Splunk Search

Community Activity

Cluster Command Based on Multiple Fields Can the cluster command cluster based on more than one field? I know we can change which field to cluster by, but can... by michaelsplunk1 Path Finder in Splunk Search 07-13-2020 0 2	0	2
Comparing multiple values for a result HI All,need your help in below query. I use below query to get below output.Query : index=nw_syslog\| rex field=_raw "... by jerinvarghese Communicator in Splunk Search 07-13-2020 0 3	0	3
Splunk SPL best practice Will a parentheses Surrounded SPL queries make any difference?For Example:(index IN (“indexA”,”indexB”) source=”sou... by sivaranjiniG Communicator in Splunk Search 07-13-2020 0 5	0	5
Delete redundant information in fields Hallo,I would like to investigate the login behaviour of users. I use this search:I receive the following example log... by caplog Engager in Splunk Search 07-13-2020 0 1	0	1
matching two different events and create new table Dear Folks,I've the below two different type of events, the matching attributes from first event to second event are,... by Madhuranthakan Loves-to-Learn Lots in Splunk Search 07-13-2020 0 0	0	0
How to best track the frequency of repeating events Hi,I'm after suggestions on how to best approach this problem.I want to track over time how often I am seeing a mac a... by pwild_splunk Splunk Employee in Splunk Search 07-13-2020 0 1	0	1
How to display the SLA status based on the SLA time Hi Experts, I have data as shown below, Whenever we run the search, if the current time is greater than start time we... by rock_s Engager in Splunk Search 07-13-2020 0 13	0	13
Create table with yxz I have the query below, but i i dont want the services to like this.. how can i get the names of the services to be v... by sphiwee Contributor in Splunk Search 07-13-2020 0 1	0	1
Sort fieldnames AccountName FAILURE SUCCESS IMPACT LOSS% TotalAccount120001490.111.3310804Account220812620.109.552043Account316301554... by skodak Explorer in Splunk Search 07-12-2020 0 5	0	5
Extract a ";" delimited field in table My log sample looks like this: testServiceName,testTransName,DEVTEST,,,3375598402,15,754,5,2020-07-11 18:41:31.982,20... by Nidd Path Finder in Splunk Search 07-12-2020 0 2	0	2
How to group events by date? Hi, I manage to get the view i want using below search command. May I know how to group the events by Month_Year for... by thl8490123 New Member in Splunk Search 07-12-2020 0 4	0	4
Compare Dates and exclude event if it is older Hi,How do I compare dates and exclude the event if it is older?I have here my table from transaction command. I want ... by Noob_splunker Explorer in Splunk Search 07-11-2020 0 3	0	3
Universal forwarders no longer sending data - SSL23 unknown protocol Our universal forwarders can no longer connect to the indexer, seemingly after upgrading openssl to the newest versio... by adamsimpsondevo Engager in Splunk Search 07-11-2020 1 2	1	2
Split one field values into multiple fields based on values statussuccesssuccess failurefailureerrorerror I want output like status status 1 status2success failure ... by skodak Explorer in Splunk Search 07-10-2020 0 3	0	3
Can i do an eval if match with a lookup table? I have a field called lookup_key that contains either a host name or an IP address. I am trying to get a lookup on t... by rome75 Engager in Splunk Search 07-10-2020 0 1	0	1
Is there BOTSv3 writeup? https://github.com/splunk/botsv3https://www.splunk.com/en_us/blog/security/botsv3-dataset-released.htmlI'm starting t... by to4kawa Ultra Champion in Splunk Search 07-10-2020 0 1	0	1
Extract Fields from JSON Hi Everyone. Thanks in advance for any help.I am trying to extract some fields (Status, RecordsPurged) from a JSON o... by felipesodre Path Finder in Splunk Search 07-10-2020 0 4	0	4
stats count for different days in separate fields Hi, I’m trying to get product count for yesterday and 7 days ago from yesterday in two separate fields, results are c... by maxmukimov Explorer in Splunk Search 07-10-2020 0 6	0	6
Cluster Command Max Cluster Size Is there a way to set the maximum cluster size for the clusters generated by the "cluster" command? by michaelsplunk1 Path Finder in Splunk Search 07-10-2020 0 1	0	1
Stats by custom string I'd like to display stats based on a custom string within a log entry. Below is sample of the log entry. I'd like t... by dv2323 Explorer in Splunk Search 07-10-2020 0 6	0	6
visited websites Hello, I would like to set up statistics on the visited websites by the users. I would like to find all users who vis... by nesslee Observer in Splunk Search 07-10-2020 0 2	0	2
excluding from search results Hello everyone,When a user visits a website, it can make hundreds of separate requests related to advertising. So i w... by nesslee Observer in Splunk Search 07-10-2020 0 1	0	1
How to create an eval on random data string ? Hi,My issue is : I want to create a field from random data string (always the same) which is not present in all logs.... by mah Builder in Splunk Search 07-09-2020 0 3	0	3
How to remove spaces from the beginning and end of a field value? I want to remove spaces from starting and ending of field I was trying to achieve this using ... \| rex mode=sed fie... by mkhan_splunk New Member in Splunk Search 07-09-2020 0 8	0	8
Use Regex to extract data from _raw and rename the extracted field Hello Splunkers,Please advise how to use regex to extract the below specific fields from _raw data and also add/rena... by promukh Path Finder in Splunk Search 07-09-2020 0 4	0	4