Splunk Search

Community Activity

	Filter Email Address Country of Origin Using Lookup Assume I have a simple search that lists in a table the email addresses of those who recently sent an email:index=ema... by griffins Explorer in Splunk Search 07-14-2020 0 2	0	2
	IP address separating from 1 source I have a list of ip address that come from 1 source, I want a query to list the ip address separately and make them t... by Ephrem32 Explorer in Splunk Search 07-14-2020 0 1	0	1
	Unable to get return results from inputlookup I am unable to get additional columns from a CSV I have referenced in an SPL query that I have written. In the CSV t... by willadams Contributor in Splunk Search 07-14-2020 0 1	0	1
	Listing all saved searches from all apps via REST without correlation searches Hi All,So, I know I can get a list of all enabled saved searches by doing:\| rest count=0 /servicesNS/-/-/saved/search... by karadikid Explorer in Splunk Search 07-14-2020 0 3	0	3
	Database Records Hi @gcusello ,Following is the query that used to return database records but now it is not working.dbquery wmsewprd ... by rahul2gupta Path Finder in Splunk Search 07-14-2020 0 1	0	1
	How do i correlate events using subsearch from two sources based on two different conditions? Hello Splunker,I have a below scenario where i am struggling to come up with search query, and would like to ask your... by Sunil2020 Explorer in Splunk Search 07-14-2020 0 2	0	2
	events results time in milliseconds hi,i sent Splunk value, for example x=1. after 10 milliseconds i send again x=2 etc.when i search for x. i see in the... by erez10121012 Path Finder in Splunk Search 07-14-2020 0 9	0	9
	Why `where match(...)` but not `search match(...)`? What is the difference between `... \| when match(a,b)` and `...\| search match(a,b)`?Why in such cases `when` works an... by pm771 Communicator in Splunk Search 07-14-2020 0 1	0	1
	reset_on_change, reset before, reset after what is the major difference of these in streamstats command. I could understand why these function are used as I get... by tara12121007 New Member in Splunk Search 07-13-2020 0 0	0	0
	How to get results from last 1 week and last 3 week for the exact time frame of the search I am new to Splunk, I am trying to get results in the below pattern. Any help is appreciated.Lets say I am doing sear... by achittela Loves-to-Learn in Splunk Search 07-13-2020 0 2	0	2
	Stats include all fields \| stats sum(Score) AS TotalScore, values(value1) AS value1, values(value2) AS value2, values(value3) AS value3, by Us... by tmontney Builder in Splunk Search 07-13-2020 0 2	0	2
	Using CSV field as time I have a CSV file with a column labeled published. Timestamp values in that field are listed like so: 2020-07-01T01:1... by bvan Explorer in Splunk Search 07-13-2020 0 2	0	2
	Why is the save button greyed out when attempting to modify a report/search? Hello, I am new at this and I have been emailed some search examples to meet an objective. I copied and pasted the s... by infra2sec Path Finder in Splunk Search 07-13-2020 0 2	0	2
	Get a Server Error running certain searches and unable to saving a report or alert for any search Hi,We are using Splunk Enterprise 8.0.4.1 with a Search head and two indexing cluster.As a splunk administrator, I a... by mfeigel Observer in Splunk Search 07-13-2020 0 4	0	4
	Eval statement based of 1 field using If I have a bunch of storage clusters that we monitor, 60% of the envrioment uses normal GB, the other 40% uses GiB. I... by codedtech Path Finder in Splunk Search 07-13-2020 0 3	0	3
	Use an intermediate universal forwarder Hi at all, I need to send logs from many Universal Forwarders to an Indexer Cluster using an Intermediate Forwarder. ... by gcusello SplunkTrust in Splunk Search 07-13-2020 0 4	0	4
	Search using MAP COMMAND I have dropdown which has to execute the two different searches based on token picker I am trying to implement the me... by ssadanala1 Contributor in Splunk Search 07-13-2020 0 1	0	1
	Cluster Command Based on Multiple Fields Can the cluster command cluster based on more than one field? I know we can change which field to cluster by, but can... by michaelsplunk1 Path Finder in Splunk Search 07-13-2020 0 2	0	2
	Comparing multiple values for a result HI All,need your help in below query. I use below query to get below output.Query : index=nw_syslog\| rex field=_raw "... by jerinvarghese Communicator in Splunk Search 07-13-2020 0 3	0	3
	Splunk SPL best practice Will a parentheses Surrounded SPL queries make any difference?For Example:(index IN (“indexA”,”indexB”) source=”sou... by sivaranjiniG Communicator in Splunk Search 07-13-2020 0 5	0	5
	Delete redundant information in fields Hallo,I would like to investigate the login behaviour of users. I use this search:I receive the following example log... by caplog Engager in Splunk Search 07-13-2020 0 1	0	1
	matching two different events and create new table Dear Folks,I've the below two different type of events, the matching attributes from first event to second event are,... by Madhuranthakan Loves-to-Learn Lots in Splunk Search 07-13-2020 0 0	0	0
	How to best track the frequency of repeating events Hi,I'm after suggestions on how to best approach this problem.I want to track over time how often I am seeing a mac a... by pwild_splunk Splunk Employee in Splunk Search 07-13-2020 0 1	0	1
	How to display the SLA status based on the SLA time Hi Experts, I have data as shown below, Whenever we run the search, if the current time is greater than start time we... by rock_s Engager in Splunk Search 07-13-2020 0 13	0	13
	Create table with yxz I have the query below, but i i dont want the services to like this.. how can i get the names of the services to be v... by sphiwee Contributor in Splunk Search 07-13-2020 0 1	0	1