Splunk Search

Community Activity

Escaping the double-quotes when ingesting data? Hi, I'm attempting to deal with data coming from a query run by the Splunk DB Connector. It pulls all the data in fi... by marrette Path Finder in Splunk Search 08-04-2020 1 7	1	7
Count the total no of values in multivalue field - json response HI, I need to get the count of all the packages from the json body and display the total no of packages available for... by vijaysubramania Path Finder in Splunk Search 08-04-2020 0 9	0	9
EXTRACT-field regex in props.conf not extracting multiple values for the match. Hi There,Thank you for stop by and helping.I've a regex which extracts all URLs and domains from given field, this re... by bhupalbobbadi Path Finder in Splunk Search 08-04-2020 0 2	0	2
How to custom sort by column headers I have a table that shows the number of logs by severity over each host. I want to be able to rearrange the severity... by DEADBEEF Path Finder in Splunk Search 08-04-2020 0 1	0	1
Showing in a table results missing in a query from a set Hi,I’m trying to perform a query in Splunk that not sure if it’s even possible… I have my query over data with a form... by oribit Observer in Splunk Search 08-04-2020 0 5	0	5
Splunk Ad-hoc search getting auto-cancelled randomly My Ad-hoc searches getting auto-cancelled randomly.I am running them with admin privileges.There's no problem with RA... by sagaraverma Loves-to-Learn Everything in Splunk Search 08-04-2020 0 6	0	6
Replace string to replace entire Message field with another message for specific EventCode?? My query searches for (Eventcode=509 OR EventCode=118) and generates output (host, Time, EventCode, Task category, Me... by priya0709 Path Finder in Splunk Search 08-04-2020 0 4	0	4
rex a string from text How do I extract the cities from this text? \"timezone\""America/Sao_Paulo\",\"max_counter\":2,\"timezone\":\"Americ... by dacamargov Engager in Splunk Search 08-04-2020 0 8	0	8
how to join the two tables? I have 2 tablesI'd like to join the tables.for example : A tablestr1str2str3B tablestr4val1oval1str5val2oval2str6val3... by youngrap Explorer in Splunk Search 08-04-2020 0 3	0	3
Percentile values in splunk is not matching with Excel Percentile? Dear Team,We are used p25() and p75() functions to retrieve Percentile values for a range of values in Splunk. To val... by vengat4043 Path Finder in Splunk Search 08-04-2020 0 1	0	1
stats latest not showing any value for field Hi,We have following query - index=yyy sourcetype=zzz "RAISE_ALERT" logger="aaa" \| table uuid message timestamp \| e... by Du Engager in Splunk Search 08-04-2020 0 3	0	3
How to use color to highlight similar host? My query searches for eventcode and displays (host, time, task category, message) i want to use some color to highlig... by priya0709 Path Finder in Splunk Search 08-04-2020 0 4	0	4
Get App Name/Folder Name using Search Hi All, I am stuck at a scenario where if user using search in a specific app, then that app folders name should be s... by askkawalkar Path Finder in Splunk Search 08-04-2020 0 1	0	1
WILDCARD in LookUp .csv files Hi all,I have a challenge, that i have been struggling for the past few days, and can't find the correct solution.I h... by boromir Path Finder in Splunk Search 08-04-2020 0 5	0	5
unable to manipulate string from JSON (AWS CloudTrail) I am trying to write a report of 'AccessDenied' messages in our AWS CloudTrail logs. These are in JSON format and the... by ttovarzoll Path Finder in Splunk Search 08-04-2020 0 3	0	3
how to avoid join Hi, I have scenario where index and sourcetype are same and i am tryng below conditions.chart dc(run) OVER app by eve... by vikashperiwal Path Finder in Splunk Search 08-04-2020 0 3	0	3
IndexScopedSearch Error Details I just ran into the problem -- Error in 'IndexScopedSearch': The search failed. More than 125000 events found at time... by kevintelford Path Finder in Splunk Search 08-04-2020 0 6	0	6
Error in 'IndexScopedSearch': The search failed. More than 1000000 events found at time So I seem to have an issue similar to the one in this question here and have accidentally indexed over 1,000,000 even... by svercelli Path Finder in Splunk Search 08-04-2020 0 3	0	3
How to use 「inputlookup」fliter duplicate domains (BIND dns query log) hello ervery:Scenario:In my case,I use daily search create DnsQueryLog.csv,record the domains inquired every day in t... by Sunjux Explorer in Splunk Search 08-04-2020 0 5	0	5
Convert data to hex with tostring inside chart Hi,Can we manipulate data with functions in a chart.I have a chart table obtained with :\| chart count over user by da... by Voriaz Engager in Splunk Search 08-04-2020 0 3	0	3
How to join two searches for stats command I have 2 queries and need to show the result of both in one table index=someindex queryType="ts" filename=PNASC.HRBD... by prakashbhanu407 New Member in Splunk Search 08-03-2020 0 5	0	5
How to display a unit format and a color format in a single panel with an appendpipe subsearch? HelloI use the search below [\| inputlookup host.csv \| table host] `diskspace` \| fields FreeSpaceKB host \| ... by jip31 Motivator in Splunk Search 08-03-2020 0 0	0	0
Comparing attendance info for two months (Feb and July) I want to create a chart showing the attendance between pre covid (February) and current covid (July) for one of our ... by msage Path Finder in Splunk Search 08-03-2020 0 4	0	4
Changing the background of Single Value Viz. with dark theme If the trend is zero, how do I not have a black background? I just want a grey background by Username1 Path Finder in Splunk Search 08-03-2020 0 0	0	0
How to color code a field value based on the newly created field? Hi!I have a table created with Splunk search with the name of the site and projects with due dates that looks like th... by yvassilyeva Path Finder in Splunk Search 08-03-2020 0 0	0	0