Splunk Search

Community Activity

	How to save search query in a file in Splunk Dashboard Hi , I have a requirement where I want to save the search query after the query has run to a file. Basically i want... by sambit_kabi Path Finder in Splunk Search 05-18-2020 0 1	0	1
	How to calculate Average and Peak day for last 3 months Hi, Is there a simple query to calculate the average and peak day count for last 3 months? For example let's say 3 mo... by Shashank_87 Explorer in Splunk Search 05-18-2020 0 1	0	1
	Transaction on unique field reduces events? Hello, I don't understand the following behaviour and am looking for a solution. The following example is somewhat si... by salokin_ Engager in Splunk Search 05-18-2020 0 1	0	1
	Join 2 lookups match fields Hello, I am looking to join 2 lookups and match the field "AccountName" from lookup1 with user field in lookup 2. I... by nathanluke86 Communicator in Splunk Search 05-18-2020 0 4	0	4
	How to get specified events from 2 indices. SITUATION:- I use indices "A" and "B" to come to answer the same question but for different environments.- Each index... by jsven7 Communicator in Splunk Search 05-18-2020 0 2	0	2
	List of users who searched data of an index How to get users(SAML authenticated) list who searched for data under particular index(_internal) in the last 24hrs. by svelagala Loves-to-Learn in Splunk Search 05-18-2020 0 8	0	8
	Primary search is suppressing results to secondary search . Hi Experts, I am trying to find a string pattern "a word" in the primary search from source="123.log" and then from ... by mukulraghuram New Member in Splunk Search 05-18-2020 0 3	0	3
	Search for field Link if it changed its value and when it changed Date="8 May 2020" Link="X" Status="UP" Date="9 May 2020" Link="Y" Status="DOWN" Date="10 May 2020" Link="X" Status="U... by atulitm Path Finder in Splunk Search 05-18-2020 0 0	0	0
	Regex throwing Mismatch Mismatched ']' in search I am a beginner for Regex and Splunk. I am trying to use regular expression generated during field extraction in onli... by Manoshanni New Member in Splunk Search 05-18-2020 0 10	0	10
	How to only list the columns containing a fail value I want to display the events having a FAIL value in any of the columns. For Eg : Please help me on this! by rajkumarwipro New Member in Splunk Search 05-18-2020 0 3	0	3
	How to do main search with same time frame of each result of subsearch Need to find out suspicious IPs and count of hits (sub search)use those IPs and do outer search in same time frame of... by hariram159 Explorer in Splunk Search 05-18-2020 0 18	0	18
	Search for variable Link value which changed and when it changed Date="8 May 2020" Link="X" Status="UP"Date="9 May 2020" Link="Y" Status="DOWN"Date="10 May 2020" Link="X" Status="UP"... by atulitm Path Finder in Splunk Search 05-18-2020 0 9	0	9
	Extreme Search Permission Issue Why i can't edit the correlation search or using search in splunk by extreme search such as:exwhere The error (Unknow... by chiholeo New Member in Splunk Search 05-18-2020 0 0	0	0
	Xaxis values not Visible while using transpose command in a query Hi, Please help, I want to get the xaxis values in a bar chart. In the image attached, i have a query which doesnot ... by sarithapguptha Engager in Splunk Search 05-17-2020 0 0	0	0
	How to convert large epoch time to hours minutes and seconds ? I want to get the result of large epoch time to hours minutes and seconds. Ex: Epoch time : 9386717.000000 Ho... by patra966 Path Finder in Splunk Search 05-17-2020 0 3	0	3
	How to search for a pattern in logs using regex or rex I have following lines in logs 1 ADM.ADMX policies Found ADM/ADMX policies How do I search to filter only 1 ADM/ADM... by srinivas0704 New Member in Splunk Search 05-17-2020 0 8	0	8
	Is there a way to have Splunk recognize the nested JSON at index time? I have the following nested JSON logs: {"statementData": {"overview": [{"value": 19.7780744265071, "dataCode": "rps... by aliquori New Member in Splunk Search 05-17-2020 0 5	0	5
	Extract with PairDelim KeyDelim I have the following data in csv format: date,year,quarter,statementType,dataCode,value 2020-03-31,2020,1,balanceShe... by aliquori New Member in Splunk Search 05-17-2020 0 5	0	5
	How to read content of refreshed csv file via lookup Hi, i have configured a csv lookup in splunk. Now i want to change the content of csv file so that it gets updated in... by sudeep5689 Explorer in Splunk Search 05-17-2020 0 3	0	3
	how to search based on optional text fields? I have couple of text boxes (Tracking no and Track Type) in my bashboard and both are optional. <fieldset submitBut... by rarangarajanspl Explorer in Splunk Search 05-17-2020 0 1	0	1
	Question about not standard source type Hi to all, I'm new to the splunk use and I have an issue with a software that write logs in a non standard way (of my... by glm_cybaze Engager in Splunk Search 05-16-2020 0 5	0	5
	Are there any restrictions for the transaction command which are specified in limits.conf? Our transaction period can cover five to six days covering sessions by users connected to the company's network. Are ... by danielbb Motivator in Splunk Search 05-16-2020 0 6	0	6
	How to search through the logs and display the result accordingly in eval I have to search for three statements in logs 1)CLI 2)ADM 3)GPO How do I search for this and display which one of the... by srinivas0704 New Member in Splunk Search 05-16-2020 0 2	0	2
	Dispatch Alert Question all, I am getting a dispatch count alert . Indexers and search heads have plenty of RAM, CPU and IO is almost nothi... by daniel333 Builder in Splunk Search 05-16-2020 0 3	0	3
	what are the query to use by lookup an IP information like country only for source_IP and destination_IP in your search? what are the query to use by lookup an IP information like country only for source_IP and destination_IP in your sear... by pacifikn Communicator in Splunk Search 05-16-2020 0 1	0	1