Splunk Search

Community Activity

How to line up 2 reports Hello Splunk Community,I have 2 reports trying to combine into 1. The fields are different to each other. Say Report ... by iamsplunker Communicator in Splunk Search 10-29-2020 0 3	0	3
Is there a way to do a NOT IN search something like; [search index= myindex source=server.log earliest=-360 latest=-60 " by riotto Path Finder in Splunk Search 10-29-2020 0 10	0	10
How to pass a field value from one search to another search? Hi All,I'm extremely new to Splunk and have been tasked to do the following:Perform a query against one host (Server1... by hillsw19 Explorer in Splunk Search 10-29-2020 1 4	1	4
WinEventLog input xmlRegex modifier -- When did THIS become available? I've been on the struggle bus with WinEventLog blacklist entries this week and stumbled upon the new xmlRegex modifie... by dstaulcu Builder in Splunk Search 10-29-2020 0 2	0	2
Splunk Alert Create alert based on count over past time frame Hi Splunk Community I need some assistance with a Splunk alert, the search result provides exactly what I require but... by Pmeiring Explorer in Splunk Search 10-29-2020 0 1	0	1
How show 0 when not result I need show any value in every minute, but I only get value > 0Search:\| tstats count WHERE index=XXXXX C_TXN_A IN (1,... by Luninho Explorer in Splunk Search 10-29-2020 0 2	0	2
How to set a backup TCPOUT group in Outputsconf Hi,From my understanding, the param `defaultGroup` under the stanza `[tcpout]` in `outputs.conf` can be set to a comm... by morethanyell Builder in Splunk Search 10-29-2020 0 5	0	5
need help in order to compare 2 columns and display one related field Hi, I'm Alex from Franceas almost everyone here, I need some splunk guru ^^fields computer and user are in index1, co... by maz38 New Member in Splunk Search 10-29-2020 0 7	0	7
Join two indexes based on substring match Hi,I am struggling with joining two indexes based on substring match.I have following indexes :index1 :having followi... by ved08514 Explorer in Splunk Search 10-29-2020 0 11	0	11
How to use events only from 'active' host? I have 2 different data set:1. host and prevStatus field with IDLE value2. server (same values as host) and server st... by JykkeDaMan Path Finder in Splunk Search 10-29-2020 1 1	1	1
Join by time range Hi all, Possible to join 2 search results like following? Set 1:_time field1field2field3 (common field) Set 2:_time ... by stwong Communicator in Splunk Search 10-29-2020 0 3	0	3
If I use more than 6 times append command in query the Chart command shows incorrect result I ran the below query,index=s sourcetype=S_1 \| search Gene="dow" OR Gene="x" OR Gene="ari" OR Gene="lia" OR Gene="SX"... by nivethainspire_ Explorer in Splunk Search 10-29-2020 0 4	0	4
Regex replace field text Hello everyone,I was wondering if this kind of search is possible. I want to replace the text from my search which lo... by g_paternicola Path Finder in Splunk Search 10-29-2020 0 4	0	4
ML query to detect categorial outlier per field per day comparing with other day statistics Hello All,I am trying to find categorial outlier for all the emails sent from our environment with respect to its cou... by Janani_Krish Path Finder in Splunk Search 10-29-2020 0 0	0	0
Missing calculated field Hi,In the logs being ingested Splunk isn't automatically pulling out the action field, so I'm trying to create one fo... by ebs Communicator in Splunk Search 10-28-2020 1 5	1	5
search strptime function using %Z and tz database time zones Greetings,Quoting fromhttps://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Commontimeformatvariables, ... by kscher Path Finder in Splunk Search 10-28-2020 0 2	0	2
Create new field based off combination of 2 so I have some data that comes in via a TCP input. I want to quickly run a specific search but it requires me to have... by jachockey012 Explorer in Splunk Search 10-28-2020 1 7	1	7
Interesting fields/values , MLTK, etc Hi All,I got a bunch of logs, from which I would like get some business values. Using with or without MLTK. I would l... by inventsekar SplunkTrust in Splunk Search 10-28-2020 0 3	0	3
Add comments to search code inside search field Hello everybody, using Splunk 8.1.0 and relaterd to https://docs.splunk.com/Documentation/Splunk/8.1.0/Search/Parsing... by sergeblr Explorer in Splunk Search 10-28-2020 1 6	1	6
Splunk more than one mvcount or if statement in mvcount Hi Community, I'm trying to optimize an existing query to only return values only if a condition is met. The existing... by Pmeiring Explorer in Splunk Search 10-28-2020 1 2	1	2
How to return first 2 events in a httpSession? Hi team,I have below sample raw data in splunk: Spoiler2020-10-27 06:43:56.351 action=view_page httpSessionID = 11202... by cheriemilk Path Finder in Splunk Search 10-27-2020 0 4	0	4
Response time, error count, transaction per second in one graph I would like to get response time(95 percentile), error count and transaction per second in one graph timechart. This... by jaango123 Engager in Splunk Search 10-27-2020 0 0	0	0
How could I optimize distributed replication of large lookup tables Say I have a distributed environment with 1 search head and 4 indexers. On the search head, I am updating a lookup ta... by Dan Splunk Employee in Splunk Search 10-27-2020 2 5	2	5
Multiple 'Where' conditions Hi I have the below query.But its output is "no results found".I dont know what mistake am I making.Please help index... by sweety1309 Explorer in Splunk Search 10-27-2020 1 7	1	7
Creating a line graph based on two different medians I have a table below in splunk. I'm trying the create a line graph which would graph four lines. The X axis would be ... by wajeeh911 Engager in Splunk Search 10-27-2020 0 1	0	1