Splunk Search

Community Activity

Combine different searches into a single table or report Hi I have 10 different Splunk queries that return results only when there is an issue or a flag of 1. All the queries... by johnsasikumar Path Finder in Splunk Search 04-15-2019 0 1	0	1
How to customize and sort columns with specific conditions? Hi, I am looking to sort column with specific condition. Condition: if column Context_Command contains * it should... by AKG1_old1 Builder in Splunk Search 04-15-2019 1 2	1	2
combine two search results tables by matching fields value Hello Guys , I am having results from two different query 1> index=_internal ("version" AND source="/opt/splunk/va... by kannu Communicator in Splunk Search 04-15-2019 0 10	0	10
Filter search string to field with only 1 specific value I want to output computers who only has started 1 specific application Field values: Application + Computers There i... by lbkAconectodk New Member in Splunk Search 04-15-2019 0 7	0	7
Help on subsearch Hello I use the search below it works fine..... BUT for some host, I cant catch the fields there is in the subsearch... by jip31 Motivator in Splunk Search 04-14-2019 0 7	0	7
How to group results that has 5 or more distinct values in list(repo_name) ? Hi, I have a search query as below. query \| stats list(repo_name) by user_login This returns username with their ... by wailoont Engager in Splunk Search 04-14-2019 0 2	0	2
How do I disable drill down (completely) for certain columns in a table? Hi there, I need to disable drilldown on certain columns. Unlike the answer given here... https://answers.splunk.co... by nick405060 Motivator in Splunk Search 04-14-2019 1 8	1	8
How to display a linechart that uses the same field for different devices? So I have HomeAssistant installed and I'm sending all of the events off to my splunk server. I recently had my attic... by thefuzz4 Path Finder in Splunk Search 04-13-2019 0 2	0	2
Find the "No events" Given the search stats count by Name, Fruit results in: Name, Fruit, count Mike, Bananas, 10 Mike, Apples, 10 Sus... by fred1455 New Member in Splunk Search 04-13-2019 0 4	0	4
How to populate a lookup file with eval? Hi, I would like to update a lookup file with, for an example 10 new information, through Splunk Search only. The ... by vbantug New Member in Splunk Search 04-13-2019 0 2	0	2
how to compare characters in two fields and return number of matches? I have two fields se_split and re_split which are lined up like so re_split se_split a ... by brienhawker Explorer in Splunk Search 04-13-2019 1 10	1	10
adding another field after using set diff Hi Splunkers I have a set of results from using set diff which is all good. I am now wanting to output another field... by proylea Contributor in Splunk Search 04-13-2019 0 20	0	20
How to compare the same search from the previous day to current day using set diff? Hi guys, I am very new to Splunk (about 1 month or so) and I am having some trouble incorporating "set diff" into my... by darrenaefc Engager in Splunk Search 04-13-2019 0 8	0	8
How can I normalize timechart with field values having wide variation Have a log file that has http response codes in a particular field. I am doing timechart on it but as the 200 respons... by smiththebest New Member in Splunk Search 04-13-2019 0 2	0	2
How to correlate two searches with one field containing other index's field? Hi, I have two queries with one field being common to correlate and combine the result. But the problem i am facing ... by sangs8788 Communicator in Splunk Search 04-13-2019 0 5	0	5
Time conversion from UST to EST in search results Hello Team, I am facing this issue where my logs are written in EST and the time stamp on the log is UST ( Lets say... by vn86893 Explorer in Splunk Search 04-12-2019 0 2	0	2
Identify elapsed time from two records sharing the same key The input data looks like below. Req_no\|Type\|Time 1000\|Request\|2019-04-10T11.21.46.455Z 1000\|Response\|2019-04-10T11.... by mariraj New Member in Splunk Search 04-12-2019 0 2	0	2
desfased server hour Hello splunkers, I have this search: index = "sti" sourcetype = "Genera_AVI" \| fields _time \| head 1 \| eval tiempo =... by rjfv8205 Path Finder in Splunk Search 04-12-2019 0 3	0	3
How do I filter field values not present in the successful events in the super search I wanted to extract MAC address from events that were never succeeded within a time boundary. I am dealing with event... by rafiqul New Member in Splunk Search 04-12-2019 0 1	0	1
How to compare IP's list from one Index with IP's in different index? Hello splunkers, I have two different indexes with large number of IP's. Let's say 30k in one index A and >100k in o... by snallam123 Path Finder in Splunk Search 04-12-2019 0 6	0	6
I would like to use timechart to show the trend for 7days using below source=IN1 STATUS=SUCCESS OR STATUS=FAILED earliest=-2d@d+14h latest=-1d@d+14h APP=DEV \| stats count(APP) as "numbero... by phoebepascual New Member in Splunk Search 04-12-2019 0 7	0	7
Can you help me build a query that shows users who have not connected to a VPN in the last 7 days? New to Splunk and I am learning as much as I can. I am trying to build on a query I have that shows the users who hav... by bluecollar Engager in Splunk Search 04-12-2019 0 7	0	7
Trouble comparing timestamps I have two timestamps in different formats and I want to see how much time has elapsed between them. I have a rex th... by ShagVT Path Finder in Splunk Search 04-12-2019 0 9	0	9
How to extract JSON format using rex command? How to extract JSON format using rex command, removing double quotes & semi colon? "TranID":"a2775f5d", "TranStartTi... by karthi2809 Builder in Splunk Search 04-12-2019 0 4	0	4
Scheduled search returns different results There are two ways users can register for our site and I'm trying to track how many registered in the last quarter. W... by jrfreeze Explorer in Splunk Search 04-12-2019 0 1	0	1