Splunk Search

Community Activity

Calculating duration from a number I am trying to find the duration for a time span. The "in" and "out" numbers are included in the data as type: number... by whipstash Engager in Splunk Search 04-09-2024 0 3	0	3
How to find matching data from two indexes Hi all, thank in advance for your time!I have a problem writing a properly working query with this case study:I need ... by BigJohnQ New Member in Splunk Search 04-09-2024 0 4	0	4
Sharding searches / mcollect We have several summary searches that collect data into metric indexes. They run nightly and some of them create quit... by jbuecse New Member in Splunk Search 04-08-2024 0 1	0	1
How to fetch the count with details. Hi All,I have one log that is ABC and it is present in sl-sfdc api and have another log EFG that is present in sl-gcd... by avii7326 New Member in Splunk Search 04-08-2024 0 4	0	4
could not create search - No Search query provided i am using below to load colur in drop downlist . Data loading propertly. but it always shows - Could not create sear... by Jasmine Path Finder in Splunk Search 04-08-2024 0 3	0	3
Data Summary is not showing host at all Data Summary is not showing host at all even I already added UDP with ip address on port 514. by matoulas Path Finder in Splunk Search 04-08-2024 0 1	0	1
Splunk Search to find the list of CIM Mapped indexes Below are the CIM Macros where i am using and there are different indexes mapped in individual macros.I want to get t... by alexspunkshell Contributor in Splunk Search 04-08-2024 0 1	0	1
Timechart removes 0 values when searching for over 2 days Hi,I have this search for example:index=test elb_status_code=200 \| timechart count as total span=1s \| stats count as... by EG1 Engager in Splunk Search 04-08-2024 0 4	0	4
Could you kindly assist me? I'm looking to craft a query (a correlation search) that would trigger an alert in the event that an internal system... by KingUs80 Loves-to-Learn Lots in Splunk Search 04-07-2024 0 1	0	1
return _raw of a large file I am using the \| fields _raw to show the entire content of the source file as a single event. It works for most of m... by simon007 Observer in Splunk Search 04-06-2024 0 1	0	1
How to call Splunk API using Postman? curl -k -u svc_aas -d search="search index=aas sourcetype=syslog" https://splunk-prod-api.internal.xxxx.com/services/... by kranthimutyala2 Engager in Splunk Search 04-06-2024 0 2	0	2
Why am I getting inconsistent search results using export with the Splunk Python SDK? I've written a search that creates a stats table with a medium sized result with around 5 cols and 100k+ rows. When I... by aiguofer Engager in Splunk Search 04-05-2024 1 4	1	4
How to compare 2 columns between 2 lookups? Hi, need help to get difference records between 2 lookups with same column name. ex: lookup 1 has the data below: co... by jiaqya Builder in Splunk Search 04-05-2024 0 5	0	5
output of time field in splunk Hi All,I have time field having time range in this format in output of one splunk query:TeamWorkTimings09:00:00-18:00... by avi123 Explorer in Splunk Search 04-05-2024 0 3	0	3
Distinct count by multiple conditions chart Hi Assuming a sample of data from this example: \| makeresults count=5 \| eval f1=random()%2 \| eval f2=random()%2 \|... by kriptonpt Engager in Splunk Search 04-05-2024 0 5	0	5
How to exclude result from query? Hi Guys,In my scenario i need show error details for correlation id .There are field called tracePoint="EXCEPTION" an... by karthi2809 Builder in Splunk Search 04-05-2024 0 4	0	4
Need help decuple only time from below record My apologiesi was using "eventTimestamp" instead of "@timestamp" in my rex command i just realized and its working n... by bhaskar5428 Explorer in Splunk Search 04-05-2024 0 5	0	5
SPL Question: Using Lookup field values in a tstats search Hi all, getting to grips with SPL and would be forever grateful if someone could lend their brain for the below: I'... by IAskALotOfQs Path Finder in Splunk Search 04-04-2024 0 4	0	4
Made a new splunk searchhead, all searches are failing. My environment consists of 1 search head, 1 manager, and 3 indexers. I added another search head so that I can put en... by morinb Explorer in Splunk Search 04-04-2024 0 3	0	3
Splunk access to External users Hello Splunkers,My Splunk instance is configured with default SAML authentication. Now i wanted to add users from ext... by Manasa_401 Communicator in Splunk Search 04-04-2024 0 6	0	6
Somehow unable to fetch Time , Earlier it was working ===========================================Query used index=* namespace="dk1017-j" sourcetype="kube:container:kafka-c... by bhaskar5428 Explorer in Splunk Search 04-04-2024 0 13	0	13
How to seperate succefully login attempt from invlaid Login id Hi TeamCan anyone help me with Splunk search query to split the successful login from invalid? Ex - I want to exclude... by jaibalaraman Path Finder in Splunk Search 04-04-2024 0 6	0	6
Splunk cheatsheet I am planning to provide basic splunk session to my team.Can you help if any cheatsheet available online which I can ... by bhaskar5428 Explorer in Splunk Search 04-04-2024 0 1	0	1
is it possible to have expression in case command for argument Y? is it possible to have expression in case command for argument Y?case(x,y)\|eval test=case(x=="X", 'a+b') The Y argume... by billchen99k Engager in Splunk Search 04-03-2024 0 3	0	3
How to pass value in subsearches without searching Hi All,I am having a requirement like this. First I need to fetch all the failed searches (lets say skipped searches)... by NAGA4 Engager in Splunk Search 04-03-2024 0 3	0	3