Splunk Search

Community Activity

I am running an import script for an interval of 5 mins to collect data from all sourcetypes and put it into a summary index. I have a situation where in the span of 10 mins there could be a possibility that we didn't get any data from one of ... by Gunjan92 Engager in Splunk Search 03-15-2020 1 2	1	2
command map not working Hi everyone Someone who has used the map command who can help me, I am trying to bind the username of the 12 hours be... by jrodriguezap Contributor in Splunk Search 03-15-2020 0 2	0	2
Count Dashboard for each ip based on traffic count Hi All, I am trying to build the query to get the website hits for each IP, there are 16 servers ip and wanted to ge... by ajay_semwal New Member in Splunk Search 03-15-2020 0 1	0	1
geostats name and status plot Hi every one. I want to show device names and their status (connected / disconnected) on the map. The color of point... by zinaalbaik New Member in Splunk Search 03-15-2020 0 1	0	1
Back-computation using table contents I have categories.csv that contains list of sub-categories in each category Category,Sub_category Biology,Botany Bio... by vigneshtv Explorer in Splunk Search 03-14-2020 0 5	0	5
Use the output of search A to refine results in search B I have 2 searches. Search A produces a table output of "UserIP" Search B produces a table output of "FailedDestina... by vmeleco New Member in Splunk Search 03-14-2020 0 7	0	7
Run Splunk query through excel I am new to Splunk and still learning.. I have more than 100 queries to run when asked during a daily activity and i... by splunk_learner_ New Member in Splunk Search 03-14-2020 0 3	0	3
Query not displaying any events User complained that following query is not displaying any events. index=main sourcetype=wms_oracle_sessions \| bucke... by pratapa Explorer in Splunk Search 03-14-2020 0 6	0	6
Programmatically parse random key name in json for subfield Data resembles this pattern. \| makeresults \| eval _raw="{\"foo\": [{\"randstring1\": {\"fqdn\" : \"ibar.example.c... by mmccul_fe Explorer in Splunk Search 03-14-2020 0 5	0	5
1multiple value field should again be further splited by a delimiter (output : 2 multivalue fields) for every single event. Query : index=systemdetails source=sytemdetails* Condition = 0 \| eval [ search index=systemdetails source=syte... by vn_g Path Finder in Splunk Search 03-14-2020 0 3	0	3
use timechart with dedup values I'm trying to count values of field in a time chart with every particular point of time using dedup. like this , inde... by kirrusk Communicator in Splunk Search 03-14-2020 0 1	0	1
Rex to get data between curly brackets I am struggling to fetch the data between curly brackets . Have tried multiple rex searches, however still not gettin... by bsaujla131984 Path Finder in Splunk Search 03-13-2020 0 3	0	3
Two searches and result showing only what is in first but not second search? I have 2 separate searches. search1 = 17 resultssearch2 = 20 results Key column that exists in both searches is "targ... by zaynaly Explorer in Splunk Search 03-13-2020 0 1	0	1
search help Hi, Can i run a search which specify that these type of logs are blocked in palo alto firewall by specific policy. ... by raje1 Engager in Splunk Search 03-13-2020 0 3	0	3
How to extract JSON data format using extract field in Splunk? Hi, I have JSON data format that send to Splunk as below: { "timestamp": "2020-03-12T18:18:48+00:00", "siteid": "CPM-... by matoulas Path Finder in Splunk Search 03-13-2020 0 9	0	9
Grouping _time Hello, I have this query \| loadjob savedsearch="myquery" \| where (strftime(_time, "%Y-%m-%d") >= "2020-02-26") A... by tahasefiani Explorer in Splunk Search 03-13-2020 0 5	0	5
Scheduler - high delay in dispatching Hi there. Should we have Indexers issue, or SearchHeads ones? We have many many many (more than 200) scheduled saveds... by verbal_666 Builder in Splunk Search 03-13-2020 0 5	0	5
How to Fill two different queries for a radio button with two values Hi Ninjas, I have a radio button with two values as STARTING job and RUNNING jobs. I have different query for each ... by pench2k19 Explorer in Splunk Search 03-13-2020 0 5	0	5
TERM command I want to search the whole term like shown below, why is it not working ? Do i need to remove the "<" and "//" ? Wha... by splunkuser2012 Engager in Splunk Search 03-13-2020 1 4	1	4
How to calculate max 3 cpu usage each day and when ran for last 7 days, It should show 21 max CPU usage The idea is to show up top 3 CPU Averages in a day for last 7 days. Query Using:- index=os sourcetype=ps host="Host... by tarunmalhotra79 Engager in Splunk Search 03-13-2020 0 2	0	2
Eval groupping Hello, This is my query \| loadjob savedsearch="myquery" \| where strftime(_time, "%Y-%m-%d") >= "2020-02-26" \| stat... by tahasefiani Explorer in Splunk Search 03-13-2020 0 4	0	4
YOY Analysis showing up until today's date Hi there! I created a hacky Splunk query for some YOY analysis I'm doing. I was wondering if there was a way to halt... by hollybross1219 Path Finder in Splunk Search 03-13-2020 0 2	0	2
Session duration calculates the wrong time (cant work out why) ............. \| rex field=user mode=sed "s/./ /g" \| eval user=lower(user) \| eval date_hour=strftime(_time, "%... by nathanluke86 Communicator in Splunk Search 03-13-2020 0 1	0	1
How to replace a field value in a static lookup in Splunk using Splunk search query Hello everyone! I have a static lookup which has two fields/columns State and tag. Default value of State is "Enable... by MousumiChowdhur Contributor in Splunk Search 03-13-2020 0 1	0	1
Dedup multiple fields into one list Hi! I'm trying to create a search that would return unique values in a record, but in one list. The search "basesear... by skirven Communicator in Splunk Search 03-13-2020 0 9	0	9