Splunk Search

Community Activity

How to generate a baseline on a timechart using a value from a lookup table I have a search that captures a specific product code, calculates the total number of units attributed to the product... by beetlegeuse Path Finder in Splunk Search 07-30-2024 0 4	0	4
Using basesearch with subsearch I nabbed some searches from our license server/monitoring console and placed them in the search head cluster so that ... by fatsug Builder in Splunk Search 07-30-2024 0 4	0	4
Splunk Query Help! I Have Service_names (A, B ,C ,D, E, F, G, H, I J, K, L , M) but want (C ,D, E, F, G, H, I J, K, L , M ) servic... by kc_prane Communicator in Splunk Search 07-30-2024 0 4	0	4
Splunk Search help! I Have ServiceNames (A, B ,C ,D, E, F, G, H) but want (C ,D, E, F, G, H ) ServiceNames combined results and renam... by kc_prane Communicator in Splunk Search 07-30-2024 0 5	0	5
Number comparison seems not to be working Hi, This thing is getting me crazy.I am running Splunk 9.2.1 and I have the following table:amountcomparefrac_typefra... by tommasoscarpa1 Path Finder in Splunk Search 07-30-2024 0 4	0	4
Timechart based on two joined indexes I have a set of data which comes from two indexes . It looks more or less like below:(index="o_a_p") OR ( index="o_d_... by kp_pl Path Finder in Splunk Search 07-30-2024 0 3	0	3
How to find computers which stopped sending logs I have a deployment where multiple computers are sending logs to a WEF server using WEF(windows event forwarding). I ... by Nawab Communicator in Splunk Search 07-30-2024 0 5	0	5
The extraction failed. If you are extracting multiple fields, try removing one or more fields. Hello,While parsing the logs, I'm trying to extract fields, but at some point, I receive the following message "The e... by BRFZ Communicator in Splunk Search 07-29-2024 0 17	0	17
Display Total transactions with overall count and without taking where clause events in consideration. I want to display total transactions without where condition in result with other fields which has specific where con... by Gauri Engager in Splunk Search 07-29-2024 0 6	0	6
How to combine the outputs of multiple searches into a single field ? HI Can you please let me know how we can combine the outputs of multiple searches into a single field?? For example... by Real_captain Path Finder in Splunk Search 07-29-2024 0 1	0	1
How to splunk api to get statistics in python If I run the below code I am getting events in output json file , if I want to get statistics , is there any api avai... by rajendar381 Loves-to-Learn Lots in Splunk Search 07-29-2024 0 0	0	0
Regex Help! My Raw log says "message: (c4328dd3-d16e-4df8-a8e6-b2ebcab9d8bc)" I wanted to extract everything inside the Parenth... by kc_prane Communicator in Splunk Search 07-29-2024 0 2	0	2
I have two searches, one search will produce icinga problem alerts and other search will produce icinga recovery alerts. I have two searches, one search will produce icinga problem alerts and other search will produce icinga recovery aler... by bmanikya Loves-to-Learn Everything in Splunk Search 07-29-2024 0 18	0	18
Query that that tracks multiple traffic flows between firewalls I was wondering if there was a query to track flows through multiple firewallsFor example I want to track the flowsou... by thebhattman New Member in Splunk Search 07-27-2024 0 1	0	1
Noob Question - Parsing JSON Hi,complete Splunk beginner here, so sorry it this is a stupid question.I'm trying to chart some data that I'm pullin... by ikoth Explorer in Splunk Search 07-27-2024 0 4	0	4
How to extract specific field values from Splunk query? Hello,My Splunk query returns the marks of students in the below format. User Subject ... by CuriousSplunky Loves-to-Learn Lots in Splunk Search 07-27-2024 0 4	0	4
Need to output 4 different queries to the same lookup daily, but have the data refresh every 24 hours. My org has millions of events coming in through firewalls.I had a 24 hour timeframe search take 12.5 hours to run. I ... by antoniolamonica SplunkTrust in Splunk Search 07-26-2024 0 4	0	4
Recursive sub-search I have 3 separate queries. I need to run them one after the other. 1. First query returns a field from each event tha... by rangarbus Path Finder in Splunk Search 07-26-2024 0 3	0	3
How to do arithmetic to stings that are converted to numbers? So I have the fields that I want to subtract. One is SequenceNumber_Comment (ex 211) and SequenceNumber_Withdrawal (... by sumarri Path Finder in Splunk Search 07-26-2024 0 2	0	2
Correlation search for authentication event Hello, I have to create a new correlation search looking for failed authentication to VPN. The rule should trigger if... by marco_massari11 Communicator in Splunk Search 07-26-2024 0 2	0	2
I need to get deviation of error count in two time frames Hi All , I am getting the logs from this query , But I need a query to get deviation of error count in two time per... by rajendar381 Loves-to-Learn Lots in Splunk Search 07-26-2024 0 8	0	8
Subtracting two fields I extracted 2 fields called 'Resp_time' and 'Req_time'...Both these fields are integers.I also changed the values to ... by sintjm Path Finder in Splunk Search 07-26-2024 0 6	0	6
Has anyone been able to figure out how to search indexed XmlWinEventLog sourcetype sample logs in the Ingest Action GUI? Has anyone been able to figure out how to search indexed XmlWinEventLog sourcetype sample logs in the Ingest Action G... by tjones130 Engager in Splunk Search 07-25-2024 1 3	1	3
Count elements from every percentile My target is not only show proper percentiles but also count elements in every precentile . So the first step I did i... by kp_pl Path Finder in Splunk Search 07-25-2024 0 3	0	3
Need to calculate % of a specific error I have a number of events in 2 category (CAT A and CAT B). There are successful events and failed events with differe... by Shahnoor Explorer in Splunk Search 07-25-2024 0 4	0	4