Splunk Search

Community Activity

How to do arithmetic to stings that are converted to numbers? So I have the fields that I want to subtract. One is SequenceNumber_Comment (ex 211) and SequenceNumber_Withdrawal (... by sumarri Path Finder in Splunk Search 07-26-2024 0 2	0	2
Correlation search for authentication event Hello, I have to create a new correlation search looking for failed authentication to VPN. The rule should trigger if... by marco_massari11 Communicator in Splunk Search 07-26-2024 0 2	0	2
I need to get deviation of error count in two time frames Hi All , I am getting the logs from this query , But I need a query to get deviation of error count in two time per... by rajendar381 Loves-to-Learn Lots in Splunk Search 07-26-2024 0 8	0	8
Subtracting two fields I extracted 2 fields called 'Resp_time' and 'Req_time'...Both these fields are integers.I also changed the values to ... by sintjm Path Finder in Splunk Search 07-26-2024 0 6	0	6
Has anyone been able to figure out how to search indexed XmlWinEventLog sourcetype sample logs in the Ingest Action GUI? Has anyone been able to figure out how to search indexed XmlWinEventLog sourcetype sample logs in the Ingest Action G... by tjones130 Engager in Splunk Search 07-25-2024 1 3	1	3
Count elements from every percentile My target is not only show proper percentiles but also count elements in every precentile . So the first step I did i... by kp_pl Path Finder in Splunk Search 07-25-2024 0 3	0	3
Need to calculate % of a specific error I have a number of events in 2 category (CAT A and CAT B). There are successful events and failed events with differe... by Shahnoor Explorer in Splunk Search 07-25-2024 0 4	0	4
How to subtract two fields? I extracted 2 fields called 'Request' and 'Response'...Both these fields are integers. How do I display the differe... by skoelpin SplunkTrust in Splunk Search 07-25-2024 0 18	0	18
Splunk dashboard dynamic filter by multiple filter tokens I created a splunk dashboard that has a lot of filters (multiple dropdowns), and text input with different tokens, an... by elend Communicator in Splunk Search 07-25-2024 0 3	0	3
How do you remove specific special characters from a field value? Hi, I have a field called "Employee_Email". This field contains the value: ["firstname.lastname@gmail.com"] How do I ... by RonWonkers Path Finder in Splunk Search 07-25-2024 0 5	0	5
how to display multiple fields in one lookup command from one csv file This is a line of code that takes the fields from the CSV file \|lookup xxx.csv id OUTPUTNEW system time_range ... by Bracha Path Finder in Splunk Search 07-24-2024 0 13	0	13
Search Disabled Hello, I'm so please to find this burgeoning community of professionals here.Please I can't do any search whatsoever ... by 3litx Loves-to-Learn in Splunk Search 07-24-2024 0 1	0	1
Splunk Ingestion by Day I am trying to create a bar chart that shows the total daily splunk ingestion (in TB) by day for the past month. I am... by scout29 Path Finder in Splunk Search 07-24-2024 0 4	0	4
How i can display the data sum of 2 fields like Last month same date data (example: 24 june and 24 may) How i can display the data sum of 2 fields like Last month same date data (example: 24 june and 24 may)I have tried t... by Anud Path Finder in Splunk Search 07-24-2024 0 2	0	2
By default it considering the whitespace while parsing the fieldname in wineventlog Hi, can anyone help me with the solution please.I have wineventlog as below. By default it considering the whitespace... by RanjiRaje Explorer in Splunk Search 07-24-2024 0 4	0	4
splunk regex field extraction Helloi want to extract ip field from a log but i give error.this is a part of my log: ",\"SourceIp\":\"10.10.6.0\",\"... by Saeed-Hajitorab New Member in Splunk Search 07-24-2024 0 2	0	2
Dashboard Studio earliest/latest tokens I'm trying to pass 3 tokens from panel 1 into panel 2, earliest time, latest time, and a basic field value. I can ge... by Gregs1125 Loves-to-Learn in Splunk Search 07-23-2024 0 3	0	3
Inner join query just doesn't work! See my debugging efforts. What am I missing?? I've been debugging my inner join query for hours, and that's why I'm here with my first question for this community... by dbizzleforizzle Observer in Splunk Search 07-23-2024 0 4	0	4
Upload large file Hi, How does one upload files larger than 500mb? I get an error "File too large. The file selected is 996Mb. Maximum... by mwdbhyat Builder in Splunk Search 07-23-2024 0 15	0	15
Extract certain rows of column with data starting on certain keywords I am looking for a solution to extract rows containing certain keywords from column "X". and the remaining data will... by gemrose Explorer in Splunk Search 07-23-2024 0 1	0	1
Multisearch query I am analysing Incident to Problem linkage by doing a search of the Incident table and then using a Join to the Probl... by DonBaldini Path Finder in Splunk Search 07-23-2024 0 4	0	4
Is now() conflicting with eval of fields? I have a csv that gets loaded weekly... timestamp for events are on load. However, this file has multiple time fields... by bjbrookz Explorer in Splunk Search 07-23-2024 0 2	0	2
How to do show only count result that is not equal base on two fields Here is my query for checking BGP routing that goes UP and DOWN. (I only want to see when the amount of UP and DOWN a... by hitman88 Loves-to-Learn Lots in Splunk Search 07-23-2024 0 2	0	2
How to compare a look up field with multivalued indexed data in splunk? I am trying to write a splunk query. I have asset inventory data with hostname and IP address(multivalued), one hostn... by Richy_s Path Finder in Splunk Search 07-22-2024 0 6	0	6
rename field with numeric date eg 2024-06-10 to today Hi Community, actual i have a cron job, thats get every day values for today and tomorrow.How to extract for "today" ... by CMEOGNAD Engager in Splunk Search 07-22-2024 0 5	0	5