Splunk Search

Community Activity

Rex to get data between curly brackets I am struggling to fetch the data between curly brackets . Have tried multiple rex searches, however still not gettin... by bsaujla131984 Path Finder in Splunk Search 03-13-2020 0 3	0	3
Two searches and result showing only what is in first but not second search? I have 2 separate searches. search1 = 17 resultssearch2 = 20 results Key column that exists in both searches is "targ... by zaynaly Explorer in Splunk Search 03-13-2020 0 1	0	1
search help Hi, Can i run a search which specify that these type of logs are blocked in palo alto firewall by specific policy. ... by raje1 Engager in Splunk Search 03-13-2020 0 3	0	3
How to extract JSON data format using extract field in Splunk? Hi, I have JSON data format that send to Splunk as below: { "timestamp": "2020-03-12T18:18:48+00:00", "siteid": "CPM-... by matoulas Path Finder in Splunk Search 03-13-2020 0 9	0	9
Grouping _time Hello, I have this query \| loadjob savedsearch="myquery" \| where (strftime(_time, "%Y-%m-%d") >= "2020-02-26") A... by tahasefiani Explorer in Splunk Search 03-13-2020 0 5	0	5
Scheduler - high delay in dispatching Hi there. Should we have Indexers issue, or SearchHeads ones? We have many many many (more than 200) scheduled saveds... by verbal_666 Builder in Splunk Search 03-13-2020 0 5	0	5
How to Fill two different queries for a radio button with two values Hi Ninjas, I have a radio button with two values as STARTING job and RUNNING jobs. I have different query for each ... by pench2k19 Explorer in Splunk Search 03-13-2020 0 5	0	5
TERM command I want to search the whole term like shown below, why is it not working ? Do i need to remove the "<" and "//" ? Wha... by splunkuser2012 Engager in Splunk Search 03-13-2020 1 4	1	4
How to calculate max 3 cpu usage each day and when ran for last 7 days, It should show 21 max CPU usage The idea is to show up top 3 CPU Averages in a day for last 7 days. Query Using:- index=os sourcetype=ps host="Host... by tarunmalhotra79 Engager in Splunk Search 03-13-2020 0 2	0	2
Eval groupping Hello, This is my query \| loadjob savedsearch="myquery" \| where strftime(_time, "%Y-%m-%d") >= "2020-02-26" \| stat... by tahasefiani Explorer in Splunk Search 03-13-2020 0 4	0	4
YOY Analysis showing up until today's date Hi there! I created a hacky Splunk query for some YOY analysis I'm doing. I was wondering if there was a way to halt... by hollybross1219 Path Finder in Splunk Search 03-13-2020 0 2	0	2
Session duration calculates the wrong time (cant work out why) ............. \| rex field=user mode=sed "s/./ /g" \| eval user=lower(user) \| eval date_hour=strftime(_time, "%... by nathanluke86 Communicator in Splunk Search 03-13-2020 0 1	0	1
How to replace a field value in a static lookup in Splunk using Splunk search query Hello everyone! I have a static lookup which has two fields/columns State and tag. Default value of State is "Enable... by MousumiChowdhur Contributor in Splunk Search 03-13-2020 0 1	0	1
Dedup multiple fields into one list Hi! I'm trying to create a search that would return unique values in a record, but in one list. The search "basesear... by skirven Communicator in Splunk Search 03-13-2020 0 9	0	9
Why is Splunk 6.5.1 not able to search when event has data with delimiter ~ while field extraction is working as expected? Why is Splunk 6.5.1 not able to search when event has data with delimiter ~, while field extraction is working as exp... by NeerajDhapola7 Path Finder in Splunk Search 03-12-2020 0 5	0	5
How to use value of one search and get more details about the value from another search Example: Fetch VPN user details from one search and use the username to get details like email addresses from anothe... by maggiesa New Member in Splunk Search 03-12-2020 0 1	0	1
How do I display the date in my report with the the data ? I am trying get the max count for the yesterday's but along with this i need to display the date in the report for ye... by pradeepk50 Loves-to-Learn in Splunk Search 03-12-2020 0 10	0	10
Acquisition method of difference of count number Hi all, how to get difference after using chart command. I did this command. \| eval year=strftime(X,"%y") \| eval ... by pipipipi Path Finder in Splunk Search 03-12-2020 0 1	0	1
How to compute the total time spent from splunk timestamp I have IIS events which looks like below. looking to compute the total time taken from the splunk timestamp..which in... by MOHITJOSHI Engager in Splunk Search 03-12-2020 0 4	0	4
Issue With Date Range I am having a problem using a date range. If I run the search below it returns 2 events and a count of 496 index="t... by liberty5 Explorer in Splunk Search 03-12-2020 0 11	0	11
Creating a timechart for a query with percentages and a join. I am trying to create a timechart for a query that returns a count for a set of products that where it's lifecycle st... by clehw Explorer in Splunk Search 03-12-2020 0 7	0	7
Why is the following search that contains "field=" not retuning results unless I use a wildcard? Running into a strange issue that I, nor my Splunk admins, can figure out. We have a filed extraction called "Servic... by cjmckenna New Member in Splunk Search 03-12-2020 0 15	0	15
Create a table based on values from two JSON payloads Hi I've two different payloads returned from my search and I need to create a table from values extracted from the pa... by charan986 Engager in Splunk Search 03-12-2020 0 7	0	7
dedup problem Hello, This is my query with " dedup Matricule" index=juniper_vpn (ID=AUT22673 OR ID=AUT24803) ......67 \| eval sr... by numeroinconnu12 Path Finder in Splunk Search 03-12-2020 0 3	0	3
データのモニター設定で取り込まれないデータの追加で、モニターでディレクトリ指定にしています。指定したフォルダの中には、同一構成の日付ごとのデータが数か月分格納されています。インポートを終えて、検索をするのですが、sourceを見ると全ファイルが取り込まれていません... by tonakano Engager in Splunk Search 03-12-2020 0 1	0	1