Splunk Search

Community Activity

Splunk table get values smaller than 4 months Hello, I have the below query which works fine: {My search} \| rename user_id as User \| stats max(asctime) as "Last ... by anouar_jben Explorer in Splunk Search 03-05-2020 0 5	0	5
How to calculate percentage increase/decrease for indexes per day? How would I calculate the percentage increase/decrease, for indexes on a per-day basis? Thx by jwalzerpitt Influencer in Splunk Search 03-05-2020 1 8	1	8
How to pull a report of application log where DEBUG level log is enabled Hi, is there anyway to pull a report to get the data of log where DEBUG level log is enabled, based on the index and... by iqbalintouch Path Finder in Splunk Search 03-04-2020 0 0	0	0
Question on role creation for editing xml i would like one user to edit xml code or change query on the panels/dashboard of his app alone. what is the capabil... by jiaqya Builder in Splunk Search 03-04-2020 0 2	0	2
Help on fields command which doesnt works hi I use the search below in order to count the number of degradation by model This search is a scheduled search and... by jip31 Motivator in Splunk Search 03-04-2020 0 11	0	11
Alternative Join command for comparinga field with subsearch Hi, I have given a query to return me a list of details as below , however the results for all of 30 days are not pop... by Jayanthi6397 New Member in Splunk Search 03-04-2020 0 4	0	4
How to trim white spaces in events in search time Hi, i have an event having white spaces in between i want to trim it the data is coming from db connect i don't ha... by vikram1583 Explorer in Splunk Search 03-04-2020 0 1	0	1
how to make the search in ascending order? HI , I have a log file where it has a sequence of activity of users. I am trying to parse that log. Splunk is parsing... by sajoseph Explorer in Splunk Search 03-04-2020 3 3	3	3
Find accounts with lastlogon older than X days Hi, I have built out an AD inputlookup that includes lastlogon dates. When I attempt to find only those users with ... by heidihart Engager in Splunk Search 03-04-2020 0 3	0	3
rex over multiple lines Dear all, hope to find here some help. I've tried now several things including searching in the answers here but don... by tbasima1 Explorer in Splunk Search 03-04-2020 1 11	1	11
Splunk where not query returning incorrect results Hello, I have the following where not query returning rows that exists in sub search, following is the query environm... by msrama5 Explorer in Splunk Search 03-04-2020 0 3	0	3
Data loss for a period of time Hi all! Ive got a strange problem with data loss,but not all - its just for a peroid of time. Here is example of m... by moskalenkoas New Member in Splunk Search 03-04-2020 0 1	0	1
Show increasing values with dropoff I have a data set similar to the following: "_time",source,increment "2020-02-26","third", "2020-02-25","third","yes... by jlieberg Engager in Splunk Search 03-04-2020 0 2	0	2
Splunk query to get top sorcetypename=kubernetes_logs, devided by services (or namespaces) Hi there! I need a query, that will show me Top Sourcetype Sizes by Day, where sourcetype=kubernetes_logs, and the ku... by alekseisaiko Path Finder in Splunk Search 03-04-2020 0 3	0	3
Simple search with eval. Why is no table shown? Here is the search: index=* sourcetype=Vectra-CEF vendor="Vectra Networks" cat!="HOST SCORING" \|eval check_cat=case(... by alex1895 Path Finder in Splunk Search 03-04-2020 0 8	0	8
xml field extraction with a twist Data example: <Asset href="/company/rest-1.v1/Data/Story/2530981/6709286" id="Story:2530981:6709286"><Attribute name... by manderson7 Contributor in Splunk Search 03-04-2020 0 6	0	6
How can I sum several dates that are in a single field? I need to sum several dates that are on a single field to then divide it with another field to get an average date. D... by franciscof Explorer in Splunk Search 03-04-2020 0 1	0	1
How can I perform a basic math operation between two fields? I need to perform a subtraction between two date fields in order to get a specific age. How can I do this? by franciscof Explorer in Splunk Search 03-04-2020 0 2	0	2
lookup file with a mix of ranges of IP and unique IP Hi all I use a lookup file with a mix of ranges of IP and unique IP to count events of login My file is like this ... by faribole Path Finder in Splunk Search 03-04-2020 0 1	0	1
How to convert now() into strptime? Does anyone knows how to do this? Im having a trouble with this convertion. Thanks in advance by franciscof Explorer in Splunk Search 03-04-2020 0 4	0	4
help on lost event with join command helloI use the search below in order to monitore the last reboot and the last logon date `LastLogonBoot` \| eval Syst... by jip31 Motivator in Splunk Search 03-04-2020 0 4	0	4
Regex: skipping or jumping over segments for field extraction Hey there! I am wondering if it is possible to create a regex for field extration which extracts a string, but at th... by Bastelhoff Path Finder in Splunk Search 03-04-2020 0 6	0	6
How to get most recent results based on field value? Hi, I'm trying to get the results based on recent field value. How to filter the events with the most recent scan d... by vikram1583 Explorer in Splunk Search 03-03-2020 0 1	0	1
Search 2 date fields and find amount of days minus weekend days Hello, I need to formulate a search there I have 2 date fields one is START_TIME 2020-02-28 19:19:58.0 other field is... by nathbe01 Explorer in Splunk Search 03-03-2020 0 1	0	1
How can I count mv fields by type? My data looks like: { parent_id: 1 child_info: [ { id: 123, status: "PA... by akshaysaraf Explorer in Splunk Search 03-03-2020 0 6	0	6