Splunk Search

Community Activity

Populating non-existent values where multiple timestamp comparisons exist. We have the following SPL query which generates statuses (i.e. "Success", "Failure", "Warn") for various different "s... by adnankhan5133 Communicator in Splunk Search 08-18-2020 0 6	0	6
Key value field extraction from Cisco devices Hi there,digging deeper into the REST API and XML parsing. When running an XML status command on our Ironport I get t... by marcluescher Explorer in Splunk Search 08-18-2020 0 1	0	1
Checking when a field value has changed Hi team, I have a highly simplified set of log entries similar to the sample data below: \|makeresults \|eval dummy="... by rleyba828 Explorer in Splunk Search 08-18-2020 0 4	0	4
xyseries drops result with duplicate timestamp I have this data_timeEventCodeMessage2020-06-16T19:48:53+00:004136Too late now2020-06-16T19:49:53+00:001234I don't kn... by lstewart_splunk Splunk Employee in Splunk Search 08-18-2020 0 3	0	3
If / Then Conditional. Heres what i'm trying to accomplish: requestID status123456 errored321654 ... by codichulo Loves-to-Learn in Splunk Search 08-18-2020 0 3	0	3
What exactly does dedup_splitvals do? Hi,I can't grasp the concept of dedup_splitvals. I was writing search for a pie chart on my dashboard, something like... by vrulev_algn Loves-to-Learn in Splunk Search 08-18-2020 0 0	0	0
How to reformat search results? Helloi got result like below from the splunk queryABC123DEF456GHI789But i want to show like belowABCDEFGHI by vinod0313 Explorer in Splunk Search 08-18-2020 0 3	0	3
Add certain feilds to an existing query to filter the count Below is my existing query :i want to add ceratin common feilds with different value for the respective indexes .How ... by bapun18 Communicator in Splunk Search 08-18-2020 0 2	0	2
Splunk HelloI have a log like this:ABC=true,DEF=false,GHI=false,JKL=trueI want to show only ABC and JKL in the result,becaus... by vinod0313 Explorer in Splunk Search 08-18-2020 0 3	0	3
Multivalued field extraction This is the search i am using to extract key/value from the field "RID" with multivalued "DEF"\| rex max_match=0 fiel... by Abhi89 New Member in Splunk Search 08-18-2020 0 2	0	2
Using blacklist on Windows TA and XML events Hi, ive successfully blacklisted the windows event 4658 with this line_blacklist2 = $XmlRegex="<EventID>4658<\/EventI... by dieguiariel Path Finder in Splunk Search 08-18-2020 0 3	0	3
Enabling 'Insecure Login' within web.conf Hi guys,I'd like to be able to allow 'insecure' logins for my dashboards to be used with an internal signage solution... by driva Path Finder in Splunk Search 08-18-2020 0 2	0	2
Spath field extract with period Hi All,I am trying to extract fields using spath command. I noticed that fields with period in it cannot be extracted... by mpaw Explorer in Splunk Search 08-17-2020 0 4	0	4
Dynamic Search Query Based on Field Value I'm trying to create a search that always looks for the responses from the latest version of my app. The `version` fi... by normand1 Engager in Splunk Search 08-17-2020 0 2	0	2
Is there any online regex tool to create regular expressions for given sample data ? Is there any online regex tool to create regular expressions for given sample data ? by splunker12er Motivator in Splunk Search 08-17-2020 2 11	2	11
How to a merge value and a field name from two multi value fields? Hello, I have a Field with Oracle SQL_BIND and a second field with the SQL_TEXT, the SQL_BIND contains the values wh... by hugohctint Loves-to-Learn Lots in Splunk Search 08-17-2020 0 9	0	9
How do I convert a timestamp from one timezone to another (inline)? I have an issue where logs contain timestamps in zulu and the server uses local time for its index. I need to calcul... by weidertc Contributor in Splunk Search 08-17-2020 0 13	0	13
Retain columns in lookup table but not creating duplicates I have a saved search which runs every month and looks at my vulnerability events and outputs the results into a look... by tromero3 Path Finder in Splunk Search 08-17-2020 0 4	0	4
Extracting data from a search table Hello,I have a raw data file from which I am trying to extract data and create a dashboard out of it. From this raw f... by ssaini5 Explorer in Splunk Search 08-17-2020 0 1	0	1
Custom Cell Renderer intermittently working. Hello I have noticed that in some of my dashboards, especially the more complicated ones with multiple sub searches t... by skahal_personal New Member in Splunk Search 08-17-2020 0 0	0	0
Regex Expression to find errors not matching Can someone show me what the regex expression for the below extract would be? & can you show me how you arrived to th... by sphiwee Contributor in Splunk Search 08-17-2020 0 5	0	5
Splunk query to edit lookup file Hi Guys,I have a .csv lookup file that maintain the 'inactive' accounts list. can anyone help me with a query to remo... by sahilarora Loves-to-Learn in Splunk Search 08-17-2020 0 1	0	1
Earliest not working in queries, though does work in time picker. Hey, I am using splunk 6.x and on another system splunk 8.x with similar data backends. when I do a search for:index... by Abraham1234 Loves-to-Learn Lots in Splunk Search 08-17-2020 0 2	0	2
Data file I have a data file , this source file does not contain any data on most days .. Its a valid scenario only . But since... by suraj44 Engager in Splunk Search 08-17-2020 0 2	0	2
How to find if a particular index is being used? Hi,In order to remove an index, how can we be sure that the index is not getting used?What should we check before rem... by anil15694 Explorer in Splunk Search 08-17-2020 0 2	0	2