Splunk Search

Community Activity

rest jobs runDuration inaccurate values Hi All... As i am trying to find out the the long running search queries using this rest search, its working fine, bu... by inventsekar SplunkTrust in Splunk Search 02-03-2021 0 2	0	2
Find Multiple Users With The Same Unknown Email Subject Scenario: I have 10 machines infected with malware. The believed infection source is email, I am attempting to create... by pcyr Engager in Splunk Search 02-03-2021 0 3	0	3
excluding a search result Hello Splunkers ! i have a problem here, that we're running an infra structure change and for that im getting duplica... by moayadalghamdi Path Finder in Splunk Search 02-03-2021 0 2	0	2
Need help to with query to create a table Hi,I have the below types of logs in in two different hosts in my index:HOST= abclog1: Tue Feb 2 19:07:26 EST 2021 Ho... by Mrig342 Contributor in Splunk Search 02-03-2021 0 4	0	4
Help with improving Regex Here is the regex to extract message_type based on CIM. Could anyone make this faster than 1387 steps?https://regex1... by youngsuh Contributor in Splunk Search 02-02-2021 0 3	0	3
I need help on Splunk query I need help on the query: by thiruyadav17 Engager in Splunk Search 02-02-2021 0 1	0	1
How to get time-based lookups working with KV Store? Have time-based lookups working well with CSV file. When I try to get it working with KV Store, I CANNOT get it to wo... by simpkins1958 Contributor in Splunk Search 02-02-2021 2 5	2	5
Trying to replace "join" with "stats" but issue with multivalue field to "join" on. Hi, I have simplified my query as much as possible. Basically I am looking at two issues with this:1: I cannot perfor... by fsiemonssplunk Explorer in Splunk Search 02-02-2021 0 8	0	8
Why am I getting "500 Internal Server Error" when I go to Settings > Lookups > Lookup Definitions? I was attempting to add a lookup definition in a custom app, but, after visiting the page successfully a few times, n... by adamsmith47 Communicator in Splunk Search 02-02-2021 0 4	0	4
Extract value from first index and search in second index Hi, I'm new to splunk so pardon if its a straightforward queryI want to extract userIds from my first index and check... by ank15july96 Engager in Splunk Search 02-02-2021 0 5	0	5
Calculating difference between two strftime fields Hello Splunkers:I'm looking to determine how many days file is out of date.I have two strftime fields and values:x = ... by jason_hotchkiss Communicator in Splunk Search 02-02-2021 0 2	0	2
Incomplete search results because of lookup definition's maximum match limit in Splunk Re-initiation of an older question I had asked: Hi,I have a need for an alternative of \| lookup abc field1 AS field2 ... by mbasharat Builder in Splunk Search 02-02-2021 0 4	0	4
How to generate a search to find the average Splunk CPU and Memory usage for 24 hours? Hi All, I want to get the Splunk average CPU and memory usage for 24 hours using a search. Can you please help in bu... by nnimbe Path Finder in Splunk Search 02-02-2021 0 7	0	7
Need to create rex command to extract field Hi,We have below type of logs:Log1-- 2021-02-02 10:12:49.889, APP_NAME="com.abcdef.abcdefghijkl", APP_TEMP_NAME="com.... by Mrig342 Contributor in Splunk Search 02-02-2021 0 4	0	4
Field will not convert time Hello Splunkers,I have the following field with a date/time stamp: 2021-02-02 15:58:34.0I am trying to convert it to... by jason_hotchkiss Communicator in Splunk Search 02-02-2021 0 2	0	2
Count objects grouped by transaction I need to count the number objects grouped by a transaction command. The command is:index=* sourcetype="pan:*"\| trans... by mpdharley Engager in Splunk Search 02-02-2021 0 2	0	2
How to filter a record among multiple events I have a table like in splunk this:appname valuetimeapp1102020-12-30app1122020-12-31app2232020-12-30app2202020-12-31 ... by febbi Explorer in Splunk Search 02-02-2021 0 10	0	10
Real time search seems to match results, but never displays them Hello,Our goal is to define some alerts based on some custom searches from our indexed data. We wrote the search quer... by NOCSSMS Explorer in Splunk Search 02-02-2021 0 0	0	0
Lookup csv file doesn't load completely Hello,We're running Splunk 8.0.3 with a 2G/day license and want to load a CSV with 332928 lines so that we can use it... by NOCSSMS Explorer in Splunk Search 02-02-2021 0 2	0	2
Easy Epoch time transformation I have a lot of DB Connect inputs connecting to MS SQL databases. a lot of the data i am pulling from these inputs h... by nkrestakos Engager in Splunk Search 02-01-2021 0 2	0	2
Is the information in the search job inspector stored in Splunk internally so I can query this data and set up dashboards? I have been tasked to find a way to report on the overall query load to our Splunk system by customers that we have u... by feickertmd Communicator in Splunk Search 02-01-2021 2 7	2	7
splunk stream HiMy servers (clients) are running splunk stream. I believe within the deployment server will contain the configurat... by iherb_0718 Path Finder in Splunk Search 02-01-2021 0 1	0	1
How do i check aws autoscaling reason in the AWS log file ? Hi I have seen a significant traffic increase (Network In ) in our environment. However i tried investigating thoug... by jaibalaraman Path Finder in Splunk Search 02-01-2021 0 2	0	2
Query to find events with more than 2 values for a specific field compared to another field I'm trying to create a query to show me all users who have purchased more than 1 type of product.Each event has a "us... by john_byun Path Finder in Splunk Search 02-01-2021 0 2	0	2
How can I group counts by time ranges in a row? For a certain time range, I want to group together the counts in a single row, divided into equal time slices.For exa... by OliverG91 Explorer in Splunk Search 02-01-2021 0 4	0	4