Splunk Search

Community Activity

Match by rex field in subsearch I have one log like: log1 tid=,"tid":"abcd"; And another log like: log2 userid=11 tid=abcd I want to get the count ... by infcl Explorer in Splunk Search 01-18-2020 0 8	0	8
How to add the trigger time to loadjob? Hello, I am trying to pull out the last 24 hours worth of results for an alert using loadjob, with the following se... by lwass Explorer in Splunk Search 01-18-2020 0 3	0	3
How to search using Java? HI, I am able to use curl command as create search job and exuecte the result by sid but not able to convert curl cal... by sachinrathod New Member in Splunk Search 01-18-2020 0 1	0	1
show two different times for object per date I am trying to extract 2 different time from extend event logs 1. Processing time taken by Server. ( "Finished proces... by dpatiladobe Explorer in Splunk Search 01-17-2020 0 1	0	1
Splunk: Query not returning all columns Hello, For some reason, my search is not returning all of the columns that I'd like to include in my search. It's... by itsmevic Communicator in Splunk Search 01-17-2020 0 3	0	3
Search for data in different indexes and only return data is ip filed is same in both index=notable \|rename src as ip \| stats count by ip \| JOIN type=inner ip [search index="abcd" "tags.Dev:"cluster1 OR... by jrprez1804 Path Finder in Splunk Search 01-17-2020 0 3	0	3
Rename & Lookup I'm selecting data from two sourcetypes. There is a field in each sourcetype that is the same, but named differently ... by hollybross1219 Path Finder in Splunk Search 01-17-2020 0 8	0	8
Conditional Rex Extraction with multiple extractions I have events with large strings of text being output per event Sample Text: {"userDetails":{"uuid": "Lots of diffe... by brajaram Communicator in Splunk Search 01-17-2020 0 11	0	11
use if else to run different rex There is a field JOB_NAME. i want to extract this field contents using an IF statement. If JOB_NAME=TEST then some r... by iamniks Explorer in Splunk Search 01-17-2020 1 2	1	2
Conditional statements based on metric trends This may actually be 2 questions, but I have 3 metrics I'd like to compare based on how they're trending. So...... ... by winknotes Path Finder in Splunk Search 01-17-2020 0 3	0	3
How to covert Date and Time with timezone display? HI All, My name group extracts date time filed in the below format E.g: 21/Jan/2019 09:35:25 UTC I would like to c... by mail2uharishp Observer in Splunk Search 01-17-2020 0 6	0	6
Can anyone please tell me how to make a matrix for the below Required Output : • Matrix: Total Findings by Assessment Group by Engage, Title Fields - Engage - Title - Tota... by dtccsundar Path Finder in Splunk Search 01-17-2020 0 9	0	9
cohorting with fixed first event dates morning all, I am struggling with the logic around doing this. I am trying to run a report from 01/01/2018 to toda... by stephenreece New Member in Splunk Search 01-17-2020 0 2	0	2
Transforms.conf regex performance I am trying to capture the logging of any martian packets on a Linux system, so I decided to set a monitor in /var/lo... by ricotries Communicator in Splunk Search 01-17-2020 1 9	1	9
How to list matches of a search using lookup values Hi! I have create a search that uses a dynamic lookup to find events in some index looking at the raw: ............... by dugalle New Member in Splunk Search 01-17-2020 0 4	0	4
Regex with Line break while pushing data into splunk Hello Team, Could you please help to parse this data while pushing this in source type data into splunk. Issue is i... by mailtosnsolutio Explorer in Splunk Search 01-16-2020 0 2	0	2
Count is incorrect Trying to write a simple query in Splunk 7.0. The idea is that it would count all the unique ip addresses based on a... by TitanAE New Member in Splunk Search 01-16-2020 0 2	0	2
What command is used for trying to identify anomaly logons from common users? Is there a website on Splunk docs that describe interesting fields and what each field is about? What command can I... by keldridg2 New Member in Splunk Search 01-16-2020 0 3	0	3
Event and Statistics not the same- Geostats When I perform a search, the "events tab" count match actual data. Once I add "\| geostats latfield=Latitude longfield... by Becherer Explorer in Splunk Search 01-16-2020 0 3	0	3
Can I use splunkjs charts in an app outside of Splunk to display external data (not to be imported into Splunk)? I'm wondering if it is possible to use the chart visualizations from splunkjs to display data that is neither in Splu... by pgoldweic Communicator in Splunk Search 01-16-2020 0 0	0	0
Lookup fails unless using a table The query below produces the results expected, but if I remove the "table PSID" section (bolded) it fails, saying 22 ... by klhogan New Member in Splunk Search 01-16-2020 0 2	0	2
How to show count of events by host as well as total count (both per minute in same search) How to show count of events by host as well as total count (both per minute in same search) by sahil237888 Path Finder in Splunk Search 01-16-2020 0 1	0	1
How can I get the Splunk Python SDK API to return results faster than 100 kB per second? How can I get the splunk SDK API to return results faster than 100 kB / second? Some context: I am trying to create ... by nikos_d Explorer in Splunk Search 01-16-2020 3 3	3	3
How to create a more efficient sitimechart for distinct count? When using index=blah \| sitimechart dc(field1) by field2 It saves every single element for field1 concatenated into a... by pr0n Explorer in Splunk Search 01-16-2020 0 3	0	3
FIPS and Splunk Compatibility I have inherited a Splunk Enterprise and FIPS is on for about half of the environment. My experience has always been ... by plymalebl Explorer in Splunk Search 01-16-2020 2 0	2	0