Splunk Search

Community Activity

Get first and last event by ID Is there an easy way to get the first and last event by a unique ID?"transaction" seems to be the way to go but I hav... by benhooper Communicator in Splunk Search 08-14-2020 0 3	0	3
How to only display fields with values in a table I'm interested in doing a search for a number of fields and displaying the output in a \| table ... of only the fields... by alecl Explorer in Splunk Search 08-14-2020 3 15	3	15
How to put found and not found results of search in two different lists Hi,I have the following search and sub-search:index=someindex source=somesource \| search [search index=otherindex sou... by pitmod Explorer in Splunk Search 08-14-2020 0 4	0	4
compare two multivalue fields to get unique values in a third field I have 2 multivalue collumns like below,giving two rows for example:Collumn 1 collumn 2A ... by architkhanna Path Finder in Splunk Search 08-14-2020 0 4	0	4
How do you compare values in two columns created using two different searches and then keep only uncommon values in a separate table(field)? I want search to check values one by one from "table A" and parallel match with values in "table B" . If any value fr... by ashikuma Explorer in Splunk Search 08-13-2020 0 7	0	7
Measure Memory Available_Bytes using sai_metrics_indexes but within a time range Hello,Trying to know, if it is possible to measure Memory Available using the sai_metrics_indexes. More details of th... by subhrangshu Explorer in Splunk Search 08-13-2020 0 0	0	0
How to calculate the number of times a value appear in a multi value field? Hi All,Is there a way we can calculate the number of times a value appear in a multi value field into a separate fiel... by architkhanna Path Finder in Splunk Search 08-13-2020 0 1	0	1
Extract one word Hello, How can I extract debitsksvrvru7 from this query:sndb(1p_debitsksvrvru/-363877568/localhost_debitsksvrvru7)pas... by edfigue Engager in Splunk Search 08-13-2020 0 2	0	2
search on aggregation These are two question that that i need to solve. Memory loss by time since boot aggregated across entire populatio... by sanjeev Explorer in Splunk Search 08-13-2020 0 0	0	0
Only want most recent ticket - dedup? Hey Everyone,Everyday Splunk is ingesting a csv of information, and we are doing charts to show when/how they changed... by Username1 Path Finder in Splunk Search 08-13-2020 0 1	0	1
Is there a way to populate missing/non-existent values? My Splunk query, which I included below, generates a table, which appears as follows. The issue that I'm trying to re... by adnankhan5133 Communicator in Splunk Search 08-13-2020 0 0	0	0
Streamstats sum that doesn't go below zero This is the second time I have come across this problem but I really can't seem to find any answer anywhere. I need t... by ALXWBR Path Finder in Splunk Search 08-13-2020 0 4	0	4
Extraction using rex This is a dashboard panel that i've created by extracting virus information from a log file This is my search query I... by rkris Explorer in Splunk Search 08-13-2020 0 3	0	3
Restrict access to create dashboards and alerts and give access only to run search query Hi,Basically i want to revoke write access to users but due to business requirements i am supposed to give access to ... by Ashwini008 Builder in Splunk Search 08-13-2020 0 4	0	4
Finding the diff of two time stamps is returning null/ empty value Hello,I am trying to find two events from my log with time into consideration, as earliest and latest. Next I am tryi... by subhrangshu Explorer in Splunk Search 08-13-2020 0 1	0	1
values from lookup are not filled into map Hey! So I have been trying to use inputlookup on a long CSV list of addresses to perform a search for each adress. I ... by Deniz_Oe Explorer in Splunk Search 08-13-2020 0 1	0	1
How to set message for status for job not run on saturday sunday ? How to set status message for job not ran on saturday and sunday .here the query which i used in case statement.In my... by karthi2809 Builder in Splunk Search 08-13-2020 0 1	0	1
How to use lookup fields to compare with current event logs and filter them Hello Splunk members!I currently have a search that produces "Users" connecting to certain "hosts" whereas the status... by MJA411 Explorer in Splunk Search 08-13-2020 0 7	0	7
Splunk REST API: How to filter saved searches by author/name? Using the Splunk REST API, one can use GET against the "saved/searches" endpoint and get a list of all Saved Searches... by splunkuserCA1 Path Finder in Splunk Search 08-13-2020 0 1	0	1
echo command in splunk How can I print out any value or any result in splunk? Does splunk have any echo command system? eval didn't help me ... by neeldesai1992 Path Finder in Splunk Search 08-12-2020 0 4	0	4
Regex expression to extract IP from a raw log file Hi all,I am trying to extract an IP and the word "HOST_NAME" from a raw log file using the following regex expression... by ssaini5 Explorer in Splunk Search 08-12-2020 0 5	0	5
I need to bring back a zero value if my search does not bring anything back. index=xxxx source="/esbplogsdir/prod/Enable/LOG_Maximo_LSI_Work/Maximo/LSI_IN_msg_prod.log" OR source="/esbplogsdir/p... by nls7010 Path Finder in Splunk Search 08-12-2020 0 1	0	1
How to extract fields from regex and put in a table My current search is: index=rtm* source=/prod/msp/logs/private-auto-loan-credit* \| regex "The rule (?<field1>[a-zA-Z0... by splunkuser2127 Loves-to-Learn in Splunk Search 08-12-2020 0 1	0	1
How can I hide the real-time search options from the users? We would like to disallow our users to use real-time searches. Where do we block the feature from the users? by danielbb Motivator in Splunk Search 08-12-2020 0 2	0	2
Regex help Required Hi All,We are planning to ingest the SQL login success and failure logs into Splunk. So in the logs there are lot of... by anandhalagaras1 Contributor in Splunk Search 08-12-2020 0 5	0	5