Splunk Search

Community Activity

	Splunk search performance using TERM() function Hello, I'm Splunk Newbie.This is a post that I found while looking for improvement of Splunk's search performance, bu... by munang Path Finder in Splunk Search 05-27-2024 0 3	0	3
	Dashboard inherited inputs Hey all,I'm building new dashboard that contains 2 multiselect values:Site: USA, Romania, Turkey.... (only countries)... by joock3r Explorer in Splunk Search 05-26-2024 0 4	0	4
	Add row in table if value not present in the field I have table as below DateOut AirlineBag TypeTotal Processed01/05/2024IXLocal10001/05/2024IXTransfer12002/05/2024BALo... by sultanulariff Engager in Splunk Search 05-25-2024 0 7	0	7
	Time token returning NAN error I have a time picker & a time dropdown which has static values. <panel id="pqr"> <input type="time" token="time"> <... by av_ Path Finder in Splunk Search 05-25-2024 0 14	0	14
	SingleId color change in dashboard Hi, I tried to add a piece of code to change the color of values based on certain condition, but it is not reflecting... by saleshai Explorer in Splunk Search 05-24-2024 0 5	0	5
	Splunk Query when attribute having dot seperator not able to search with any attribute which are having .(dot) like env.cookieSize NOT WORKING ------------------ in... by rahulmittal2391 New Member in Splunk Search 05-24-2024 0 3	0	3
	Showing/counting event that there's not Hi all,we've a procedure that's writes index only where there's a KO:So I've a sequence of events like these:DATE,RES... by fabrizioalleva Path Finder in Splunk Search 05-24-2024 0 4	0	4
	not receiving any outcomes for CIDR IPs Hello community,I aim to compare the 'src_ip' referenced below with the CIDR IP ranges in the lookup file 'zscalerip.... by hem03 Loves-to-Learn Lots in Splunk Search 05-24-2024 0 6	0	6
	When using Transaction command startswith and endswith,if field value is same for both ,null is shown for endswith Hi All,I am using transaction command to group events and get stop time of a device. \| transaction sys_id startswith=... by mythili Explorer in Splunk Search 05-24-2024 0 5	0	5
	rename a field Hi All, I am trying to rename a data but it is giving me error. I am doing in this way.\| rename "Data Time series* *e... by Pandey_21 New Member in Splunk Search 05-24-2024 0 1	0	1
	CBS Token authentication failed. Add-on for Microsoft Cloud Services Hi,I got the following error message when trying to connect to an eventhub,Error occurred while connecting to eventhu... by Brenny Explorer in Splunk Search 05-23-2024 0 2	0	2
	Splunk Query Issue index=abc sourcetype=abc \| timechart span=1m eval(count(IP)) AS TimeTaken Now I want to get 95th percentile of this ... by Chirag812 Explorer in Splunk Search 05-23-2024 0 3	0	3
	Single Value visualisation for a timechart with sparkline and showing the group by field Hi expert, My SPL looks something like: index=<> sourcetype::<> \| <do some usual data manipulation> \| timechart min(f... by MCW Explorer in Splunk Search 05-23-2024 0 2	0	2
	Splunk Query To Evaluate Absence Of A Signature In the Logs Hi Splunk Community,I need to build an alert that will be triggered if a specific signature is not present in the log... by victorcorrea Path Finder in Splunk Search 05-23-2024 0 6	0	6
	Is it possible to let splunk recognize fields automatically with this layout Hi,I have a json-file in splunk with an arguments{}-field like this field1=[content_field1] field2=[content_field2] f... by rrovers Contributor in Splunk Search 05-23-2024 0 1	0	1
	How to get a Full Encoded Command from a Notable We are receiving some notables that reference an encoded command being used with PowerShell, and the notable lists th... by CSNinja New Member in Splunk Search 05-23-2024 0 0	0	0
	searching for events in a source based on value of another source I have two sources that I'd like to combine/join or search on one based on the other.Source 1 - has two fields name ... by kenbaugher Path Finder in Splunk Search 05-23-2024 0 2	0	2
	How to add multiple field in a single search Hi How to write spl search query by adding multiple field in single search Field 1 - contain data like authorization... by jaibalaraman Path Finder in Splunk Search 05-23-2024 0 6	0	6
	How to one index two different device count calclation I want chart as follow. I could show count each count value (cannot Calc field) (index=interface_count devicename IN ... by Richard_400 Engager in Splunk Search 05-23-2024 0 2	0	2
	Splunk alert base on current count vs last week count Hi Team,I need help to create a alert which can raise if latest hour count is 10% less than last week same day same h... by cbiraris Path Finder in Splunk Search 05-23-2024 0 1	0	1
	How to lookup the same field from another search and different fields my search as below, the two <my search command for list user rating list> search command is the same, how to reduce t... by mia Explorer in Splunk Search 05-22-2024 0 4	0	4
	Join similar fields Hey guys, I'm having trouble joining two datasets with similar valuesI'm trying to join two datasets, both have a com... by ViniciusMariano Explorer in Splunk Search 05-22-2024 0 5	0	5
	I would like to change to 10% deviation from standard for below query index="xyz" sourcetype = abc" \| search Country="ggg" statusCode=200 \| stats count as Registration \| where Registrati... by paragg Loves-to-Learn Lots in Splunk Search 05-22-2024 0 1	0	1
	How can I stack the rows vertically while preserving the original columns I have a search that returns the following table (after transpose):columnrow 1row 2search_nameUC-315UC-231ID7zAt/75Df... by rar0 Loves-to-Learn Lots in Splunk Search 05-21-2024 0 4	0	4
	drilldown of timechart changing to epoch time in user's time zone I have a dbxquery command that queries an Oracle server that has a DATE format value stored in GMT.My SQL converts it... by loganramirez Path Finder in Splunk Search 05-21-2024 0 4	0	4