Splunk Search

Community Activity

Alert with 2 searches, that counts events and show logs only when both searches return data. Hi my aim is to create an alert that will perform first search and look for at least 10 similar events within last30 ... by siltechnix Engager in Splunk Search 11-29-2020 0 1	0	1
Geostat value from field instead of count of events I'm not able to visulize a list of values as I would.My input is a lookup with values of kindergardens, the location ... by skybert Engager in Splunk Search 11-27-2020 0 1	0	1
Extract part of JSON object with its child or nested attributes Hi All,Our data ingested into our Index are in proper JSON format & Splunk is converting into JSON object automatical... by imprabha1989 New Member in Splunk Search 11-27-2020 0 4	0	4
The maximum number of concurrent historical searches on this instance has been reached. 26/11/2020, 11:08:15 Hello, I am stuck, this error message keeps appearing, so I cannot run any searches, they just get queued up.It has r... by roderick001 Explorer in Splunk Search 11-27-2020 1 12	1	12
chart graph help Hello,I have data in a lookup file which i am appending everyday instead of indexing. Time Device Infra Average Tool1... by surekhasplunk Communicator in Splunk Search 11-27-2020 0 6	0	6
Comparing the 2 string fields Is there any function to find degree of similarity between 2 string I want to compare current incident short_descrip... by girishc Engager in Splunk Search 11-27-2020 0 0	0	0
Is it possible to find the most common value of a field per user? Hi, Is it possible to find out the most common value of field=A for every user? I would expect something like this,... by HeinzWaescher Motivator in Splunk Search 11-27-2020 0 3	0	3
Splunk search for 2 deferent log line from 2 deferent sources Hello ForumI am facing problem related with 2 lines search my logs has information like this1: data received 2: data... by bhatganapatik Loves-to-Learn in Splunk Search 11-27-2020 0 1	0	1
Calculate Average in same field I like to take sum the "count" where "Core Content" field's first 2 max values, Finally divide them by total count.... by nivethainspire_ Explorer in Splunk Search 11-27-2020 0 6	0	6
Calculating sum from 2 tstats Hi guys,I'm hoping for a bit of a help.My total_bytes and src_zone aren't populating. I tried few things at groupby s... by klaudiac Path Finder in Splunk Search 11-27-2020 1 2	1	2
Compare several fields from 2 indexes I have two indexes: INDEX1 and INDEX2. In these indexes have the same fields: FIELD1, FIELD2, FIELD3 but they can hav... by Luninho Explorer in Splunk Search 11-26-2020 0 3	0	3
How to compare values in fields from 2 indexes? I have 2 indexes: index1 and index2. I need to compare values in both indexes and show only differences in fields. In... by Luninho Explorer in Splunk Search 11-26-2020 0 1	0	1
help on a pie slice with drilldown HiI use the search below in order to display a pie chart and to change the label of each pie slice `CPU` \| fields ... by jip31 Motivator in Splunk Search 11-26-2020 0 11	0	11
How to group values using wildcard index=**** Name=GOKI\|stats count by SK SO This is the result that I get now. SK SO COUNT ... by gokikrishnan198 New Member in Splunk Search 11-26-2020 0 3	0	3
Conditional Macros Hi,In view of this answer it is not possible to put a macro in a yew, but is it still valid?https://community.splunk.... by Micka108 Engager in Splunk Search 11-26-2020 0 1	0	1
How to search inside file contents of uploaded events? Hoping someone can help, reasonably new to Splunk. I have a number of Splunk events that are uploaded small text file... by Maycockk Explorer in Splunk Search 11-26-2020 0 2	0	2
count by wildcard in field value Hi,I've following issue: Ive a dataset containing data likeOrder number = 12345Description = "AB: jdkjsd"planned_date... by Toby_r Loves-to-Learn in Splunk Search 11-26-2020 0 1	0	1
How do you calculate the difference between two date/time with seconds. I am trying to calculate difference between two dates including seconds. But i am unable to find any logs.Please help... by alexspunkshell Contributor in Splunk Search 11-26-2020 0 4	0	4
How to pass a variable as the output column name in the lookup command? Hello,Having trouble understanding lookups. Any help would be appreciated.If I have a table with ID and User columns... by ddelmont Explorer in Splunk Search 11-25-2020 0 3	0	3
Need some help on rex command - User agent Hi I have created the below rex command based on user agent using regular expression " regex101.com". The below rex c... by jaibalaraman Path Finder in Splunk Search 11-25-2020 1 10	1	10
Seeking help to create a dashboard for Antivirus alerts in splunk Hi community,Need your help..! is there any possibility that we can create a dashboard for AV related issues or notab... by mputtam Path Finder in Splunk Search 11-25-2020 0 0	0	0
way to use case insensitive fields - Not Value Mydata is like below where the customerNumber can come like CustomerNumber or customernumber or CUSTOMERNUMBERAND iso... by Shariq Explorer in Splunk Search 11-25-2020 1 3	1	3
Extract IP address from event log Hi!Need help with this please.I have to extract the IP address from this:src=45.141.87.33:53402:X19value 53402 and va... by seba333 Engager in Splunk Search 11-25-2020 1 1	1	1
Correlate events across Sources Hey all! I've seen similar Splunk Help answers similar to mine but I'm having some issues with getting it to work ex... by TooManyQuestion Explorer in Splunk Search 11-25-2020 0 1	0	1
Alternatives to mvexpand for decreasing memory usage Hello! I have some JSON events that each look something like this:{ "id": 12345, "steps": [ { "stepName... by arosenwinkel Observer in Splunk Search 11-25-2020 0 5	0	5