Splunk Search

Community Activity

How to Calculate SLA of Different Teams for a Specific Ticket Hi all,We are trying to calculate SLA from Jira logs in our Splunk. What we want to achieve to calculate the time bet... by gozdeyildizz Engager in Splunk Search 12-18-2020 0 5	0	5
Lookup table with several IP ranges per row Hi, I have a lookup table with IP ranges and locations. The problem is in the IP range column there can be several IP... by pgomezji Engager in Splunk Search 12-18-2020 0 2	0	2
Eventtime(_time) is showing 5hours prior to indextime Good morning everyone, I have a source type that is showing the event time as 5 hours prior to indextime. I have trie... by djreschke Communicator in Splunk Search 12-18-2020 0 1	0	1
Splunk Admin searches being queued, but not running. Good afternoon everyone, I am the Splunk admin for our instance of Splunk, and yesterday later in the afternoon, I no... by djreschke Communicator in Splunk Search 12-18-2020 0 5	0	5
How to display output of the stats values function for two fields that have corresponding/related values Hi,I have the below search:\| tstats values(Authentication.src_ip) as src_ip values(Authentication.src_host) as src_ho... by ezmo1982 Path Finder in Splunk Search 12-18-2020 0 1	0	1
search pattern sum count if it repeated more than a day Hi Team,index=AA source=*XXX.log\| rex field=_raw "- (?<uc>U(\d{7}\|\d{8})) "\| rex field=uc "(?<ul5>\d{5})$"\| rex "[^\w... by harsush Path Finder in Splunk Search 12-18-2020 0 4	0	4
Parse JSON object map and mvexpand to separate events I'm struggling with parsing this JSON. This query shows the part of a larger JSON element (response.rules). \| makeres... by bowesmana SplunkTrust in Splunk Search 12-17-2020 0 2	0	2
Alert on user activity past 7 days and today I have a need to find a user(s) that have multiple infections over a 7 day period. Example would be user1 has an inf... by wtaylor149 Explorer in Splunk Search 12-17-2020 0 6	0	6
時間範囲内にあるイベントを検索したい。教えてください。STARTとENDの時間範囲のあるCSVを作成し、その範囲内にあるイベントを数えたいのですが、どのようにクエリを書けばよいでしょうか<pre>started,completed2020/10/2 08:00,2020/... by asukaka Engager in Splunk Search 12-17-2020 0 1	0	1
What is the maximum number of rows we get when we use table command? Environment: Splunk Cloud I am running the below search with table command. The data which I am searching is very hu... by bsuresh1 Path Finder in Splunk Search 12-17-2020 2 3	2	3
How to use IN function with KV tuple lists as a search... This question: How to use IN function with VALUE-LIST as a search or lookup discusses using IN for a single key and ... by alancalvitti Path Finder in Splunk Search 12-17-2020 0 2	0	2
chart totals for series of columns I seem to have tied myself in a knot.I have data similar to:h1 h2 h3 h4a 12 123 231a 32 45 678b 4... by mcaulsc Path Finder in Splunk Search 12-17-2020 0 5	0	5
stats count by : Field value not fully displaying in screen Below are my log entry DateTime=2020-12-16 14:19:01:888 UTC, Type=Orchestrator Event Log, Environment=prod, Thread=[P... by binurajps Engager in Splunk Search 12-17-2020 0 4	0	4
Search Query Hi Team,I have a logfile in which I have few keywords such as ORA-1 , ORA-212, ORA-609 and similarly we have more tha... by anandhalagaras1 Contributor in Splunk Search 12-17-2020 0 7	0	7
how to use rex to extract two words ...from raw logs 2020-12-17T01:21:44.690341+00:00 txn1.test-fdb-us-south-004 2020-12-17T01:21:44Z { "Severity": "10", "Time": "1608168... by rajneeshdba Explorer in Splunk Search 12-16-2020 0 1	0	1
SPL Query Hello Team,I have my service now ticketing logs enabled into my splunk. I do required a below help and suggestions.L... by SabariRajanT Path Finder in Splunk Search 12-16-2020 0 1	0	1
Match mix of CIDR Ips and IPv4 Ips from a lookup to search I have a lookup table which consists of src_ip. This source Ip has mix of Ips in the format:Src_ip163.74.7.212163.74.... by dwibedi03 Explorer in Splunk Search 12-16-2020 0 3	0	3
how to dynamically change rex pattern Hello All,I hope you all are doing well.I have a situation wherein i have to pass current day value (Sun, Mon, Tue et... by vikasverma Engager in Splunk Search 12-16-2020 0 4	0	4
Alert when row count for two searches are not equal I have two events: items received, and items acted on. I want to set an alert when the count by transactionID is not ... by seomaniv Explorer in Splunk Search 12-16-2020 0 2	0	2
Search by values in field In the below table, I was to search by field "Core Content" where "Core Content" should take top 2 highest value. Co... by nivethainspire_ Explorer in Splunk Search 12-16-2020 0 8	0	8
Where are the results of a base search stored? I'm interested in the mechanics of a base search (for a dashboard). Where would the results of a base search be store... by BernardEAI Communicator in Splunk Search 12-16-2020 0 1	0	1
Splunk search Using CURL is not working Hi,Below used query is working perfectly fine when i searched directly in SPLUNK WEB. but when i use the same query i... by manoharkalva Engager in Splunk Search 12-16-2020 0 1	0	1
Regex a value Hello,I have multiple values for a field in my search results and they look like the ones below. Can you show me the ... by timyong80 Explorer in Splunk Search 12-16-2020 0 3	0	3
how to monitor and alert Auto-forwarding rule using O365 activity logs Hi all,Need help to build a query which helps to identify the users that possibly leaking /auto-forwarding emails t... by Newton Engager in Splunk Search 12-15-2020 0 1	0	1
how to replace join in this query? Hi,Anyone please help me in rewplacing join in this below queryindex=168347-np [ \| `last_np_sourcetype("index=168347-... by pstalin_ Engager in Splunk Search 12-15-2020 0 7	0	7