Splunk Search

Community Activity

Time input is not displaying the correct time Hi I have a table in Splunk dashboard where there is one time input that picks what gets displayed on the panel. Say... by kishan2356 Explorer in Splunk Search 11-12-2019 0 0	0	0
How to avoid the overuse of appendcols? Hi Splunkers! Just wondering whether anyone can advise me on how to tune the following search statement? The reason... by leandromatperei Path Finder in Splunk Search 11-12-2019 0 3	0	3
Why are there no results when time range is set between anything less than time posted? I am plotting a timechart based on a datetime field (timestamp) in the event. The search looks like: * "logname=cus... by angshul Path Finder in Splunk Search 11-12-2019 0 6	0	6
Has anyone created a Splunk search using IBM z/OS SMF type 70 records and calculated the CPU percentage? We are trying to replicate some data that was in an RMF report and imported into Excel for a graph. We are trying to... by bdh5574 New Member in Splunk Search 11-12-2019 0 3	0	3
How to run round on multiple values? The following works on one value - \| eval devicedowntime2 = round(devicedowntime,4) but not on two or more. Is there... by danielbb Motivator in Splunk Search 11-12-2019 0 3	0	3
How to get the plain text of pass4Symmkey? Hi, Please help us to get the plain text of pass4Symmkey. Is there a way to decrypt it? by VijaySrrie Builder in Splunk Search 11-12-2019 1 4	1	4
Comparing lists from day1 with the list of day2 and etc. to get difference I need to compare a list consisting of one field from day1 to day2 and get what values where not listed on day 1 but ... by igschloessl Explorer in Splunk Search 11-12-2019 0 0	0	0
How can one represent different values for a single extracted field? This issue comes from the error logs of a login service. When a user scans their badge and attempts to log in with an... by cb046891 New Member in Splunk Search 11-12-2019 0 2	0	2
Using field from subsearch in stats I have one type of log (let's call A) with format: type=log a; name={name}; I also have log type B with format: type... by infcl Explorer in Splunk Search 11-12-2019 0 2	0	2
Can the Returned Value From a Case Function be a Search Hello, Can the Returned Value From a Case Function be a Search? index="pay_test" AND host IN ("pay20", "pay21") ... by genesiusj Builder in Splunk Search 11-12-2019 0 8	0	8
Detecting Multiple Logins where distinct count I am trying to figure out how to create a search where I am using multiple counts for an alert I am wanting to write.... by willadams Contributor in Splunk Search 11-12-2019 0 4	0	4
combine multiple fields to a single field I need to combine 3 fields as single field eg: Field1 Field2 Field3 3 6 xyz 4 7 ... by kranthimutyala Path Finder in Splunk Search 11-12-2019 0 3	0	3
Custom IP Reputation Hi My end goal is to create a custom IP reputation table that tracks successful and failed logins by IP address and... by bbraun New Member in Splunk Search 11-12-2019 0 2	0	2
union search with same field from different sourcetype I have two sources as below: source x: CreateTime, CreateUser,ChangeTime,ChangeUser,....... 2019/0... by lllidan New Member in Splunk Search 11-11-2019 0 2	0	2
Extract fields from multiple events based off of min( id ) and max(id) by a common field. I would like to extract the time, did, and callerid from the event with the min(id) by apiid Additionally, extract ex... by fmatera Explorer in Splunk Search 11-11-2019 0 4	0	4
How to join two fields in a source with one field in another source? I have events from one source that look like: source=foo fieldA=100 source=foo fieldB=200 source=foo fieldA=300 fie... by justinnaldzin Engager in Splunk Search 11-11-2019 3 7	3	7
Storing spl in lookup Is it possible to store a search string in a lookup column, retrieve the content and run it as a search? For example:... by hoytn Explorer in Splunk Search 11-11-2019 0 2	0	2
double fields If Statements Hello Guys, i try to generate different fields using if 2. I would like to write a query which looks at the followi... by mklhs Path Finder in Splunk Search 11-11-2019 0 4	0	4
Create a filed from lookup data Hi, I would like to extract a field from lookup data, can i use below search for extraction \| inputlookup datafra... by raghu0463 Explorer in Splunk Search 11-11-2019 0 3	0	3
strptime conversion difficulty from a string Hello, I am having difficulty getting the strptime function to properly convert my date string into a usable and acc... by mdurdel New Member in Splunk Search 11-11-2019 0 3	0	3
Group by id. I have a query like this index=MyIndex \| stats values(status) as status by id, time \| dedup id,status ... by sandeepmakkena Contributor in Splunk Search 11-11-2019 0 3	0	3
highest - lowest in a row Date X Y Z XX Max Delta 10/1/2019 315 205 258 270 110 10/2/2019 293 194 235 247 99 10/3/2019 309 210... by reverse Contributor in Splunk Search 11-11-2019 0 5	0	5
Extracting a string of numbers from log file and tabulate the data I am trying to extract a string of numbers (6-8 digits) within a string. each of the string extracted/detected will b... by wyvivianho New Member in Splunk Search 11-11-2019 0 8	0	8
timechart for post for multiple web sites I have multiple web portals. portal= www.xyz.com, www.abc.com post_method = get \| post Now I want a timechart like ... by riqbal47010 Path Finder in Splunk Search 11-11-2019 0 3	0	3
Using Transaction Command more than once in the query My Query - index=abcd sourcetype=applog OR (sourcetype=nginx AND uri=/v1/abcd) \| transaction startswith="status=20... by vickyvishwa Explorer in Splunk Search 11-10-2019 0 1	0	1