Splunk Search

Community Activity

How to generate pie chart for internal app usage? Hi All, I have logs from my SSO servers, where I need to show a few apps' usage with names and rest all other apps di... by kpavan Path Finder in Splunk Search 05-29-2020 0 1	0	1
Aggregate the column data i have a query that show the data in table form i have to merge the row Query : my search query \|\| timechart span=5m ... by bharat149 Explorer in Splunk Search 05-29-2020 0 1	0	1
How to search for events that have null values for a field? I have json log lines that sometimes contain a request object of the form {<!-- --> timestamp: ts_val, app: "my_app",... by abelnation Explorer in Splunk Search 05-29-2020 2 2	2	2
Rex question Hello everyone, I am trying to extract several “NEW” fields from a field and I am having trouble doing so. The field ... by garciajbg Explorer in Splunk Search 05-29-2020 0 4	0	4
How to club and display the results of two queries in a single dashboard Hi i am having two search queries with a difference of only the time range. I want to show the results of both the qu... by sudeep5689 Explorer in Splunk Search 05-29-2020 0 11	0	11
field extraction a specific match in a field Hello, I have an issue with this type of log : [5/22/20 14:46:23:381 GMT] 0000009c ThreadMonitor 3 UsageInfo[ThreadPo... by davidbarat New Member in Splunk Search 05-29-2020 0 3	0	3
Search for a string that occurs more than once I'm trying to search for a string that occurs more than once. But the string contains wildcards and commas. Which qu... by c799651 Explorer in Splunk Search 05-29-2020 0 3	0	3
Comparing even field with lookup field in tstats search? Hi all, I'm quite new so pardon my bad exposition, I'll try my best to explain what i'm trying to achieve. Can two fi... by loat01 New Member in Splunk Search 05-29-2020 0 2	0	2
Inconsistent search results when searching data from a renamed sourcetype. host= rbal index=winevent_s earliest=5/18/2020:7:3:0 latest=5/18/2020:7:5:0 sourcetype=WinEventLog OR sourcetype=XmlW... by rbal_splunk Splunk Employee in Splunk Search 05-28-2020 0 1	0	1
How to use timechart to show increase in recent 7 days hey, I cant use \|timechart count span=1d to calculate recent 8 days count, search result as follow: _time ... by bestSplunker Contributor in Splunk Search 05-28-2020 0 1	0	1
Using the field of first search in second search. Hi experts, Search 1: base search from JSON... \| eval col1=strptime(taken_date,"%b %d %Y %H:%M:%S") \| sta... by email2vamsi Explorer in Splunk Search 05-28-2020 0 1	0	1
How to split search results into separate lines instead of concatenating? Hi! I did a search like this: \| tstats summariesonly=t count from datamodel=XZY WHERE field_ip="192.168.101" OR fie... by qman Engager in Splunk Search 05-28-2020 0 3	0	3
Duplicate Extracted Fields (ingest through HEC) Hi, I am seeing duplicate extractions for events in my Splunk instance. To give a background, I have a couple forward... by mrstrozy Path Finder in Splunk Search 05-28-2020 0 4	0	4
How to exclude all days of one month from a time range? Here is the part of the search that I am working on, and trying to exclude certain numbers of days. However, where D... by chinmay25 Path Finder in Splunk Search 05-28-2020 0 2	0	2
In a JSON Payload, parse out \n to newline Hi! I'm trying to see if I can get a JSON Payload like this: {"log":"2020-05-28 06:52:34,671 GMT TRACE [com.xxx.oss.... by skirven Communicator in Splunk Search 05-28-2020 0 11	0	11
Indirect field reference I've got a lookup table with counts by date. This table is updated each night, and I would like to search by the date... by stephenmeyers Explorer in Splunk Search 05-28-2020 0 2	0	2
Confused on Time modifiers in Searches Hi, I must be missing something. I have a simple search using a time modifier: index=MyIndex earliest=-30m My e... by chrisboy68 Contributor in Splunk Search 05-28-2020 0 3	0	3
Salesforce logs are missing Hello I have recently lost Salesforce logging . Its been working just fine and nothing was changed from Splunk side... by Dandanos Engager in Splunk Search 05-28-2020 0 0	0	0
How to calculate diff of two values of same column I have a table: Month Transactions Mar 2000 April 3000 I want to display the difference of April - May and ... by sudeep5689 Explorer in Splunk Search 05-28-2020 0 2	0	2
Why am I getting error "File has no line endings" when trying to upload my lookup CSV file? Every time I try I try to upload my CSV, I receive the following message: Encountered the following error while tryi... by ashnet16 Path Finder in Splunk Search 05-28-2020 1 5	1	5
How do I use the rex field to extract the last digit from the time value in my sample data? [2015-11-05 00:48:03,058] [/172.21.21.171:57533] [K123456789] created event: 8 How do I use rex field to extract ju... by aramakrishnan New Member in Splunk Search 05-28-2020 0 2	0	2
Convert Seconds To Hours, Minutes, Seconds and Milliseconds Hi, I wonder whether someone may be able to help me please. Using a solution I found here I'm converting a field wh... by IRHM73 Motivator in Splunk Search 05-28-2020 0 17	0	17
How to set up search so that the events tab matches the logs corresponding to the statistics tab? I've got the following search to identify when a user has more than 20 auth failures. I'm trying to find a way to re... by gnoriega Explorer in Splunk Search 05-28-2020 0 6	0	6
Fetch the last 30 days values based on date value from a field. Hi Experts, In this search i want to fetch results only from last 30 days to current. taken_date is one of the field... by email2vamsi Explorer in Splunk Search 05-28-2020 0 5	0	5
Issues adding columns from a subsearch My first subsearch – and its not going well. I have two queries I need to combine to get a single results table. My... by gavinsopra Engager in Splunk Search 05-28-2020 0 4	0	4