Splunk Search

Community Activity

How to define time in earliest and latest? Hi All, I want to fetch the results of this Monday, Last Monday, last to last Monday, the before Monday. I tried this... by marisstella Explorer in Splunk Search 05-16-2020 0 4	0	4
How to calculate the delta for same event for time difference of 7 days and alert if delta is more than 5% My Search has the below format data. A single host has multiple parameters consists of LED 1..to.20 for each TV and ... by pkumar2 Explorer in Splunk Search 05-16-2020 0 6	0	6
How can I create a search for any host sending excessive logs in compare to last hour Please help me to create a search, where I need to detect any anomaly of any host sending excessive logs with compare... by rahul_mckc_splu Loves-to-Learn in Splunk Search 05-16-2020 0 2	0	2
Looking for disconnection events that do NOT have a matching reconnection event The context: We have an integration between a tool and AD using agents. Every so often, the tool reports that the age... by CMSchelin Path Finder in Splunk Search 05-15-2020 0 1	0	1
How to handle sub-search with no results and error in search command: "Unable to parse the search"? Why am I not getting results from this search? Error in 'search' command: Unable to parse the search: Comparator '=' ... by amerineni Loves-to-Learn in Splunk Search 05-15-2020 0 2	0	2
how to combine 2 rows into 1 in a statistic results (table) ? Hi everyone, I would like to know if there is any way to merge or combine the results of two or more rows into one si... by jjofret Explorer in Splunk Search 05-15-2020 0 4	0	4
How to calculate the percentage and create an alert condition that triggers for a drop of 5%. My Search has the below format data. A single host has multiple parameters consists of LED 1..to.20 for each TV and ... by pkumar2 Explorer in Splunk Search 05-15-2020 0 9	0	9
How to post a bulletin message that is visible for everyone via Splunk WebUI? I am trying to post a bulletin message via the Splunk WebUI. Strangely enough it does not seem to be visible to anyon... by jthunnissen Path Finder in Splunk Search 05-15-2020 0 5	0	5
Splunk Alert when search result drop below defined threshold possibile? Hello fellow splunkers, i want to create an alert for the following search. The search creates a statistics matrix wh... by vessev Path Finder in Splunk Search 05-15-2020 1 6	1	6
How to chart total runtime for the last 15 days for a job running overnight? I have to report out my job logs which spans from night 9PM to Morning 10AM. I have a field called total_run_time an... by sjafferali Explorer in Splunk Search 05-15-2020 0 1	0	1
Is it possible to extract the field name itself from the logs I have a data source where the log format is the same but one attribute changes for various logs. I want to extract t... by anubhp New Member in Splunk Search 05-15-2020 0 3	0	3
Difference in columns as output of 2 different searches Hello , I have data from 2 diff source with same fields as shown below : index= sourcetype= source= test.txt device... by atulitm Path Finder in Splunk Search 05-15-2020 0 2	0	2
Bar + line in chart? I have two types of events, where the important data looks like this: [ { "acknowledged": false, "time": 1... by robingg New Member in Splunk Search 05-15-2020 0 2	0	2
Calculating 5xx error and getting alerted Hi all, Well i have a data and i want to get alerted when we hav spike in 5xx errors corresponding to endpoints. All... by ksharma7 Path Finder in Splunk Search 05-14-2020 0 4	0	4
How can I count which different lines My Data as followingAA \|\| Disabled \|\| Region11@abc.com \|\| Yes \|\| HK12@abc.com \|\| No \|\| US13@abc.com \|\| No \|\| US14@abc... by keyu921 Explorer in Splunk Search 05-14-2020 0 1	0	1
how to match value in events using Rex Hi experts, please help me with regular expression to match the value in each event at search time as shown below ... by james_n Path Finder in Splunk Search 05-14-2020 0 4	0	4
Re design fields and values I have fields as shown below: _time field1 field2 2020-05-12 40-35-32 ... by Muwafi Path Finder in Splunk Search 05-14-2020 0 2	0	2
sort not working as expected I used the following query where I used '-' just beside "Total bytes" without space. As per my understanding, if we h... by palisetty Communicator in Splunk Search 05-14-2020 0 4	0	4
Help with segmenters.conf search. I tried to segment the log below using \s but it does not work, even after modifying segmenters.conf and props.conf.... by khalidewaidah Explorer in Splunk Search 05-14-2020 0 0	0	0
o365:management:activity field extractions Has anyone had any success writing field extractions for O365 based events collected via the API? The messages that ... by adalbor Builder in Splunk Search 05-14-2020 0 4	0	4
How to get list of users for specific search,How to get list of users for message Hi All, I am very new to splunk, wanted to get the list unique users for below criteria. I need query to get the ac... by rajawccm16 Engager in Splunk Search 05-14-2020 0 3	0	3
Separate multiple same name Multivalue fields We are trying to alert on O365 service messages data. Under the "Messages" multivalue field, we are trying to pull th... by joeybroesky Path Finder in Splunk Search 05-14-2020 0 4	0	4
How to restrict one group to see only 1 log file in Splunk I have the following from a client: I was about to make is for a new AD group “Splunk_CAPS_CAS_Payments” so that they... by nls7010 Path Finder in Splunk Search 05-14-2020 0 2	0	2
how to add a new column to existing inputlookup Hi Experts, Hi have existing inputlookup file like test.csv which contains 3 fields like host source sourcetype, i w... by james_n Path Finder in Splunk Search 05-14-2020 0 1	0	1
How to do log analysis using splunk I am working on approach to upload logs to splunk,I have set of queries to query in logs and extract the values.How t... by srinivas0704 New Member in Splunk Search 05-14-2020 0 11	0	11