Splunk Search

Community Activity

main search \| where not IN [subsearch] not working HelloI have similar situation where I have 2 sources of data and in data I get filenames processed but filenaming con... by marshad Explorer in Splunk Search 11-24-2020 0 3	0	3
How can i change my dashboard from English language to Japanese ? Can i change my dashboard to appear in Japanese language, it tried changing en_US to ja-JP in URL that change the de... by yogeshpunia05 Explorer in Splunk Search 11-24-2020 0 2	0	2
Can't use "Where IN ([subsearch])" Hello, I'd like to match the result of my main search with a list of values extracted from a CSV. So at the end of m... by pleymort Explorer in Splunk Search 11-24-2020 0 5	0	5
Discrepancy between Fundamentals PDF and Module 5 Video Regarding Timeline Search The Splunk Fundamentals Part 1, Module 5 "Using Search" video says that both selecting and zooming into the timeline ... by superkara Engager in Splunk Search 11-24-2020 0 1	0	1
success vs failed graph Hi, Below is the information from one of my logs. "Information","ajp-nio-127.0.0.1-8016-exec-642","11/24/20","13:30:1... by muzeebm Explorer in Splunk Search 11-24-2020 0 2	0	2
Display EventCount for specific index. Want to count all events from specific indexes say abc, pqr and xyz only for span of 1h using tstatsand present it in... by shinde0509 Explorer in Splunk Search 11-24-2020 0 5	0	5
Mask the last 4 digits of a number which is 8 digits longer Hello!I am struggling to mask the last 4 digits of my numbers. \| rex field=FIELD_XY mode=sed "s/[0-9#]{3}$/###/g" Wit... by VipeRafajzat Explorer in Splunk Search 11-24-2020 0 4	0	4
How to convert epoch time to human readable format in the splunk query Could someone please help me convert epoch time to human readable time?"Date":1605030538646 by Supriya Path Finder in Splunk Search 11-24-2020 0 8	0	8
Search 2 tables with limited characters Hi All, I would like to search for a specific 7 character length of data from 2 tables. Within these 2 tables I have ... by VipeRafajzat Explorer in Splunk Search 11-24-2020 0 2	0	2
How union 2 dbxquery from 2 different tables I have 2 searches:1) \|dbxquery query="select member, gate, port from fo.member connection=fo_member"2) \|dbxquery quer... by Luninho Explorer in Splunk Search 11-24-2020 0 1	0	1
How to search suspicious user-agent in web request logs? I put web request logs into Splunk. I did a lookup csv file that included suspicious user-agents characters like belo... by j0hnn1ck Loves-to-Learn in Splunk Search 11-23-2020 0 4	0	4
how can I search not IN as I was working on a solution building for not including multiple parameters. ..........NOT[search logLevel IN (DEBUG,INFO)]........... it is not giving desired results. how can I search not IN a... by Santoshku10 New Member in Splunk Search 11-23-2020 0 1	0	1
Data Model Acceleration TSTATS where clause NOT working The following SPL is returning multiple values for nmds_adapter_survey.iccid when the where clause is set to a value.... by simpkins1958 Contributor in Splunk Search 11-23-2020 2 1	2	1
Does outputlookup append or overwrite? Does the outputlookup command overwrite or append to the existing specified lookup file? The documentation does not ... by hulahoop Splunk Employee in Splunk Search 11-22-2020 7 8	7	8
How do you append new results in a lookup file? I have a lookup table that runs every month of previous successful logins. For example: Account_Name, Host alpha, c... by chanthongphiob Path Finder in Splunk Search 11-22-2020 1 3	1	3
Finding the HeavyForwarder hosts from _internal logs Hi, I have a task where I have to find all of the Heavy Forwarders that are currenly connected and sending the log d... by santosh_hb Explorer in Splunk Search 11-22-2020 0 4	0	4
Which user is running search ? Hi All, I have a requirement I wanted to check which user is running a search. I need help in SPL query to get user a... by maitrifer Engager in Splunk Search 11-22-2020 0 2	0	2
Parsing double nested JSON Hello,So I am having some trouble parsing this json file to pull out the nested contents of the 'licenses'. My curre... by sammagana Loves-to-Learn in Splunk Search 11-21-2020 0 6	0	6
replace string (using map/object) hello,is there anyway to define a map / object. IE { '123': 'something', '1234', 'anotherThing' } and then replace s... by posix Observer in Splunk Search 11-21-2020 0 3	0	3
Extract substring with mutiple [ in a string I have a String is in the pattern:[substring1][substring2][substring3] Spark App State changed to FAILED. Total time ... by rreddy Observer in Splunk Search 11-21-2020 0 1	0	1
Pass JSON or XML as parameters to custom Python script via Splunk REST API Hey guys, How to Pass JSON or XML as parameters to custom Python script via Splunk REST API ? Example: I use REST A... by highsplunker Contributor in Splunk Search 11-21-2020 0 5	0	5
How to modify x-axis labels to show bin centers? I am trying to create a histogram plot, but I want to make the x-axis labels more readable. How do I go about doing t... by rtakatsuka Engager in Splunk Search 11-20-2020 1 2	1	2
How to make a timechart by shift? Hi all, I am trying to create a timechart that divides the data by 12 hour shifts. I have\| timechart span = 12h (fol... by topperud Engager in Splunk Search 11-20-2020 0 2	0	2
Can an already indexed field be hid globally since it can't be removed? for GDPR compliance I need to modify a ClientIP field that is already indexed (4+ year so far) and wipe it.Was thinki... by matiasruiz Engager in Splunk Search 11-20-2020 0 4	0	4
Splunk search for field values in multiple sources There are two sourcetypes , sourcetype=A sourcetype=B and we have extracted a field "login" in both sourcetypes 1. ... by infotork Explorer in Splunk Search 11-20-2020 0 1	0	1