Splunk Search

Community Activity

Specify span option value in bin command with map I try to use lookup to specify span option value in bin command with map \| inputlookup mylookupup.csv \| fields Index,... by elensare Engager in Splunk Search 09-03-2024 0 1	0	1
Regular Expression hi i want to extract purple part.[Time:29-08@17:53:05.654] [60569222] 17:53:05.654 10.82.10.245 local3.notice [S=2952... by Siddharthnegi Contributor in Splunk Search 09-03-2024 0 2	0	2
Need to find where index was used in lookups, reports, alerts and dashboards. The data coming into one of our indexers recently changed. Now the format is different, and the fields are different.... by bwheelerice Engager in Splunk Search 09-02-2024 0 8	0	8
Help joining the 2 below searches Hi - We have a requirement to join the below eval statement searches, would it be possible if someone could assist w... by tomjb94 Observer in Splunk Search 09-02-2024 0 2	0	2
undefined by romanpro Explorer in Splunk Search 09-02-2024 0 3	0	3
Notepad++ SPL syntax highlighting Hi AllI did a look around for a syntax definition for SPL in Notepad++ and didn't find one. Attached is my attempt. F... by dataisbeautiful Communicator in Splunk Search 09-02-2024 3 0	3	0
searching in splunk indexes Hello everyone! How can we solve the problem of searching for secrets in all or some splunk indexes so that splunk is... by user487596 Explorer in Splunk Search 09-02-2024 0 5	0	5
Why is the map command a risky command? Other than poor speed and performance, is there a reason why the map command is considered dangerous?The official doc... by munang Path Finder in Splunk Search 09-02-2024 1 2	1	2
regx Hi , I want to extract this line from an event.RAISE-ALARM:acProxyConnectionLost: [KOREASBC1] Proxy Set Alarm Proxy S... by Siddharthnegi Contributor in Splunk Search 09-02-2024 0 5	0	5
Skipped search Hi All,I am able to see only 4 status, why am I not able to see status=skipped and status = continued by VijaySrrie Builder in Splunk Search 09-02-2024 0 1	0	1
Create static fields after matching the field value I want to create one static field by looking status value = Issuehostm_nnamestatusAcpuOkBdiskOkCmemoryIssueDnetwokOkE... by RSS_STT Explorer in Splunk Search 09-02-2024 0 7	0	7
Splunk Query I would like to calculate the success rate of the Toup transaction via Channel( APP Or Web) in 4 API calls( E.g 4 Lev... by dinesh001kumar Explorer in Splunk Search 09-02-2024 0 9	0	9
Field extraction using regex Hi All,Can anbody help us with the Regex expression to extract the feild of Channel: values will be either APP or We... by dinesh001kumar Explorer in Splunk Search 09-01-2024 0 4	0	4
Group Events with pattern Hi Splunk Experts,I've been trying to group "WARN" logs, but they have a pattern (Dynamic/ Argument values) in them. ... by Thulasinathan_M Contributor in Splunk Search 09-01-2024 0 2	0	2
alternative to join that works with wildcards in lookups I am trying to use a lookup of "known good" filenames that are within FTP transfer logs, to add extra data to files ... by thx Explorer in Splunk Search 08-30-2024 0 2	0	2
Deriving a date based upon past # of months Hi All,I have a somewhat unusual requirement (at least to me) that I'm trying to figure out how to accomplish. In the... by bcanfiel83 Engager in Splunk Search 08-30-2024 0 2	0	2
Reference Manual for Custom User Interface "Manager XML" When defining a custom modular input in an app, it is possible to design a custom user interface for setting up the p... by guldendraak Explorer in Splunk Search 08-30-2024 1 1	1	1
Need solution with custom time field I am working Service now logs in Splunk. The tickets data has one field called "sys_created" this field gives the tic... by vijaynela New Member in Splunk Search 08-30-2024 0 1	0	1
Missing Data in the Dashboard Tile Hi All We have created a dashboard to monitor CCTV and it was working fine. However suddenly data stopped populating.... by jaibalaraman Path Finder in Splunk Search 08-30-2024 0 5	0	5
How to get searches with time range as All Time? Hello All, I need to search for SPLs having time range as All time. I used the below SPL:- index=_audit action=searc... by Taruchit Contributor in Splunk Search 08-30-2024 0 2	0	2
Use time and field from subsearch as search criteria in main search I have a subsearch[search index="june_analytics_logs_prod" (message=* new_state: Diagnostic, old_state: Home*)\|spath ... by nkavouris Path Finder in Splunk Search 08-29-2024 0 2	0	2
How to compare the field values from last 48 hours with field values from today Hi Splunkers, I'm trying to compare the policy names from Today with policy names from past 48 hours to see if there ... by shashank9 Explorer in Splunk Search 08-29-2024 0 5	0	5
Unknow command (__f!=v) in search log at job inspector Hello,I've create a search which contains (...(CallerCountry="CN")).When I take a look in the search log in the job i... by manuelostertag Path Finder in Splunk Search 08-29-2024 1 1	1	1
fileSizeGB AND fileCount thresholds Wondering if there are any industry best practices and/or recommendation for setting fileSizeGB AND fileCount thresh... by DDowns New Member in Splunk Search 08-29-2024 0 1	0	1
Table using regex Below is my raw log [08/28/2024 08:14:50] Current Device Info ... *************************************************... by VRP136 Engager in Splunk Search 08-29-2024 0 5	0	5