Splunk Search

Community Activity

	transaction startswith from a lookup file Hello I have the following sample log lines from a splunk search query line1 line2 line3: field1 : some msg line4 l... by MVK1 Path Finder in Splunk Search 04-29-2024 0 7	0	7
	How to check empty values in coalesce? Hi All,I have a field called File1 and File2 and I combined in coalesce .In the table but the value is not getting i... by karthi2809 Builder in Splunk Search 04-29-2024 0 7	0	7
	Alternative to join, correlating TOP 1 matches from second search? Hi,I have a background with T-SQL and reading the forums I start to realize that "join" is not so good to use with Sp... by dannepannesthlm Explorer in Splunk Search 04-29-2024 0 8	0	8
	Difficulty Locating Newly Added Calculated Field (Eval) Hello,I recently encountered an issue with Splunk Cloud. After creating a new eval in the "Fields" menu under "calcul... by Ismail_BSA Path Finder in Splunk Search 04-29-2024 0 2	0	2
	Alert set for count in range Hi Team,I am trying to setup an alert if the count of errors are in range of between 10 to19(more then 10 and less t... by cbiraris Path Finder in Splunk Search 04-29-2024 0 2	0	2
	How to create a filter on the field fetch using REX? Hi Can someone help me to find a way to create a Dropdown Input on the field which is extracted using a REX command.E... by Real_captain Path Finder in Splunk Search 04-29-2024 0 3	0	3
	count(eval(execution-time)>1000) not working when I run below query I am not able to get the sla_violation_count index=* execution-time=* uri="v1/validatetoken" ... by VamshiBavu Engager in Splunk Search 04-29-2024 0 3	0	3
	service status of a service including Disaster Recovery situation Just in a situation where I have 2 servers, where 1 is active and the other is passive. I had to deploy the TA on bot... by ashraf_sj Explorer in Splunk Search 04-29-2024 0 2	0	2
	Comparing an incidents event timestamp to Splunk landing timestamp I would like some help creating a report that will show the seconds diff between my event timestamp and the Splunk la... by auzark Communicator in Splunk Search 04-28-2024 0 5	0	5
	How to get SharePoint excel files in to Splunk? Hi What is the best practice to get the SharePoint excel files, which will be added every week to get in to Splunk a... by kiran331 Builder in Splunk Search 04-28-2024 0 3	0	3
	group threefields and get the latest timestamp record and retrieve additional column value corresponding to that group HiI have a vast data set with a sample as below. Need to group the data based on three columns latest timestamp data ... by NathanAsh Path Finder in Splunk Search 04-28-2024 0 10	0	10
	How to compare same fields from different events to find past occurrence Editing to make it better:Let's say I have login events with 2 important fields: past_deviceid, new_deviceidI want to... by Josh1890 Explorer in Splunk Search 04-27-2024 0 10	0	10
	Include literal dataset in search query / Ensure fixed number of rows in result set Anyone know how to accomplish the Splunk equivalent of the following SQL? SELECT * FROM (SELECT 'dev' AS env, 0 as va... by trevorreed Explorer in Splunk Search 04-26-2024 0 2	0	2
	Rex command help Hello, I need your help with a field extraction.I have this type of data, and I'd like to extract the following field... by anissabnk Path Finder in Splunk Search 04-26-2024 0 3	0	3
	Graphing Elapsed Time Hi all - I am a Splunk Novice, especially when it comes to writing my own queries. I have created a Splunk Query th... by Memphis Explorer in Splunk Search 04-26-2024 0 4	0	4
	Not showing count in a table We are seeing a very different issue,1.As shown in a table when there are no logs for any one of the List rows are r... by Harish2 Path Finder in Splunk Search 04-26-2024 0 2	0	2
	How to use fillnull for certain fields (and not for other ones) My search ends with: \| table Afdeling 20* Voorlaatste* Laatste* verschil It has several detail rows and 1 row with to... by rrovers Contributor in Splunk Search 04-26-2024 0 1	0	1
	How to exclude particular values? Hi All,How to exclude particular values of fields in this query.In my scenario if message having "file not found" so ... by karthi2809 Builder in Splunk Search 04-26-2024 0 5	0	5
	Is there a way we can calculate moving averages - Windows & x(t)? Hello splunkers! Is there is a way we can calculate moving/rolling averages such that the current data point, ```x(t)... by anirban_td Explorer in Splunk Search 04-26-2024 0 2	0	2
	Log Metrics and use on dashboard I have a case where the we have some associated metric for each request/response event , something like below: { "Key... by nehasha3 New Member in Splunk Search 04-26-2024 0 1	0	1
	Replace join with a more performant query So far I created this Join index="index" "mysearchtext" \| rex field=message ", request_id: \\\"(?<request_id>[^\\\"]+... by fabry Observer in Splunk Search 04-26-2024 0 5	0	5
	Table showing fields from excluded events after head Is this intended behavior?After selecting only a single event with "head 1" fields from excluded events that occurred... by plapila Explorer in Splunk Search 04-25-2024 0 5	0	5
	Empty rows in Table We have a table where i see no data for few coloumns tried fillnull value=0 but its not working.But this is happening... by Vani_26 Path Finder in Splunk Search 04-25-2024 0 10	0	10
	Extend search results data by correlation-id (and exclude on other messages) Hello, I have 500 HTTP messages in my access log. Also I have corresponding events from other log sources with the sa... by sscholl Engager in Splunk Search 04-25-2024 0 2	0	2
	Fields extracted not appearing while searching Hi,I have extracted fields manually in Splunk cloud, The regex works perfectly in the field extraction preview page b... by Splunkerninja Path Finder in Splunk Search 04-25-2024 0 1	0	1