Splunk Search

Community Activity

Calculation of availability Hello dear community.I'm a beginner on Splunk. I would like to have your help today on a project that I am doing. I h... by wcastillocruz Path Finder in Splunk Search 12-09-2020 0 8	0	8
Regex Truncation vs Rex Hi,I searched and found several tickets regarding my situation, but all lead to nowhere. So, my situation...Unfortun... by cdstealer Contributor in Splunk Search 12-09-2020 0 0	0	0
Duration Filter help Hi All,Need help in the Duration filter.Code: index=opennms "ciscoLwappApIfUpNotify" OR "ciscoLwappApIfDownNotify" \|... by jerinvarghese Communicator in Splunk Search 12-09-2020 0 1	0	1
Sourcetype not same in index & tstats I am trying to create a query using tstats from datamodel Malware, one of the sourcetype 'abc' that i want to includ... by warsaw Loves-to-Learn Lots in Splunk Search 12-09-2020 0 3	0	3
Results on daily basis with rangemap My Query : --- \| stats count by "response time" \| rename "response time" as "time_taken" \| rangemap field=time_taken ... by vijkuma Engager in Splunk Search 12-08-2020 0 2	0	2
How to input a file and retrieve output in splunk dashboard? Hi Team, I have a query that executes in my dashboard. I want to provide the input as a CSV file(with list of IDs) an... by djroks89 Explorer in Splunk Search 12-08-2020 0 0	0	0
Help with Stats count expression?? Hi Everyone,I'm newer-ish to splunk. I'm doing a search similar to this in splunk : index=mfa sourcetype=lexus Subca... by kfinn Explorer in Splunk Search 12-08-2020 0 7	0	7
count events by day when stats has multiple BY clause Goal - I am searching for "number of actions per unique customer" metrics from API metric logs.below is my query. Be... by mrmiddleclass1 Observer in Splunk Search 12-08-2020 0 3	0	3
Maniupulating _time to remove 0 values from line chart I have a line chart in which I'm trying to monitor response time for a certain network call. I want to see the averag... by ericwindmill Observer in Splunk Search 12-08-2020 0 1	0	1
Eval JSON_EXTRACT Issues All,I'm working on extracting some key info out of an Ansible HEC collector. I'm hoping to use json_extract stuff li... by indigo42 Explorer in Splunk Search 12-08-2020 1 8	1	8
Extracting fields from nested JSON event I have a very complex nested JSON event and need to extract 2 fields. I've managed it with less complicated ones but ... by kmaron Motivator in Splunk Search 12-08-2020 0 5	0	5
How to correlate an event using two different indexes? I'm trying to create a query that will provide me with events that use two indexes. The results are to show events wh... by bcjammer03 Explorer in Splunk Search 12-08-2020 0 2	0	2
Extracting new fields from data in another field Hi gurus,I am new to Splunk but have this task that I'm stumped on:I have a query that looks like this:index=pp_secur... by squoggle Engager in Splunk Search 12-08-2020 0 2	0	2
Spl Hello Splunkers,Can you please guide me, my assignment_group column is not populating. Any issues i have done while c... by uagraw01 Motivator in Splunk Search 12-08-2020 0 1	0	1
Reporting Hi Splunkers!Hope you guys are doing good. I'm working on a usecase where I have to show daily chart of overall resul... by revanthammineni Path Finder in Splunk Search 12-08-2020 0 3	0	3
get data by time hi all, in my original search im getting data by folloing command: \| stats range(_time) as timetaken by CorrelationID... by Learner Path Finder in Splunk Search 12-08-2020 0 1	0	1
Using regex to extract multiple values between tags The event contains a 'before' and 'after' list of permissions and users SIDs, I can get splunk to extract the entire ... by capilarity Path Finder in Splunk Search 12-08-2020 0 0	0	0
regex expression look behind issue I have the following string: "userEmail":"someString/ab-cde-fgh-2020.domain.com@DOMAIN.COM" ABC DEF, "userAddress"... by constantinetamp Observer in Splunk Search 12-08-2020 0 1	0	1
How can I split (delimit) and select only certain value? IP Field in IIS log is like below.100.30.24.56,+11.44.66.778,+120.33.44.15,12.567.89.666I want to get only the IP bef... by satheeshkumar55 Engager in Splunk Search 12-08-2020 0 2	0	2
Trick : alert even if no result Hello guys,found out we can set up triggered alert if "greater than or equal to 0", had to use additional stats comma... by splunkreal Motivator in Splunk Search 12-08-2020 0 0	0	0
I am not able to open a ticket from you submit ticket option its giving 404 support ticket I want to open but I am getting this, by shilpa155 Observer in Splunk Search 12-08-2020 0 0	0	0
Certain extracted fields not showing in Fields Sidebar on one SH, but is on another SH. Hello,I have a problem where fields are not showing on the Field Sidebar when i run a search against certain indexes/... by ezmo1982 Path Finder in Splunk Search 12-08-2020 0 4	0	4
Another Join Question - Searches With Matching sourcetype but Different index I have read through almost every Join label topic on the Splunk Community page and I don't seem to see one that fits ... by ArchieCrozier Path Finder in Splunk Search 12-08-2020 0 8	0	8
Execute a Search if the condition is met else not Hi Splunkers, I am writing on SPL in the report which has lookup. And if the lookup has less number of rows then over... by jugalkinariwala Explorer in Splunk Search 12-08-2020 0 0	0	0
How to compare two fields from two different index and display results with match or No-match? I am running 2 different Index and have to compare each value in field 1 from 1st index with the values in field2 fro... by rohitnaz007 Loves-to-Learn Lots in Splunk Search 12-07-2020 0 2	0	2