Splunk Search

Community Activity

rex a string from text How do I extract the cities from this text? \"timezone\""America/Sao_Paulo\",\"max_counter\":2,\"timezone\":\"Americ... by dacamargov Engager in Splunk Search 08-04-2020 0 8	0	8
how to join the two tables? I have 2 tablesI'd like to join the tables.for example : A tablestr1str2str3B tablestr4val1oval1str5val2oval2str6val3... by youngrap Explorer in Splunk Search 08-04-2020 0 3	0	3
Percentile values in splunk is not matching with Excel Percentile? Dear Team,We are used p25() and p75() functions to retrieve Percentile values for a range of values in Splunk. To val... by vengat4043 Path Finder in Splunk Search 08-04-2020 0 1	0	1
stats latest not showing any value for field Hi,We have following query - index=yyy sourcetype=zzz "RAISE_ALERT" logger="aaa" \| table uuid message timestamp \| e... by Du Engager in Splunk Search 08-04-2020 0 3	0	3
How to use color to highlight similar host? My query searches for eventcode and displays (host, time, task category, message) i want to use some color to highlig... by priya0709 Path Finder in Splunk Search 08-04-2020 0 4	0	4
Get App Name/Folder Name using Search Hi All, I am stuck at a scenario where if user using search in a specific app, then that app folders name should be s... by askkawalkar Path Finder in Splunk Search 08-04-2020 0 1	0	1
WILDCARD in LookUp .csv files Hi all,I have a challenge, that i have been struggling for the past few days, and can't find the correct solution.I h... by boromir Path Finder in Splunk Search 08-04-2020 0 5	0	5
unable to manipulate string from JSON (AWS CloudTrail) I am trying to write a report of 'AccessDenied' messages in our AWS CloudTrail logs. These are in JSON format and the... by ttovarzoll Path Finder in Splunk Search 08-04-2020 0 3	0	3
how to avoid join Hi, I have scenario where index and sourcetype are same and i am tryng below conditions.chart dc(run) OVER app by eve... by vikashperiwal Path Finder in Splunk Search 08-04-2020 0 3	0	3
IndexScopedSearch Error Details I just ran into the problem -- Error in 'IndexScopedSearch': The search failed. More than 125000 events found at time... by kevintelford Path Finder in Splunk Search 08-04-2020 0 6	0	6
Error in 'IndexScopedSearch': The search failed. More than 1000000 events found at time So I seem to have an issue similar to the one in this question here and have accidentally indexed over 1,000,000 even... by svercelli Path Finder in Splunk Search 08-04-2020 0 3	0	3
How to use 「inputlookup」fliter duplicate domains (BIND dns query log) hello ervery:Scenario:In my case,I use daily search create DnsQueryLog.csv,record the domains inquired every day in t... by Sunjux Explorer in Splunk Search 08-04-2020 0 5	0	5
Convert data to hex with tostring inside chart Hi,Can we manipulate data with functions in a chart.I have a chart table obtained with :\| chart count over user by da... by Voriaz Engager in Splunk Search 08-04-2020 0 3	0	3
How to join two searches for stats command I have 2 queries and need to show the result of both in one table index=someindex queryType="ts" filename=PNASC.HRBD... by prakashbhanu407 New Member in Splunk Search 08-03-2020 0 5	0	5
How to display a unit format and a color format in a single panel with an appendpipe subsearch? HelloI use the search below [\| inputlookup host.csv \| table host] `diskspace` \| fields FreeSpaceKB host \| ... by jip31 Motivator in Splunk Search 08-03-2020 0 0	0	0
Comparing attendance info for two months (Feb and July) I want to create a chart showing the attendance between pre covid (February) and current covid (July) for one of our ... by msage Path Finder in Splunk Search 08-03-2020 0 4	0	4
Changing the background of Single Value Viz. with dark theme If the trend is zero, how do I not have a black background? I just want a grey background by Username1 Path Finder in Splunk Search 08-03-2020 0 0	0	0
How to color code a field value based on the newly created field? Hi!I have a table created with Splunk search with the name of the site and projects with due dates that looks like th... by yvassilyeva Path Finder in Splunk Search 08-03-2020 0 0	0	0
inputlookup + Join search = parsing job I have scheduled search jobs that run nightly. The first search adds fields A and B for the day to the lookup. The ... by bdondlinger Explorer in Splunk Search 08-03-2020 1 6	1	6
How to get previous records in splunk Hi,I have multiple records with different data_set value. I want to get each data_set record at a time. So tried usin... by DHPADIA Engager in Splunk Search 08-03-2020 0 0	0	0
Brute Force Query Help I am trying to mimic the table below. I have the count of the source IP, but how do I get the count of the respective... by alanzchan Path Finder in Splunk Search 08-03-2020 0 1	0	1
Return index position of {someValue} in multi-value field I'm using transaction to combine events & generate multi-value fields. What I want to do is keep the values of a mv f... by stjack99 Explorer in Splunk Search 08-03-2020 0 3	0	3
How to print non-unique values for each row in a table? I have a script that extracts table data from a database and loads the data to other tables in another database. Eve... by VictorCrunch Loves-to-Learn in Splunk Search 08-03-2020 0 9	0	9
alert Hi,How can I set an alert with firing setted to send an email to me.But when It fires on the mail it has to show me a... by dani9 Explorer in Splunk Search 08-03-2020 0 3	0	3
Retrieve stats for this current and previous week Hi,I have the following simple query searchQuery \| stats count, p50(duration), p99(duration) by uri_path and we qu... by srikanth88infy Loves-to-Learn in Splunk Search 08-03-2020 0 4	0	4