Splunk Search

Community Activity

I need a search to find mapping of roles to AD Groups and indexes I have been able to find searches for roles mapped to AD Groups, but I need to get the indexes those roles are allowe... by nls7010 Path Finder in Splunk Search 07-24-2020 0 1	0	1
Help with field extraction and table Hi I hope someone can help me .. I am completely new to Splunk. Although I love it so far I don't really know how to ... by splunknoob Engager in Splunk Search 07-24-2020 0 3	0	3
data extraction from Nested JSON data and print only corresponding details H Team, Am trying to fetch the nicSwitch* details of only corresponding nicName from the below json data, which i cou... by bala1185 Engager in Splunk Search 07-24-2020 0 3	0	3
Count for same field but for non occurring values based on other field. In below example I want only count of "a" as he has not paid till the end. And also the data entries are many which c... by shravanikarale Loves-to-Learn Lots in Splunk Search 07-24-2020 0 5	0	5
time span = week Hello, I am trying to span for 1 week and 1 month chart from the summary index search, but When in use \| bin span=1w,... by gowtham08091 Explorer in Splunk Search 07-24-2020 0 3	0	3
How to make another search in if condition using eval Hello,I think this might be simple but need some guidance. Any help would be really appreciated.I have a log and in w... by mnarmada Path Finder in Splunk Search 07-24-2020 0 4	0	4
Performance in inputlookup vs lookup (command) There is a big difference in term of performance in using "inputlookup" and "lookup" from the following queries with ... by lucas4394 Path Finder in Splunk Search 07-24-2020 0 5	0	5
Convert from any timezone to UTC How do I convert a timestamp from any timezone to UTC in splunk? I have a field "DeviceTime" that can hold any time z... by rockstarter New Member in Splunk Search 07-23-2020 0 2	0	2
Using mstats with eval grouped by field I wanted to graph the computed value of two fields and group the result by another field: \| mstats avg(kube.pod.cpu.l... by prandelicious Loves-to-Learn Lots in Splunk Search 07-23-2020 0 9	0	9
How to get current GMT time? I have a search: search \| eval difference=now() - strptime(createdDate,"%Y-%m-%d %H:%M:%S.%3N") This works, excep... by Sundried Explorer in Splunk Search 07-23-2020 1 5	1	5
Unable to divide output of two queries Hi team, I want to divide the output result of one query with output of second query and get a remainder. I am using ... by preetham2215 New Member in Splunk Search 07-23-2020 0 2	0	2
Comparing two search results and listing unique ones as table Hi,Have logs for both request to a server and its response. However, in some cases the response won't be received and... by renjithk Observer in Splunk Search 07-23-2020 0 1	0	1
help to display field header in ordinate axis hiThe stats command below allows me to display data in a table panelI would like to display the fields header in an o... by jip31 Motivator in Splunk Search 07-23-2020 0 3	0	3
How to count IPs that match fields in two different searches? I need to create a search that counts IPs which return events for two different fields in the same index. Search 1 wi... by sbhuie New Member in Splunk Search 07-23-2020 0 5	0	5
Splunk dashboard HI Team ,i need to edit existing dashboard and need to display :time taken for 90, 97 and 99 percentile of transactio... by splunkuser_tr Observer in Splunk Search 07-23-2020 0 3	0	3
How to get the missing devices in a index comparing with yesterday Hi,index=myindex \|search name=*\| bin span=1d _time \| stats dc(name) as name by _timehere i am getting the number of n... by surekhasplunk Communicator in Splunk Search 07-23-2020 0 1	0	1
savedsearch command replace with a literal string not working Hi using a Report (cause I need to allow permissions to the data) in a dashboard passing tokens. Looking at the docs,... by chrisboy68 Contributor in Splunk Search 07-23-2020 0 4	0	4
How to send a calculated multivalued field from a search as an input to another search Hello Everyone!I have a scenario to extract a particular set id's from index1 in search1 and run a search2 on index2 ... by kiru2992 Path Finder in Splunk Search 07-23-2020 0 3	0	3
Pass splunk command from lookup table for execution Hi,I am very new in Splunk and need some help to understand Splunk command execution structure.Case: We are having in... by rahul15601 Engager in Splunk Search 07-23-2020 0 3	0	3
CLI search query not giving results. Working fine on searchhead GUI Hi,/opt/splunk/bin/splunk search " index=** sourcetype="***:proxylogs" earliest=-15m@m latest=now \| fields actio... by Reethika Path Finder in Splunk Search 07-23-2020 0 1	0	1
Why am I receiving this error? Hi @gcusello ,While running the following search we are getting error as stated in topic.Search: \|dbquery wmsqlprd "... by rahul2gupta Path Finder in Splunk Search 07-23-2020 0 2	0	2
Check certificats Hello,I make a script that retourne a certificats list in Excel form then I display uniquely the certifcat about to e... by miguel1423 Explorer in Splunk Search 07-22-2020 0 2	0	2
help on single panel abackground color following value displayed hiIn the code below, I would like that if the condition "No patch in late" in my single panel = true, the color back... by jip31 Motivator in Splunk Search 07-22-2020 0 0	0	0
Melding continuation events while cherrypicking data from each Hello all,I've tried to search here and through search engines with no luck. I can't seem to get the knack for refer... by CrailAtWork Engager in Splunk Search 07-22-2020 0 3	0	3
Change a value in the output field. Hi all,I need help in changing an output that getting from below search to be changed. index=itsm \| stats count by C... by jerinvarghese Communicator in Splunk Search 07-22-2020 0 2	0	2