Splunk Search

Community Activity

Conditional Rex Extraction with multiple extractions I have events with large strings of text being output per event Sample Text: {"userDetails":{"uuid": "Lots of diffe... by brajaram Communicator in Splunk Search 01-17-2020 0 11	0	11
use if else to run different rex There is a field JOB_NAME. i want to extract this field contents using an IF statement. If JOB_NAME=TEST then some r... by iamniks Explorer in Splunk Search 01-17-2020 1 2	1	2
Conditional statements based on metric trends This may actually be 2 questions, but I have 3 metrics I'd like to compare based on how they're trending. So...... ... by winknotes Path Finder in Splunk Search 01-17-2020 0 3	0	3
How to covert Date and Time with timezone display? HI All, My name group extracts date time filed in the below format E.g: 21/Jan/2019 09:35:25 UTC I would like to c... by mail2uharishp Observer in Splunk Search 01-17-2020 0 6	0	6
Can anyone please tell me how to make a matrix for the below Required Output : • Matrix: Total Findings by Assessment Group by Engage, Title Fields - Engage - Title - Tota... by dtccsundar Path Finder in Splunk Search 01-17-2020 0 9	0	9
cohorting with fixed first event dates morning all, I am struggling with the logic around doing this. I am trying to run a report from 01/01/2018 to toda... by stephenreece New Member in Splunk Search 01-17-2020 0 2	0	2
Transforms.conf regex performance I am trying to capture the logging of any martian packets on a Linux system, so I decided to set a monitor in /var/lo... by ricotries Communicator in Splunk Search 01-17-2020 1 9	1	9
How to list matches of a search using lookup values Hi! I have create a search that uses a dynamic lookup to find events in some index looking at the raw: ............... by dugalle New Member in Splunk Search 01-17-2020 0 4	0	4
Regex with Line break while pushing data into splunk Hello Team, Could you please help to parse this data while pushing this in source type data into splunk. Issue is i... by mailtosnsolutio Explorer in Splunk Search 01-16-2020 0 2	0	2
Count is incorrect Trying to write a simple query in Splunk 7.0. The idea is that it would count all the unique ip addresses based on a... by TitanAE New Member in Splunk Search 01-16-2020 0 2	0	2
What command is used for trying to identify anomaly logons from common users? Is there a website on Splunk docs that describe interesting fields and what each field is about? What command can I... by keldridg2 New Member in Splunk Search 01-16-2020 0 3	0	3
Event and Statistics not the same- Geostats When I perform a search, the "events tab" count match actual data. Once I add "\| geostats latfield=Latitude longfield... by Becherer Explorer in Splunk Search 01-16-2020 0 3	0	3
Can I use splunkjs charts in an app outside of Splunk to display external data (not to be imported into Splunk)? I'm wondering if it is possible to use the chart visualizations from splunkjs to display data that is neither in Splu... by pgoldweic Communicator in Splunk Search 01-16-2020 0 0	0	0
Lookup fails unless using a table The query below produces the results expected, but if I remove the "table PSID" section (bolded) it fails, saying 22 ... by klhogan New Member in Splunk Search 01-16-2020 0 2	0	2
How to show count of events by host as well as total count (both per minute in same search) How to show count of events by host as well as total count (both per minute in same search) by sahil237888 Path Finder in Splunk Search 01-16-2020 0 1	0	1
How can I get the Splunk Python SDK API to return results faster than 100 kB per second? How can I get the splunk SDK API to return results faster than 100 kB / second? Some context: I am trying to create ... by nikos_d Explorer in Splunk Search 01-16-2020 3 3	3	3
How to create a more efficient sitimechart for distinct count? When using index=blah \| sitimechart dc(field1) by field2 It saves every single element for field1 concatenated into a... by pr0n Explorer in Splunk Search 01-16-2020 0 3	0	3
FIPS and Splunk Compatibility I have inherited a Splunk Enterprise and FIPS is on for about half of the environment. My experience has always been ... by plymalebl Explorer in Splunk Search 01-16-2020 2 0	2	0
How to filter out results from splunk search from a set criteria.? I have a raw the i extract and filter and table them according to Country _raw [{"Conutry":"America","State":"Nevada... by NayneshPatel New Member in Splunk Search 01-16-2020 0 2	0	2
compare current hour and previous hour value in search and find difference ? I want to compare current top of an hour value with previous top of an hour value. For e.g. between 9 am to 10 am - g... by pgadhari Builder in Splunk Search 01-15-2020 0 9	0	9
How to combine two different time source fields into _time Dears; how can I combine Date/Time of two different source as follow; CSV-01(pic-1) and CSV-02(pic-2) input in spl... by kaungset New Member in Splunk Search 01-15-2020 0 6	0	6
Lookup slowing performance ways to optimize Hi , I have the following search query that lookups definition file TeamsLookupDef which has 200 mappings between ap... by msrama5 Explorer in Splunk Search 01-15-2020 0 3	0	3
for each column return max value and row key value Hello, I have SPL search that returns output in the following format: Device K1 K2 K3 A x1 y1 z1 B ... by wsabry New Member in Splunk Search 01-15-2020 0 4	0	4
while using streamstats avg(daycount) the resulting stats are out of order My current search string looks like this: index=cisco host=cr0* OR host=SC0* \| stats count as daycount by date_month... by caseygj Explorer in Splunk Search 01-15-2020 0 4	0	4
Data Model: TStats time-functions get latest NOT NULL Hi, I'm having trouble retrieving my fields from an accelerated data model. The main problem is that most of the fie... by hbrandt84 Path Finder in Splunk Search 01-15-2020 0 2	0	2