Splunk Search

Community Activity

Streamstats change state count Hi below is my sample data- Date State 29-05-20 01:00:00 On 29-05-20 01:10:00 Off 29-05-20 01:20:00 On 29-05-20 01... by ips_mandar Builder in Splunk Search 05-29-2020 0 2	0	2
How to create an alert for events that are not logged? Hi, I have a weird requirement where I am looking to create an alert using some specific conditions. My OS index gets... by Shashank_87 Explorer in Splunk Search 05-29-2020 0 2	0	2
How do i find common values between two different fields from two different sourcetypes??? Hi all, so the question looks pretty simple but i am not able to figure out the accurate answer. So i need to find th... by nikitha15 Explorer in Splunk Search 05-29-2020 0 3	0	3
Tstats datamodel combine three sources by common field. In an attempt to speed up long running searches I Created a data model (my first) from a single index where the sourc... by JDukeSplunk Builder in Splunk Search 05-29-2020 0 5	0	5
Can a group be defined based on a list of variables I have an xml file in a logging statement that I extracted 3 instances of the value . These values are correctly disp... by 3618475 Engager in Splunk Search 05-29-2020 0 1	0	1
How to generate pie chart for internal app usage? Hi All, I have logs from my SSO servers, where I need to show a few apps' usage with names and rest all other apps di... by kpavan Path Finder in Splunk Search 05-29-2020 0 1	0	1
Aggregate the column data i have a query that show the data in table form i have to merge the row Query : my search query \|\| timechart span=5m ... by bharat149 Explorer in Splunk Search 05-29-2020 0 1	0	1
How to search for events that have null values for a field? I have json log lines that sometimes contain a request object of the form {<!-- --> timestamp: ts_val, app: "my_app",... by abelnation Explorer in Splunk Search 05-29-2020 2 2	2	2
Rex question Hello everyone, I am trying to extract several “NEW” fields from a field and I am having trouble doing so. The field ... by garciajbg Explorer in Splunk Search 05-29-2020 0 4	0	4
How to club and display the results of two queries in a single dashboard Hi i am having two search queries with a difference of only the time range. I want to show the results of both the qu... by sudeep5689 Explorer in Splunk Search 05-29-2020 0 11	0	11
field extraction a specific match in a field Hello, I have an issue with this type of log : [5/22/20 14:46:23:381 GMT] 0000009c ThreadMonitor 3 UsageInfo[ThreadPo... by davidbarat New Member in Splunk Search 05-29-2020 0 3	0	3
Search for a string that occurs more than once I'm trying to search for a string that occurs more than once. But the string contains wildcards and commas. Which qu... by c799651 Explorer in Splunk Search 05-29-2020 0 3	0	3
Comparing even field with lookup field in tstats search? Hi all, I'm quite new so pardon my bad exposition, I'll try my best to explain what i'm trying to achieve. Can two fi... by loat01 New Member in Splunk Search 05-29-2020 0 2	0	2
Inconsistent search results when searching data from a renamed sourcetype. host= rbal index=winevent_s earliest=5/18/2020:7:3:0 latest=5/18/2020:7:5:0 sourcetype=WinEventLog OR sourcetype=XmlW... by rbal_splunk Splunk Employee in Splunk Search 05-28-2020 0 1	0	1
How to use timechart to show increase in recent 7 days hey, I cant use \|timechart count span=1d to calculate recent 8 days count, search result as follow: _time ... by bestSplunker Contributor in Splunk Search 05-28-2020 0 1	0	1
Using the field of first search in second search. Hi experts, Search 1: base search from JSON... \| eval col1=strptime(taken_date,"%b %d %Y %H:%M:%S") \| sta... by email2vamsi Explorer in Splunk Search 05-28-2020 0 1	0	1
How to split search results into separate lines instead of concatenating? Hi! I did a search like this: \| tstats summariesonly=t count from datamodel=XZY WHERE field_ip="192.168.101" OR fie... by qman Engager in Splunk Search 05-28-2020 0 3	0	3
Duplicate Extracted Fields (ingest through HEC) Hi, I am seeing duplicate extractions for events in my Splunk instance. To give a background, I have a couple forward... by mrstrozy Path Finder in Splunk Search 05-28-2020 0 4	0	4
How to exclude all days of one month from a time range? Here is the part of the search that I am working on, and trying to exclude certain numbers of days. However, where D... by chinmay25 Path Finder in Splunk Search 05-28-2020 0 2	0	2
In a JSON Payload, parse out \n to newline Hi! I'm trying to see if I can get a JSON Payload like this: {"log":"2020-05-28 06:52:34,671 GMT TRACE [com.xxx.oss.... by skirven Communicator in Splunk Search 05-28-2020 0 11	0	11
Indirect field reference I've got a lookup table with counts by date. This table is updated each night, and I would like to search by the date... by stephenmeyers Explorer in Splunk Search 05-28-2020 0 2	0	2
Confused on Time modifiers in Searches Hi, I must be missing something. I have a simple search using a time modifier: index=MyIndex earliest=-30m My e... by chrisboy68 Contributor in Splunk Search 05-28-2020 0 3	0	3
Salesforce logs are missing Hello I have recently lost Salesforce logging . Its been working just fine and nothing was changed from Splunk side... by Dandanos Engager in Splunk Search 05-28-2020 0 0	0	0
How to calculate diff of two values of same column I have a table: Month Transactions Mar 2000 April 3000 I want to display the difference of April - May and ... by sudeep5689 Explorer in Splunk Search 05-28-2020 0 2	0	2
Why am I getting error "File has no line endings" when trying to upload my lookup CSV file? Every time I try I try to upload my CSV, I receive the following message: Encountered the following error while tryi... by ashnet16 Path Finder in Splunk Search 05-28-2020 1 5	1	5