Splunk Search

Community Activity

Melding continuation events while cherrypicking data from each Hello all,I've tried to search here and through search engines with no luck. I can't seem to get the knack for refer... by CrailAtWork Engager in Splunk Search 07-22-2020 0 3	0	3
Change a value in the output field. Hi all,I need help in changing an output that getting from below search to be changed. index=itsm \| stats count by C... by jerinvarghese Communicator in Splunk Search 07-22-2020 0 2	0	2
How to replace field value of one event with another event? This is the data set from Fundamental 1. A lot of successful purchase events with same 'ProductName' doesn't include ... by FaridHamidi Engager in Splunk Search 07-22-2020 0 1	0	1
How to create graphs for two different values of same field? Hello, i have a splunk query like this index=someindex container_name=app ( cookie=*cookie1" OR cookie="cookie2" ) e... by bullriser New Member in Splunk Search 07-22-2020 0 1	0	1
Why does the REST Search in json format returns duplicate results? I'm performing a REST Search that ends with a \| table command When I configure the script to csv format, I get 5 even... by chris94089 Path Finder in Splunk Search 07-22-2020 0 1	0	1
how can we change forwarder sourcetype? I have a problem with parsing, so I want to change the sourcetype. ex) index=A sourcetype=A → index=A sourcetype=B ... by lifekis Explorer in Splunk Search 07-22-2020 0 8	0	8
How to search Regex to Detect CVE-2020-0688 Vulnerability? Hi As you know one of the latest vulnerability was CVE-2020-0688 on microsoft exchange server. so I'm trying free spl... by MBashiri New Member in Splunk Search 07-22-2020 0 2	0	2
What does the _bump endpoint do? I saw an explanation of the "refresh", up the .conf files and I found the _bump command, but do not know what it is f... by renanprado96 Path Finder in Splunk Search 07-22-2020 0 3	0	3
stats count eval match issue I have a generic search that is looking for logins and there is a field that has two values – “authentication” for a ... by jwalzerpitt Influencer in Splunk Search 07-22-2020 0 3	0	3
replace one backslash by double backslash Hello! I need to provide search only in earliest source in my sourcetype. I use this search request for this purpose... by ryastrebov Communicator in Splunk Search 07-22-2020 1 6	1	6
Add a column that is the difference of the first two columns. So suppose that everyday Splunk takes in a report that houses 9 different fields, one of which is called 'status'. St... by Username1 Path Finder in Splunk Search 07-22-2020 0 2	0	2
Linechart with clustered data Hi all, I need to show the number of concurrent logged users within the last 30 days. What I would like to have is a ... by paxo Loves-to-Learn Lots in Splunk Search 07-22-2020 0 1	0	1
How to group by from two fields and perform stats depending of the field? Hello,Let me give you an example. I've got the following table to work with:src_groupdest_groupcountAB10BA21AC32BZ6 I... by davietch Path Finder in Splunk Search 07-22-2020 0 9	0	9
REST API Incomplete Results Getting incomplete (lesser number of events as results ) when using rest API. The same search i run in the splunk ent... by vvvinamer Engager in Splunk Search 07-22-2020 0 4	0	4
External search command 'dbquery' returned error code 1. Script output = 'There is no such database [abcdef] available. Hi @gcusello ,When I am running the following query it is working fine .\|dbquery wmsewprd "select REC_TYPE, CODE_TYP... by rahul2gupta Path Finder in Splunk Search 07-22-2020 0 9	0	9
How to find the week number of a date in a month and same week(number) in previous month I have a date field in "%m/%d/%Y" format.I need to find the week number of this date and find the same week number of... by mani Explorer in Splunk Search 07-22-2020 1 2	1	2
Not able to see my lookup while creating an automatic lookup. Not able to see my lookup while creating an automatic lookup.While creating an automatic lookup i am not able to see ... by veerendra_modi Loves-to-Learn in Splunk Search 07-22-2020 0 0	0	0
looping a function HI Splunkers, I am looking for some help on loops in splunk. I have a lookup file like below.from,toparent,child1pare... by nadlurinadluri Communicator in Splunk Search 07-22-2020 0 4	0	4
Rest API Search If i run a post search method, it returns a sid. How would i come to know that the search is complete and that when i... by vvvinamer Engager in Splunk Search 07-22-2020 0 4	0	4
How to search for status change in field values? Hello, I have events with id, status that is collected everyday for all the ids. I would like to know when the time(... by kiru2992 Path Finder in Splunk Search 07-22-2020 0 5	0	5
Transaction via Rex I have a query that I'm trying to get the amount of time a transaction takes to execute. I was selecting only a piece... by jasoneaton Engager in Splunk Search 07-21-2020 0 3	0	3
Having trouble passing values in a macro to collect command. Splunkers,I sure hope this is just user error and I am myopic today! Have a simple macro: collectevents(2) args=index... by ddelmont Explorer in Splunk Search 07-21-2020 0 2	0	2
Query partially if csv doesn't exist. -- Looking for IF-ELSE scenario with eval My query looks like thisindex=* sourcetype="MYSOURCE" \| table company_id \| dedup company_id \| where company_id != "-... by aravindsurya77 Observer in Splunk Search 07-21-2020 0 3	0	3
How to find the data from nested log I am using below query index=aws earliest=-12h eventName=AuthorizeSecurityGroupIngress "items{}.cidrIp"="0.0.0.0/0" A... by john_snow Engager in Splunk Search 07-21-2020 0 1	0	1
Group event Hello,I have some log events that are structured like that:<timestamp> - [INFO] <serialnumber 1><timestamp> - [INFO] ... by Nadeige New Member in Splunk Search 07-21-2020 0 2	0	2