Splunk Search

Community Activity

Why are we getting excessive number of alerts? We have an All time (real time) alert which produced 315 alerts in the first eight hours of the day. When running th... by danielbb Motivator in Splunk Search 08-14-2019 0 22	0	22
Why is sub-search getting auto-finalized after 60 seconds and triggering false alerts Hi, I have the below search query to monitor the process/instances running on our servers and the sub-search within ... by shashank8 Engager in Splunk Search 08-14-2019 0 9	0	9
Splunk Query - How to create a table from event I'm quite new to Splunk and currently am trying to do a simple with Splunk using syslog. I have a firepower syslog wh... by pclooi New Member in Splunk Search 08-14-2019 0 3	0	3
Multiple Events - Looking for Matching Data I would like to show a count for every time I get a "burst" of similar events. This would be defined as more than on... by jon0149 New Member in Splunk Search 08-14-2019 0 1	0	1
How to use subsearch results as values in a different field of parent search? Hello, I am working with Windows event logs in Splunk. Specifically, process execution (EventCode 4688) logs. I hav... by frbuser Path Finder in Splunk Search 08-14-2019 0 4	0	4
Field Extractions Not working in Splunk Cloud Hi Team, We have few aplication logs which are getting captured from Microsoft Storage Blobs using Microsoft Splunk ... by anandhalagarasa Path Finder in Splunk Search 08-14-2019 0 5	0	5
Regex for looking at executables in a specific folder Hi All, I am trying to create a search that will parse our endpoint logs for any executable that have been run from ... by tbradsher86 Engager in Splunk Search 08-14-2019 0 5	0	5
Splunk has not returned event in the result two weeks ago but now returns it. How is that possible? Hello I have a saved search that is running every month at 1st day. The search is not new and has been working a long... by net1993 Path Finder in Splunk Search 08-14-2019 0 0	0	0
Handle different search results as one by analysing the percentage match Hi Community, i have a search which shows me all PHP-Errors in the configured timespan. Now i want so sort this resu... by mmsbswe Engager in Splunk Search 08-14-2019 0 2	0	2
Automatic key-value field extraction does not handle special characters ? Hello, Here is the raw text of my event. {"country_code":"FR","currency":"EUR","reseller":"Franc\u00e9 Loisirs"} ... by juleserror Engager in Splunk Search 08-14-2019 0 1	0	1
How to assign value for any field as "0" when no events are there for the field? I have a below query. But the below is not giving results after the July 11 date because there are no events for the ... by abhi04 Communicator in Splunk Search 08-14-2019 0 5	0	5
help with eval if needed I have the following search: \|makeresults \| eval trigger=0\|eval decision=if(trigger==1, [ \| makeresults \|rename co... by damucka Builder in Splunk Search 08-14-2019 0 6	0	6
Help with custom search command (wait) needed Hello, I need to apply 60 sec delay between two SPL commands, which start and collect the DB trace per dbxquery. In... by damucka Builder in Splunk Search 08-13-2019 0 7	0	7
How to identify data communications to iCloud - first ever post - new splunk user Hi everyone, I am fairly new to splunk. I am trying to work out the syntax in order to identify if a staff member ha... by Arpanet31 Engager in Splunk Search 08-13-2019 0 1	0	1
How to format a table I have a search that will produce a pretty basic table like this: index=myindex \| chart count by host, partition ho... by ShagVT Path Finder in Splunk Search 08-13-2019 0 3	0	3
how to get extract field in a numeric format? I'm trying to extract value from a field in the raw text using a regular expression. I want the field values to be e... by gwtm_hak Engager in Splunk Search 08-13-2019 0 1	0	1
Joining two searches based on a common field Hello Everyone, I have two search queries which are working as expected but when I trying to join both these queries... by rajatsinghbagga Explorer in Splunk Search 08-13-2019 0 12	0	12
How can I have the query when the field have the % (same pictures) I have the field count number and %, How can I set the query to run? by Joycetran New Member in Splunk Search 08-13-2019 0 2	0	2
How to count pass of fail rate from all if conditions I have the following , I want to know how to calculate rate on rule1, rule 2, rule3.... pass and fail rates(only for... by jenniferhao Explorer in Splunk Search 08-13-2019 0 2	0	2
Where function not calculating fields as expected I have a basic search to identify systems that have not checked into a service for X amount of time. There is nothin... by cshadduck Explorer in Splunk Search 08-13-2019 0 6	0	6
Does multisearch suffer from subsearch limits? by marcusnilssonmr Path Finder in Splunk Search 08-13-2019 2 2	2	2
extracting events based on certain conditions HI all, I am stuck in a scenario which has multiple conditions and i am unable to resolve it. Kindly Help!!! I have... by bhavneeshvohra Engager in Splunk Search 08-13-2019 0 3	0	3
How to multiply? Hi, Can someone please help me with this query? I am trying to multiply the fields Batch_Size and count and return ... by rlaul Engager in Splunk Search 08-13-2019 0 2	0	2
cant figure this out I have this query below .. I need to report on the last successful backup 'over' 24 hours.. which this does... howeve... by kjonesdba_lm Explorer in Splunk Search 08-13-2019 0 11	0	11
automated query results from run to run I'm creating a query that runs every day at 03:00 I need to use the field "INSERT_DATE" as my time entry. Its current... by codedtech Path Finder in Splunk Search 08-13-2019 0 2	0	2