Splunk Search

Community Activity

	Extract JSON data using transforms Here is my sample log 2024-07-08T04:43:32.468537+00:00 dxx1-dbxxxs.xxx.net MSSQLSERVER[0] {"EventTime":"2024-07-08 0... by karthikm Loves-to-Learn Everything in Splunk Search 08-19-2024 0 2	0	2
	transaction command for same type of multiple events Hi, I have a scenario where I want to calculate the duration between 1st and last event. The thing is these events ca... by sunny_871 Observer in Splunk Search 08-19-2024 0 5	0	5
	How to round result of timechart avg()? I cannot figure out how to round the values presented on the timechart. My SPL: index=$radio_token$ host=$dropdown_... by mxanareckless Path Finder in Splunk Search 08-18-2024 0 7	0	7
	How to list content between two strings from RAW text? Here is the raw text - com.companyname.package: stringstart e-38049e11-72b7-4968-b575-ecaa86f54e02 stringend for some... by akapoor47 New Member in Splunk Search 08-18-2024 0 2	0	2
	Show all possible values Hello.I have a lot of events. Each event contains similar string \"errorDetail\":\"possible_value\" Please specify ho... by weird_guy Explorer in Splunk Search 08-18-2024 0 11	0	11
	What is difference between "deferred" and "continued" search I can see below status for the scheduled savedsearches.status="deferred"status="continued"What is the difference betw... by ankitarath2011 Path Finder in Splunk Search 08-18-2024 0 4	0	4
	How to extract all vault in a one _raw data ? Hi all: I'm a rookie user ask for help, I want to extract all vault in one _raw data(CLI command log as belo... by Juns Loves-to-Learn in Splunk Search 08-17-2024 0 1	0	1
	Exclude specific values from Eval case matches Hello, How can I get my eval case like to match all values except a specific value ? I have below values for a fie... by neerajs_81 Builder in Splunk Search 08-17-2024 0 2	0	2
	Need help with a Query I have a dataset to visualize my organization in Splunk. When I search for Org=CDO, I get all the direct reports unde... by satyaallaparthi Communicator in Splunk Search 08-16-2024 0 1	0	1
	Adding of value in splunk number string Hello Splunkers!!I want to achieve below results in Splunk. Please help me how to achieve this in SPL. Whenever the f... by uagraw01 Motivator in Splunk Search 08-16-2024 0 5	0	5
	Cisco ASA versus FTD parsing We have both Cisco ASA and FTD firewalls. The ASA is parsing fine where the appropriate fields are extracted. As fo... by FPERVIL Explorer in Splunk Search 08-16-2024 0 3	0	3
	How do you dynamically remove fields containing NULL value in a table? Hi, I have a table with dynamic fields, some of these fields contain no value or NULL, how do I remove these fields w... by RonWonkers Path Finder in Splunk Search 08-16-2024 0 3	0	3
	Query to search splunk data result into Postman Hello,I send a GET request to Postman as follows -curl -u <username> -k https://<url>.net:8089/services/jobs/export -... by MK3 Explorer in Splunk Search 08-16-2024 0 1	0	1
	Updating one Field in a lookup table Hello All, I'm having a task to measure the compliancy of Security solution onboarded on the SIEM, that means i have... by MoeTaher Observer in Splunk Search 08-16-2024 0 5	0	5
	How/Why am I am getting more events and less statistics for a last 24 hours period as compared to a last 4 hours window Hi all,index=sky sourcetype=sky_trade_wss_timestamp\| rex field=_raw "trade_id=\"(?<trade_id>\X+)\", event_id"\| rex fi... by wm Loves-to-Learn Everything in Splunk Search 08-16-2024 0 2	0	2
	Getting error ImportError: libssl.so.1.0.0: cannot open shared object file: No such file or directory we have recently upgraded from splunk 8.x to 9.x after which all python scripts are failing with ssl errors we have u... by deepthi5 Path Finder in Splunk Search 08-15-2024 0 2	0	2
	Splunk search query: monitoring between specified log lines and getting count Hi all!I would like to create a no_msg_wait_time column here.This is my existing splunk search query: index=index sou... by wm Loves-to-Learn Everything in Splunk Search 08-15-2024 0 9	0	9
	How to include arguments in search macros with non-alphanumeric values I have arguments for my macro that contain other values e.g. $env:user$ and $timepicker.earliest$/$timepicker.latest$... by cherrypick Path Finder in Splunk Search 08-15-2024 0 4	0	4
	How to trigger an alert when status field is true for more than 5 min no matter the amount of event I have search query, if the Status is field is true for more than 5 min, I need to trigger an alert no matter the Ev... by Cheng2Ready Communicator in Splunk Search 08-15-2024 0 3	0	3
	Count not showing up for events I am not seeing results for count on each of the fields for the 2 different searches below: The first one shows the... by kmm2 Path Finder in Splunk Search 08-15-2024 0 5	0	5
	HOWTO monitor previous 2 log lines from a specific log line and calculate time difference? This is my current search queryindex=abc sourcetype = example_sourcetype \| transaction startswith="Saved messages to ... by wm Loves-to-Learn Everything in Splunk Search 08-15-2024 0 3	0	3
	inputlookup I have a csv with ip addresses. I would like to conduct a search for addresses that are NOT listed in that csv. I wa... by timgmanCORP Observer in Splunk Search 08-14-2024 0 2	0	2
	Time Stamp Help! Hello, I have time stamps that are not matching. How do I table the actual "Event log time stamp" ? Splunk Time stamp... by kc_prane Communicator in Splunk Search 08-14-2024 0 5	0	5
	Search multiple hosts with one search string How would I search multiple hosts with one search string? I have 6 hosts and want the results for all: Search Strin... by Xe03kfp Path Finder in Splunk Search 08-14-2024 0 10	0	10
	search for who modified system settings in splunk cloud Is there a way to see who modified system settings in Splunk Cloud? For example we recently had an issue where an Sp... by jay_cambra Observer in Splunk Search 08-14-2024 0 1	0	1