Splunk Search

Community Activity

Link to Oldest ServiceNow Incident in Splunk Alert Email Hi All!When we choose to send an email as an alert action in Splunk, is there a way for Splunk to take the oldest Ser... by michaelsplunk1 Path Finder in Splunk Search 10-27-2020 0 3	0	3
Splunk ServiceNow Integration "snowincident" Command Hi Everyone!Does the "snowincident" command always create an incident upon being called? I want to use this in an ale... by michaelsplunk1 Path Finder in Splunk Search 10-27-2020 0 0	0	0
match between field with delimited num values and a number field Hello, am trying to run a query like below: basequery \| where match(stringFieldConsistingOfNumsDelimitedBy#, numField... by praveenvvn Explorer in Splunk Search 10-27-2020 1 10	1	10
Unable to get data on statistics using stats Hi , I am trying to run a splunk query and i am able to generate the required filed . however i am facing difficultie... by vplunk Explorer in Splunk Search 10-27-2020 0 0	0	0
Stats with Join I have set of hosts that are installed with different versions of software but logging to the same index, and I need ... by doppiolover Loves-to-Learn Lots in Splunk Search 10-27-2020 0 2	0	2
Multiple field values combined into two different fields Hello SplunkersI have the following field: MessageThe Message fields have the following values: 1,2,3,4,5,6,7,8,9,10... by jason_hotchkiss Communicator in Splunk Search 10-27-2020 0 1	0	1
replacing values with "***" I have a field "users" that spits out the result "*" I want to replace the *** with an IP address its actually ... by hurryupfool123 Explorer in Splunk Search 10-27-2020 0 2	0	2
view default index How can I view the default index of a user?In other words, if user runs a search within splunk search app and does no... by trojan_81 Path Finder in Splunk Search 10-27-2020 0 2	0	2
How to extract values of a particular field for a json event. I have an event which is in json and it has a repeating field say "message"Example:{<!-- -->"Message":[{<!-- -->"message":"xyz987"},{<!-- -->... by tsm0099 Explorer in Splunk Search 10-27-2020 0 2	0	2
How to find all alerts with a specific alert action? I'm trying to find all the saved alerts that have a certain action. I've found this search:\|rest/servicesNS/-/-/saved... by TylerJVitale Explorer in Splunk Search 10-27-2020 0 0	0	0
Merging 2 stats from one search query Hi guys, This little (?) thing's has been wrecking my head all weekend. I'm trying to merge 2 stats commands, or some... by klaudiac Path Finder in Splunk Search 10-27-2020 0 1	0	1
How to extract json values I have an event in json which has key pairs like:{<!-- -->"timestamp": 157281937,"message":"abc\xyz\pqr\efg",} I have to crea... by tsm0099 Explorer in Splunk Search 10-27-2020 0 6	0	6
Jenkins JSON test results into table by build I'm wondering if the following table structure is possible (without custom JS).Raw events are from Jenkins plugin. Be... by JykkeDaMan Path Finder in Splunk Search 10-27-2020 0 10	0	10
[Need Help] how to reverse the time scale and corresponding count in x axis from timechart. Hi team,I have below query index=*bizx_application AND sourcetype=perf_log_bizx AND AutoSaveForm OR SaveFormV2 OR Sav... by cheriemilk Path Finder in Splunk Search 10-26-2020 0 7	0	7
Rename the existing Correlation search? Hi Splunkers, Whats the best way to rename the existing correlation search.? by renjujacob88 Path Finder in Splunk Search 10-26-2020 1 4	1	4
Joining data from multiple events with stats Hoping someone can help me to join data in the same index across multiple events. Here is the event dataindexevent_ty... by mike_nau Engager in Splunk Search 10-26-2020 1 3	1	3
Getting a comma separate string from values function within stats command When I extract the list of values of a field in stats command, the values appear in separate lines making the output ... by ramesh Engager in Splunk Search 10-26-2020 3 7	3	7
Error extracting username when using the \| rex field= statement I have a user field where the name may or may not be prefixed with DOMAIN\ as shown below:DOMAIN\CWIX-USER-SC-4a.rose... by cantrellr New Member in Splunk Search 10-26-2020 0 2	0	2
Combine 3 queries using a common field Hi I have 3 queries as below and all 3 of them have a common field "loaderId". I used join to combine their results ... by vinoths_82 Explorer in Splunk Search 10-26-2020 1 3	1	3
Searching local directories I am trying to add and search data directly from my local file directory in splunk. I went to setting > data inputs >... by jjriver2 New Member in Splunk Search 10-26-2020 0 2	0	2
How to extract value from a string Hi everyoneI need to extract value from a string before a specific character "_X" Where X is any integerPlease note o... by Emily12 Explorer in Splunk Search 10-26-2020 0 2	0	2
Subsearching within time frame Hi everyone,I'm new to Splunk. I've got this search query:host="..." earliest=-30d latest=now \| stats distinct_count(... by barakb Engager in Splunk Search 10-26-2020 0 3	0	3
Lookup table for search exclusions using a combination of multiple fields I have an alert to discover logins from accounts on servers and workstations. Some of these logins are normal and so ... by geoffmoraes Path Finder in Splunk Search 10-26-2020 0 3	0	3
How to i match the latest date value in lookup file? Hi,I am a newbie to SPL and would like some help.I want to find the latest date field in my lookup file file.My test.... by hvdtol Path Finder in Splunk Search 10-26-2020 0 4	0	4
escape backslash in dynamic search hi there,i created a dashbord with drilldown values with backslash.how can i escape those backslash to ged values in ... by LiorG Engager in Splunk Search 10-26-2020 1 3	1	3