Splunk Search

Community Activity

Display EventCount for specific index. Want to count all events from specific indexes say abc, pqr and xyz only for span of 1h using tstatsand present it in... by shinde0509 Explorer in Splunk Search 11-24-2020 0 5	0	5
Mask the last 4 digits of a number which is 8 digits longer Hello!I am struggling to mask the last 4 digits of my numbers. \| rex field=FIELD_XY mode=sed "s/[0-9#]{3}$/###/g" Wit... by VipeRafajzat Explorer in Splunk Search 11-24-2020 0 4	0	4
How to convert epoch time to human readable format in the splunk query Could someone please help me convert epoch time to human readable time?"Date":1605030538646 by Supriya Path Finder in Splunk Search 11-24-2020 0 8	0	8
Search 2 tables with limited characters Hi All, I would like to search for a specific 7 character length of data from 2 tables. Within these 2 tables I have ... by VipeRafajzat Explorer in Splunk Search 11-24-2020 0 2	0	2
How union 2 dbxquery from 2 different tables I have 2 searches:1) \|dbxquery query="select member, gate, port from fo.member connection=fo_member"2) \|dbxquery quer... by Luninho Explorer in Splunk Search 11-24-2020 0 1	0	1
How to search suspicious user-agent in web request logs? I put web request logs into Splunk. I did a lookup csv file that included suspicious user-agents characters like belo... by j0hnn1ck Loves-to-Learn in Splunk Search 11-23-2020 0 4	0	4
how can I search not IN as I was working on a solution building for not including multiple parameters. ..........NOT[search logLevel IN (DEBUG,INFO)]........... it is not giving desired results. how can I search not IN a... by Santoshku10 New Member in Splunk Search 11-23-2020 0 1	0	1
Data Model Acceleration TSTATS where clause NOT working The following SPL is returning multiple values for nmds_adapter_survey.iccid when the where clause is set to a value.... by simpkins1958 Contributor in Splunk Search 11-23-2020 2 1	2	1
Does outputlookup append or overwrite? Does the outputlookup command overwrite or append to the existing specified lookup file? The documentation does not ... by hulahoop Splunk Employee in Splunk Search 11-22-2020 7 8	7	8
How do you append new results in a lookup file? I have a lookup table that runs every month of previous successful logins. For example: Account_Name, Host alpha, c... by chanthongphiob Path Finder in Splunk Search 11-22-2020 1 3	1	3
Finding the HeavyForwarder hosts from _internal logs Hi, I have a task where I have to find all of the Heavy Forwarders that are currenly connected and sending the log d... by santosh_hb Explorer in Splunk Search 11-22-2020 0 4	0	4
Which user is running search ? Hi All, I have a requirement I wanted to check which user is running a search. I need help in SPL query to get user a... by maitrifer Engager in Splunk Search 11-22-2020 0 2	0	2
Parsing double nested JSON Hello,So I am having some trouble parsing this json file to pull out the nested contents of the 'licenses'. My curre... by sammagana Loves-to-Learn in Splunk Search 11-21-2020 0 6	0	6
replace string (using map/object) hello,is there anyway to define a map / object. IE { '123': 'something', '1234', 'anotherThing' } and then replace s... by posix Observer in Splunk Search 11-21-2020 0 3	0	3
Extract substring with mutiple [ in a string I have a String is in the pattern:[substring1][substring2][substring3] Spark App State changed to FAILED. Total time ... by rreddy Observer in Splunk Search 11-21-2020 0 1	0	1
Pass JSON or XML as parameters to custom Python script via Splunk REST API Hey guys, How to Pass JSON or XML as parameters to custom Python script via Splunk REST API ? Example: I use REST A... by highsplunker Contributor in Splunk Search 11-21-2020 0 5	0	5
How to modify x-axis labels to show bin centers? I am trying to create a histogram plot, but I want to make the x-axis labels more readable. How do I go about doing t... by rtakatsuka Engager in Splunk Search 11-20-2020 1 2	1	2
How to make a timechart by shift? Hi all, I am trying to create a timechart that divides the data by 12 hour shifts. I have\| timechart span = 12h (fol... by topperud Engager in Splunk Search 11-20-2020 0 2	0	2
Can an already indexed field be hid globally since it can't be removed? for GDPR compliance I need to modify a ClientIP field that is already indexed (4+ year so far) and wipe it.Was thinki... by matiasruiz Engager in Splunk Search 11-20-2020 0 4	0	4
Splunk search for field values in multiple sources There are two sourcetypes , sourcetype=A sourcetype=B and we have extracted a field "login" in both sourcetypes 1. ... by infotork Explorer in Splunk Search 11-20-2020 0 1	0	1
Limiting a query to 'known good' values plus 'others' I have a query similar to the following which we are using to capture information about email traffic between certain... by gavinsopra Engager in Splunk Search 11-20-2020 0 6	0	6
Need help with Splunk query to merge subsearch with main search Hi,I am trying to craft a query that will look for Windows devices that have been rebooted and then have accessed a c... by Anon4Now Loves-to-Learn Lots in Splunk Search 11-20-2020 0 1	0	1
How to skip the part of Search Query based on a Condition My requirement is just to skip few lines of SPL query if a certain condition is met. Or some kind of If-Else for runn... by potnuru Path Finder in Splunk Search 11-20-2020 0 12	0	12
Using another index and replace the missing values in the current index data. I have a index say index1 having Air Details and ServerName of which some Air is missing for some serverNames.I have ... by veerendra_modi Loves-to-Learn in Splunk Search 11-20-2020 0 1	0	1
Support for LogEntries KVP format? Splunk would not automatically extract fields from my application log files that have Key-Value Pairs (KVP) delimited... by RamG New Member in Splunk Search 11-20-2020 0 1	0	1