Splunk Search

Community Activity

	Summarize data per month Hi, I am trying to get a list off all users that hit our AI rule and see if this increase or decrease over the timesp... by JandrevdM Path Finder in Splunk Search 08-20-2024 0 4	0	4
	Create index based on filtering field values Hi, Let's say I have sample data below all being ingested to index="characters". How do I create two separate sub-ind... by cherrypick Path Finder in Splunk Search 08-20-2024 0 11	0	11
	Splunk Search of a JSON array event provides incorrect field values and count. We have a huge json array event, when I search for that event, search results shows a few missing values for a field.... by kk1231 Loves-to-Learn in Splunk Search 08-19-2024 0 7	0	7
	Splunk extraction help! Hello , I have a transaction which is coming as multievent. i can use the "\| transaction" command to club as one eve... by kc_prane Communicator in Splunk Search 08-19-2024 0 5	0	5
	Looking at yesterdays data but need to filter the data to only show the time used in the time picker I've got a data set which collects data everyday but for my graph I'd like to compare the time selected to the same d... by nelesama Explorer in Splunk Search 08-19-2024 0 6	0	6
	How do I substract the results of two different searches including sseabalytics ? Im trying to substract the total number i have of alerts that send and email from the total amount of alerts that a... by AcePilot Engager in Splunk Search 08-19-2024 0 3	0	3
	collect Aruba SNMP and quotes I want to manually add an event to an index, using collect seems to be the most straight forward method. I am asking ... by Seawheels51 Path Finder in Splunk Search 08-19-2024 0 5	0	5
	Missing data UF Hello everyone,I installed and configured the Splunk Forwarder on a machine. While the logs are being forwarded to Sp... by BRFZ Communicator in Splunk Search 08-19-2024 0 7	0	7
	Extract JSON data using transforms Here is my sample log 2024-07-08T04:43:32.468537+00:00 dxx1-dbxxxs.xxx.net MSSQLSERVER[0] {"EventTime":"2024-07-08 0... by karthikm Loves-to-Learn Everything in Splunk Search 08-19-2024 0 2	0	2
	transaction command for same type of multiple events Hi, I have a scenario where I want to calculate the duration between 1st and last event. The thing is these events ca... by sunny_871 Observer in Splunk Search 08-19-2024 0 5	0	5
	How to round result of timechart avg()? I cannot figure out how to round the values presented on the timechart. My SPL: index=$radio_token$ host=$dropdown_... by mxanareckless Path Finder in Splunk Search 08-18-2024 0 7	0	7
	How to list content between two strings from RAW text? Here is the raw text - com.companyname.package: stringstart e-38049e11-72b7-4968-b575-ecaa86f54e02 stringend for some... by akapoor47 New Member in Splunk Search 08-18-2024 0 2	0	2
	Show all possible values Hello.I have a lot of events. Each event contains similar string \"errorDetail\":\"possible_value\" Please specify ho... by weird_guy Explorer in Splunk Search 08-18-2024 0 11	0	11
	What is difference between "deferred" and "continued" search I can see below status for the scheduled savedsearches.status="deferred"status="continued"What is the difference betw... by ankitarath2011 Path Finder in Splunk Search 08-18-2024 0 4	0	4
	How to extract all vault in a one _raw data ? Hi all: I'm a rookie user ask for help, I want to extract all vault in one _raw data(CLI command log as belo... by Juns Loves-to-Learn in Splunk Search 08-17-2024 0 1	0	1
	Exclude specific values from Eval case matches Hello, How can I get my eval case like to match all values except a specific value ? I have below values for a fie... by neerajs_81 Builder in Splunk Search 08-17-2024 0 2	0	2
	Need help with a Query I have a dataset to visualize my organization in Splunk. When I search for Org=CDO, I get all the direct reports unde... by satyaallaparthi Communicator in Splunk Search 08-16-2024 0 1	0	1
	Adding of value in splunk number string Hello Splunkers!!I want to achieve below results in Splunk. Please help me how to achieve this in SPL. Whenever the f... by uagraw01 Motivator in Splunk Search 08-16-2024 0 5	0	5
	Cisco ASA versus FTD parsing We have both Cisco ASA and FTD firewalls. The ASA is parsing fine where the appropriate fields are extracted. As fo... by FPERVIL Explorer in Splunk Search 08-16-2024 0 3	0	3
	How do you dynamically remove fields containing NULL value in a table? Hi, I have a table with dynamic fields, some of these fields contain no value or NULL, how do I remove these fields w... by RonWonkers Path Finder in Splunk Search 08-16-2024 0 3	0	3
	Query to search splunk data result into Postman Hello,I send a GET request to Postman as follows -curl -u <username> -k https://<url>.net:8089/services/jobs/export -... by MK3 Explorer in Splunk Search 08-16-2024 0 1	0	1
	Updating one Field in a lookup table Hello All, I'm having a task to measure the compliancy of Security solution onboarded on the SIEM, that means i have... by MoeTaher Observer in Splunk Search 08-16-2024 0 5	0	5
	How/Why am I am getting more events and less statistics for a last 24 hours period as compared to a last 4 hours window Hi all,index=sky sourcetype=sky_trade_wss_timestamp\| rex field=_raw "trade_id=\"(?<trade_id>\X+)\", event_id"\| rex fi... by wm Loves-to-Learn Everything in Splunk Search 08-16-2024 0 2	0	2
	Getting error ImportError: libssl.so.1.0.0: cannot open shared object file: No such file or directory we have recently upgraded from splunk 8.x to 9.x after which all python scripts are failing with ssl errors we have u... by deepthi5 Path Finder in Splunk Search 08-15-2024 0 2	0	2
	Splunk search query: monitoring between specified log lines and getting count Hi all!I would like to create a no_msg_wait_time column here.This is my existing splunk search query: index=index sou... by wm Loves-to-Learn Everything in Splunk Search 08-15-2024 0 9	0	9