in Splunk Search 02-18-2021 0 11	0	11
How to check the total consumption out of the 500MB provided by free splunk? Hi, In my production environment, I have two Asterisk Servers installed where one of them caters to 95% of the data w... by hishamjan Explorer in Splunk Search 02-18-2021 0 6	0	6
more regex help :/ Hey All,I am trying to pull the username from the following event which is everything after the Rightnetworks\ in the... by tkerr1357 Path Finder in Splunk Search 02-18-2021 0 4	0	4
How to disable 'Export Results' for specific users or roles? Hi Splunkers, I was wondering if there is an option to disable Export Results option for specific users or roles. Ba... by Murali2888 Communicator in Splunk Search 02-18-2021 2 7	2	7
Listing detail of an individual without using stats and BY Hi,I have a dataset about transactions, each event is a transaction detail about response code(success or not), their... by phamxuantung Communicator in Splunk Search 02-18-2021 0 1	0	1
rex for dynamic parttern Hi, I have a raw log with structure like this: TIME\|FROM\|TO\|URL\|ERROR\|STATUS\|ALERT Example:Wed Jan 6 15:10:01 2021\|De... by phamxuantung Communicator in Splunk Search 02-18-2021 0 5	0	5
how to extract one value from log Hi,i have log like this[Information] WebService Call CheckVehicle : country=111111, licensePlate=12DUMMYAnd i would l... by ivana27 Path Finder in Splunk Search 02-18-2021 0 9	0	9
How to sort the count by ajees_basha Explorer in Splunk Search 02-17-2021 0 1	0	1
Search 1hr using IPs from 24hr How would I take a 24 hour search such as: index=* \| iplocation src_ip \| stats count by src_ip, Country, dest_ip, des... by mztopp Explorer in Splunk Search 02-17-2021 0 4	0	4
convert table data to comma separated key value pair output I am pretty new to splunk and i have a query which uses TABLE command to filter output on certain fields. The output ... by aniket New Member in Splunk Search 02-17-2021 0 2	0	2
Using stats to join data instead of transaction I have two sources that have a common field (user) and am currently using transaction to join the user_a with the sou... by Kupo Engager in Splunk Search 02-17-2021 0 2	0	2
Comparing two fields in different format from two different sources Hi Everyone,I am trying to use a lookup table and an index to get an output as a comparison of two fields from two d... by amsagg Observer in Splunk Search 02-17-2021 0 2	0	2