Splunk Search

Community Activity

	How to alert when difference in count of two query is greater than some value I have a below query where i search two text field and see how many time each occurred and find the difference. ("SSO... by icenitesh Engager in Splunk Search 01-15-2021 0 5	0	5
	XML field extraction with spath eval FunctionalRef=spath(_raw,"n2:EvtMsg.Bd.BOEvt.Evt.DatElGrp{2}.DatEl.Val") -> I am getting two(2) values DHL546625... by 4uramana4u Explorer in Splunk Search 01-15-2021 0 3	0	3
	How to cut the value using REX command I have the field - DATE, for example:DATE: ^9F33006E0F848^00950108080008000^9F37008B1832B33^9F1E0163236353132303337^9... by Luninho Explorer in Splunk Search 01-15-2021 0 3	0	3
	extract string between backward slash and quote {\"reference_id\":\"REF1\",\"sub_reference_id\":\"sub_ref_1\"}required output : table of reference_id, sub_reference_... by pinalshah341 Loves-to-Learn in Splunk Search 01-15-2021 0 5	0	5
	Trying to do a Top command per hourly intervals Hi There,I have a search that shows the top 2 Id's that have the most payments processed in each country. I'm trying ... by Johnnerz Engager in Splunk Search 01-15-2021 0 1	0	1
	dynamically assigned maxspan in transactions HiI am searching for an option to dynamically assign value for MAXSPAN in a transaction. The value should come as a r... by boromir Path Finder in Splunk Search 01-15-2021 0 6	0	6
	SPL querry I have a lookup with server details and OS details(details are in the below table), and the index with CR no., Date, ... by srujana96 Explorer in Splunk Search 01-15-2021 0 1	0	1
	Identify missing events based Lookup list of values Hey TeamI have events which contains a field "job_code". index=default source=jobfeed I have a lookup (jobs.csv) whic... by rangarbus Path Finder in Splunk Search 01-14-2021 0 4	0	4
	Configuration initialization for Path took longer than expected\|warning WARN [Indexer] Configuration initialization for C:\Program Files\Splunk\var\run\searchpeers\Seachheadbundle took long... by jat_ashish Explorer in Splunk Search 01-14-2021 0 6	0	6
	A column from mstats becomes empty after join command Hi,I'm trying to create a dashboard which shows various stats for a list of servers. It will pull it's data from seve... by eddieddieddie Path Finder in Splunk Search 01-14-2021 0 5	0	5
	Set token from dropdown Hi,I have a dropdown with dynamic query<input type="dropdown" token="clientId" searchWhenChanged="true"><label>Integr... by smahuja Explorer in Splunk Search 01-14-2021 0 4	0	4
	Issue adding a symbol after a field value The following previous splunk thread works fine:https://community.splunk.com/t5/Archive/Insert-sign-for-each-result-i... by UMDTERPS Communicator in Splunk Search 01-14-2021 0 2	0	2
	Get multiple name/value from JSON file Hi everyone,I've been trying several day to create a query that can give me the list of name/value inside the JSON f... by abilis Explorer in Splunk Search 01-14-2021 0 4	0	4
	Splitting up data into multiple columns Hello i am using the following search host=XXX sourcetype=ZZZ http_status=500 OR http_status=502 "HighCostAPI"\| stats... by eb1929 Explorer in Splunk Search 01-14-2021 0 4	0	4
	Can I have a subsearch that returns a list of sources for the main search to use? Hello,I'm working on a splunk alert that monitors processes. If a process has been running for a long time I want to ... by schilds427 Explorer in Splunk Search 01-14-2021 0 2	0	2
	Extract values from field conditionally on other field value Hi Splunkers,Below is my issue:Having multiple xml files, I need to monitor all the files and extracted the values fr... by dhirendra761 Contributor in Splunk Search 01-14-2021 0 9	0	9
	Show multiple machines for lockouts Hi all,A past consultant of ours wrote the following correlation search to detect excessive user account lockouts:ind... by Ewong Explorer in Splunk Search 01-14-2021 0 3	0	3
	three queries that produce tables, need to combine the results into one table Need some help with and advance joining of 3 queriesI have three queries that produce tables, I need to combine the ... by okretzer Engager in Splunk Search 01-14-2021 0 2	0	2
	Creating drilldown to new tab for auto search without adding custom search I am trying to make it so if a user clicks on any cell in a Dashboard showing a Statistics table, that will result in... by aalvino Engager in Splunk Search 01-14-2021 0 3	0	3
	There are 2 timestamp formats in a log file <Jan 10, 2021 6:58:06 PM CST> <Info> <WorkManager> <BEA-002942> <CMM memory level becomes 0. Setting standby thread p... by lish123 Loves-to-Learn Lots in Splunk Search 01-14-2021 0 10	0	10
	Functionality of keepevicted not clear I'm trying to understand the functionality of keepevicted. I've read several documentation about it but it's still no... by rrovers Contributor in Splunk Search 01-13-2021 0 4	0	4
	Combining 2 regex searches to a single one breaks the output results \| Shows complete event instead of regex filtered I have an index cloud_stats on which I need to create a daily error count by source report, so that we can work on th... by sysamit Engager in Splunk Search 01-13-2021 0 2	0	2
	What's Wrong With This Query? Hoping to filter a search based on a list of values from a subquery where in both cases it's matching against a rex'd... by ahcarpenter Engager in Splunk Search 01-13-2021 0 3	0	3
	Match fields in different searches and send alert Hi, I have two searches Search 1 = index="appv" sourcetype="AppV-User" PUT /packageSearch 2 = index="appv_latest" s... by SS1 Path Finder in Splunk Search 01-13-2021 0 6	0	6
	Filter search by subsearch values Hi,What's the best way to filter a search against a set of unique id's in a subsearch?Currently, approaching it as su... by ahcarpenter Engager in Splunk Search 01-13-2021 0 1	0	1