Splunk Search

Community Activity

	Count the number of field Hello,So I have to count the number of resulted fields, it doesn't go far than this. for my search I have index=examp... by aatik5u Path Finder in Splunk Search 05-15-2024 0 2	0	2
	How to add multiple fields to chart count over This was my original query to get the list of apis that failed for a client. I have more details of the client in the... by kuul13 Explorer in Splunk Search 05-14-2024 0 14	0	14
	Method to force the implied search in first line to give only the latest events without using stats latest()? This is just a fun optimization question. The benefit may be very little in fact!My Splunk searches are already optim... by ClubMed Path Finder in Splunk Search 05-14-2024 0 5	0	5
	Displaying matching command strings from lookup table All - I am new to Splunk and trying to figure out a way to return a matched command from a CSV table with inputlookup... by cybersunny Loves-to-Learn Lots in Splunk Search 05-14-2024 0 10	0	10
	Splunk Index Retention Cost If I have an index with a retention of 90 days. Can I make a rough estimate about the cost of increasing the retentio... by andgarciaa Explorer in Splunk Search 05-14-2024 0 6	0	6
	Employee report Hey guys, I am working a report that needs to show any new employees coming into the company for the last 30 days. Ri... by dude49 Explorer in Splunk Search 05-14-2024 0 2	0	2
	REST endpoint for SAVED SEARCHES - FILTERING Hi all, I'm trying to get all the saved searches in Splunk that are in all apps. Could someone explain to me what the... by IAskALotOfQs Path Finder in Splunk Search 05-14-2024 0 3	0	3
	Trouble Blacklisting Windows Event Hi I was wondering if there was a way I could blacklist the following event based on the event code and the account n... by OpeKush New Member in Splunk Search 05-14-2024 0 2	0	2
	[idx-1,idx-2,sh-2] Could not load lookup=LOOKUP-threatprotect-severity I am seeing the following alert on the Searching and Reporting App and also within the InfoSec App for Splunk.[idx-1,... by SplunkNinja Path Finder in Splunk Search 05-14-2024 0 4	0	4
	How to show the results of a query month wise in splunk? Hi All,I have a query which returns results for a particular month like how many tickets breached SLA. The month and ... by avi123 Explorer in Splunk Search 05-13-2024 0 1	0	1
	how to get Stats sum of field with latest correlationId? Hi All,Below query to get stats sum of field values of latest correlationId. need to show in pie chart. But i am gett... by karthi2809 Builder in Splunk Search 05-13-2024 0 3	0	3
	How to merge two rows into one ? How to convert table like this (2 rows per topic): topic mbean_property_name bytesA BytesOutPerSec 60376267182A ... by marioosh2 Engager in Splunk Search 05-13-2024 0 3	0	3
	How to write a search to display a Notable Event Timeline Review showing various phases of a ticket? Hello everyone Can anyone suggest me a search where I can get the notable Event time review between various phases of... by gschauhan81 New Member in Splunk Search 05-13-2024 0 5	0	5
	Converting Multivalue Fields to Single Value Fields for Line Chart Visualization Hello Splunk Community,I'm encountering challenges while converting multivalue fields to single value fields for effe... by sanjai Path Finder in Splunk Search 05-12-2024 0 3	0	3
	Plot time series chart based on values selected where in value can single or multiple I am using query as below index="test" sourcetype="reports" \| bin _time span=1m \| stats values(a) as a values(b) as ... by R_Ramanan Loves-to-Learn in Splunk Search 05-12-2024 0 5	0	5
	to check the attribute exist and assign the value If attr.error exist then Error will be attr.error. If attr.error not exist and attr.error.errmsg exist then Error wou... by Jasmine Path Finder in Splunk Search 05-12-2024 0 2	0	2
	ddl bind with rex In the below query if c= I, the reg expression is \| rex field=attr.namespace "(?<DB>[^\.]*)"if c= other than "I" the... by Jasmine Path Finder in Splunk Search 05-11-2024 0 1	0	1
	Need Help with a Splunk query So, I have data like this after I ran a query. For each aggregator, if the aggregator_status is Error and before15 mi... by phularah Communicator in Splunk Search 05-11-2024 0 3	0	3
	How to get the list of all APIs with the response time more than 30sec in splunk Hi All,I have a soap request and response being ingested in the splunk under an index. There are multiple API calls a... by splunk6 Path Finder in Splunk Search 05-11-2024 0 1	0	1
	How to extract fields from nested json Hello,Can someone please help me in extracting nested json fields without regex?I have tried below:1. Updating KV_mod... by jayita1989 Loves-to-Learn Lots in Splunk Search 05-10-2024 0 7	0	7
	How to categorized filed values as Success and Failure files in Splunk? Hi All,I have a field in my data called 'message' ,which contain information about status of the field.I'd like categ... by karthi2809 Builder in Splunk Search 05-10-2024 0 3	0	3
	Delete events after stats operation I'm running stats to find out which events I want to delete. Basically I'm finding the minimum "change_set" a particu... by bhavesh0124 Explorer in Splunk Search 05-10-2024 0 7	0	7
	best way to run a query what is the best approach to run splunk queries by howard_mclean New Member in Splunk Search 05-10-2024 0 1	0	1
	How to split stats values() into other rows? I am trying to show a "primary" and "secondary" IP in rows to recreate a spreadsheet. I currently have a search like:... by bofasplunkguy Explorer in Splunk Search 05-10-2024 0 4	0	4
	Splunk search earliest and latest in Splunk search Splunk search " EventCode="4688" AND earliest="5/8/2024:10:07:20" latest="5/8/2024:10:17:20 " Could you please the ti... by jaibalaraman Path Finder in Splunk Search 05-10-2024 0 6	0	6