Splunk Search

Community Activity

Datamodel field rename We ingested some data from one device which is not add to network traffic datamodel by default. this device sends dat... by Nawab Communicator in Splunk Search 07-22-2024 0 2	0	2
Filter using delta command Iam using  splunk with delta command index=xxxx source=xxxx rcrdType=xxx \| timechart span=1h avg(requestSize) a... by bmer Explorer in Splunk Search 07-21-2024 0 1	0	1
Comma delimited and align left for single value...? Dozens of posts on these topics.. I've tried makemv, fieldformat, tostring, tonumber all to no avail. So I'm just goi... by bjbrookz Explorer in Splunk Search 07-20-2024 0 4	0	4
Splunk query to get the inputs.conf on the deployment server for specific apps I know that rest calls don't cover the deployment server apps as they are not memory resident. But is there any way w... by Naa_Win Path Finder in Splunk Search 07-20-2024 0 2	0	2
How to get full results from 2 queries joined together? I am not getting full data in output when combining 2 queries using join. When I run first query individually, I get... by nkhanna Engager in Splunk Search 07-19-2024 0 10	0	10
Show events if not seen in lookup I wrote this query to help look for multiple Autonomous System Number (ASN) values and multiple user agent values in ... by jacvbtaylor Engager in Splunk Search 07-19-2024 0 5	0	5
Need to calculate difference between two epoch timestamps from two different searches where the correlation-ids are same Hi Community,I need to calculate the difference between two timestamps printed in log4j logs of java application fro... by Anurag_Ntt Explorer in Splunk Search 07-19-2024 0 2	0	2
How to parse my json With specific query, I can get below value for one field:{<!-- --> "key1": {<!-- --> "field1": x }, "key2": {<!-- --> ... by jerrytao Engager in Splunk Search 07-18-2024 0 9	0	9
How to sum the website's traffic? Hi Community,We are using the Splunk Enterprise. From the Splunk Search & Reporting, how can we sum the site's traffi... by houys Loves-to-Learn in Splunk Search 07-18-2024 0 4	0	4
Describe the pattern matching syntax used for 'punct'? I am trying to determine how I can use 'punct' to match certain patterns and set eventtypes for my data. I see punct... by stefanlasiewski Contributor in Splunk Search 07-18-2024 1 4	1	4
Is there any command to check app deployed status on the deployer? (like we can use "show cluster-bundle-status") When we try to deploy an app from deployer, the only one message after we "apply shcluster-bundle" is Bundle has bee... by ken_liu New Member in Splunk Search 07-18-2024 0 3	0	3
How to calculate percent change over selectable timerange Hello I'd like to create a single value viz that displays the percent change from a pint in time to now. Basically,... by tkwaller_2 Communicator in Splunk Search 07-18-2024 0 1	0	1
Display only events that fulfill all IN conditions Hi Team,i have a search that query's for 4 IN conditions and then list them. The search works fine but i need help wi... by DanielAmlung Path Finder in Splunk Search 07-18-2024 0 5	0	5
How to convert date time to epoc time. Team, wanted to convert below time into epoc time. Please help.time - Nov 16 10:00:57 2024 by drogo Explorer in Splunk Search 07-18-2024 0 3	0	3
Need help with field extraction in search time I have a raw Nessus file that I've processed by separating host names into individual hosts. However, I am encounteri... by satyaallaparthi Communicator in Splunk Search 07-17-2024 0 8	0	8
Query user login over a period of time I am trying to query our windows and linux indexes to verify how many times a user has logged in over a period of tim... by Skadrir Explorer in Splunk Search 07-17-2024 0 4	0	4
Field Extraction not working, need usable rex expression I have a search that yields"message":"journey::cook_client: fan: 0, auger: 0, glow_v: 36, glow: false, fuel: 0, cavit... by nkavouris Path Finder in Splunk Search 07-17-2024 0 1	0	1
Timechart after sort display Hey,Iv'e noticed some wierd behviour that is making me suspect the relaibility of my queries so I'm really looking fo... by Hod152 Explorer in Splunk Search 07-17-2024 0 4	0	4
Extract field value from json string with different spath and group by I have splunk events that has a splunk field as json string named "data"I want to group these events by "id". This id... by newbie77 Engager in Splunk Search 07-17-2024 0 4	0	4
Evaluate difference between 2 (string) dates in the same event. Hello, I'm struggling mightily with this one. I have two dates in the same event, both are strings. Their format is ... by bjbrookz Explorer in Splunk Search 07-16-2024 0 2	0	2
Ingesting Palo Alto Threat logs with log_subtype=URL into Splunk Hi there, We are currently ingesting Palo Alto threat logs into Splunk although we are missing the 'URL' log_subtype.... by cwhelan Explorer in Splunk Search 07-16-2024 0 1	0	1
Extracting Messages which may be found in event I have a search yielding the following result"message":"gimlet::hardware_controller: State { target: Idle, state: Idl... by nkavouris Path Finder in Splunk Search 07-16-2024 0 4	0	4
Unique values of one field based on unique values of another field Morning, Splunkers!I've got a fun one today. I need to find the most resource efficient way (i.e., fastest way that w... by A_VA Explorer in Splunk Search 07-16-2024 0 2	0	2
I can see 2 different sourcetypes (xmlwineventlog, XmlWinEventLog) Hi All, It would be great help if anyone help me figure out this.App is deployed in the UFs to receive such logs in s... by RanjiRaje Explorer in Splunk Search 07-16-2024 0 3	0	3
How to round a percentage value in a pie chart to 1 decimal place? Hi, I have the entry below in my dashboard which shows the percent value in pie chart, but defaults to 3 decimal pla... by dvg06 Path Finder in Splunk Search 07-16-2024 0 6	0	6