Splunk Search

Community Activity

	how to replace value with another field values Hi, we could see message ="executed" for started state field. so, would like to replace with same massage where state... by james_n Path Finder in Splunk Search 05-06-2024 0 8	0	8
	Querying AD accounts and email addresses I am able to pull my AD users account information successfully except for their email addresses. What am I doing wro... by Sotu Engager in Splunk Search 05-04-2024 0 2	0	2
	How to map values in case statement? Hi All,I am using case statement to map values instead of other values. But i am not getting the values.I am getting ... by karthi2809 Builder in Splunk Search 05-03-2024 0 4	0	4
	How to get latest transactionId ? Hi All,I am trying to get count of enabled and disabled from field. Then i want to show the field values based on lat... by karthi2809 Builder in Splunk Search 05-03-2024 0 11	0	11
	How to transpose based on regex data to get the counts Hi, I am new to Splunk. I am trying to figure out how to extract count of errors per api calls made for each client. ... by kuul13 Explorer in Splunk Search 05-02-2024 0 1	0	1
	skip first 10 lines of search results _raw=line 1line 2line 3line 4line 5line 6how to define another new field "copyofraw" to contain just line 5 and line... by guru333 Engager in Splunk Search 05-02-2024 0 7	0	7
	Unable to view thawed data Hi, I'm testing thawing of some frozen data and it's not working. I have thawed some previously frozen data and am ex... by BARNEYRUDD Explorer in Splunk Search 05-02-2024 0 12	0	12
	Subsearch in SPLUNK with the name of index Hello, I have a use case to get the index name from the field of one of the index/sourcetype and use that index name... by SplunkDash Motivator in Splunk Search 05-01-2024 0 6	0	6
	Weighting events based on the source they originate from I have a summary index that pulls in normalized data from 2 different sources (entirely different applications that c... by mjones414 Contributor in Splunk Search 05-01-2024 0 2	0	2
	Handling spaces in field values DescriptionHow can I produce a URL in an alert email that uses field values, either by in-line results or in the body... by Badger New Member in Splunk Search 05-01-2024 0 1	0	1
	Correct Syntax for rex for a user I have a simple search index=xxxxx "User ID" and I need the correct syntax to get the actual username in the results.... by LizAndy123 Path Finder in Splunk Search 05-01-2024 0 1	0	1
	Looking to query a domain account and find out the device it is logged into or running on I wrote a simple query to parse my Windows Event Security logs to look for a user account, however I am looking to ad... by Sotu Engager in Splunk Search 05-01-2024 0 2	0	2
	Search for non ascii characters Is there any way to search for events which has any special characters? thanks in advance for any help. by bhupalbobbadi Path Finder in Splunk Search 05-01-2024 0 4	0	4
	Does SOURCE_KEY have the same limitations as EXTRACT I'm working with a field named Match_Details.match.properties.user. It contains domain\user information that I'm try... by jwhughes58 Contributor in Splunk Search 04-30-2024 0 2	0	2
	Permissions issue Executable for Splunk App Hi,I am facing a executable permission issue for the few scripts for a splunk app and seeing these errors on various ... by Roy_9 Motivator in Splunk Search 04-30-2024 0 5	0	5
	Splunk queries Hi all,A query, can calculate http calls, success responses and error response. I need an addition to the query to g... by saidAb Explorer in Splunk Search 04-30-2024 0 10	0	10
	role problem Hello, I'm having problems using roles.I use this search, which gives me results via the admin role. [search index="... by anissabnk Path Finder in Splunk Search 04-30-2024 0 1	0	1
	Splunk alret Hello everyone,I am looking for a Splunk search query to get the duration time of three sequential response code 200.... by saidAb Explorer in Splunk Search 04-30-2024 0 9	0	9
	Using regex to extract summary in raw data I have portion that I would like to use in report. "changes":{"description":{"before":"<some text or empt... by bigll Path Finder in Splunk Search 04-30-2024 0 4	0	4
	Extract data from 2 different logs Hello community!I want to extract data from 2 different logs like bellow:Log 1: 2024-04-28 06:38:51 INFO Start auth f... by chimuru84 Path Finder in Splunk Search 04-30-2024 0 3	0	3
	extract a name from file location Hi,How do I extract word "Dev" from below file locationsource=/test1/folder1/scripts/monitor/log/env/dev/Error.logand... by guru333 Engager in Splunk Search 04-30-2024 0 7	0	7
	Searching on a specific field in JSON This is probably an entry level question. I have raw data that looks something like this:{"id": 99999, "type": "HOST... by fredsnertz Observer in Splunk Search 04-29-2024 0 2	0	2
	How do I verify if splunk forwarder dropping event from the queue? Splunkd log _internal. In my index I don't see all the logs being forwarder by the Splunk UF. How can monitor when event is drop from event ... by abi2023 Path Finder in Splunk Search 04-29-2024 0 1	0	1
	transaction startswith from a lookup file Hello I have the following sample log lines from a splunk search query line1 line2 line3: field1 : some msg line4 l... by MVK1 Path Finder in Splunk Search 04-29-2024 0 7	0	7
	How to check empty values in coalesce? Hi All,I have a field called File1 and File2 and I combined in coalesce .In the table but the value is not getting i... by karthi2809 Builder in Splunk Search 04-29-2024 0 7	0	7