Splunk Search

Community Activity

fillnull for all the field names with a pattern I need to use fillnull command but I don't have the exact field names before hand. All my fields starts (which I want... by asingla Communicator in Splunk Search 03-28-2024 1 3	1	3
Facing Issue with Extraction of fields using rex Dataframe row : {"_c0":{"0":"{","1":" \"0\": {","2":" \"jobname\": \"A001_GVE_ADHOC_AUDIT\"","3":" \"status\": \"EN... by Renunaren Loves-to-Learn Everything in Splunk Search 03-28-2024 0 2	0	2
eval returns a field rather than a scalar When I do this search: index="mydata" \| eval mymean=avg(floatnumbers) \| table floatnumbers,mymean mymean just mimics ... by riley_lewis Loves-to-Learn Lots in Splunk Search 03-28-2024 0 1	0	1
Compare values in two different json objects Hello, This question has probably been asked and answered, but I just can't seem to find a best solution. So, in the ... by barosan007 Explorer in Splunk Search 03-28-2024 0 4	0	4
Having issue with multiple events in tier3 Hello team, I am facing an issue with multiple events getting merged as a single event in tier 3. I do not have this ... by srinivas_gowda Path Finder in Splunk Search 03-28-2024 0 1	0	1
Filter Particar results from Macros Below query i am using to get the list of all indexes\| eventcount summarize=false index=* \| dedup index \| fields inde... by alex4 Loves-to-Learn Lots in Splunk Search 03-28-2024 0 1	0	1
Pulling out duplicates from multivalue fields and counting I'm trying to achieve the following and hoped someone could help?I have a multivalue field that contains values that ... by steve_b_88 Engager in Splunk Search 03-28-2024 0 3	0	3
Need a Help with Query I have two lookups, 1 with 460K rows and another with 10K rows. I used join to get the 10K results from 460K rows, ho... by satyaallaparthi Communicator in Splunk Search 03-27-2024 0 3	0	3
Subsearch I have two SPL#1 index=index1 service IN (22, 53, 80, 8080) \| table src_ip #2 index=index2 dev_ip IN ( value from #1... by bigll Path Finder in Splunk Search 03-27-2024 0 4	0	4
eval case statement Hi, Am using case statement to sort the fields according to user requirement and not alphabetically. eval sort_fie... by surekhasplunk Communicator in Splunk Search 03-27-2024 2 4	2	4
Regex in Playbook I have required where the CEF comes as URL and I need just a part of the URL to pass as input(ARTIFACT.CEF.URL) to ac... by chandraprathi Explorer in Splunk Search 03-27-2024 0 5	0	5
Filtering out events based on common field and collecting wildcard sub-fields I'm trying to achieve the following search and hoped others might have some helpful suggestions?I have two events fro... by ms2151077 Engager in Splunk Search 03-27-2024 0 2	0	2
problem with join this is the query, so i'm still a baby in this world (so I'm sorry if there is a dummy mistakes that might drive you ... by Mahmoud Engager in Splunk Search 03-27-2024 0 1	0	1
How can I get regex to over ride the host value with another field value from an interesting field? Hi All, Need a help in regex for doing the host over ride with dvc_host field value from the interesting fields for a... by Hemnaath Motivator in Splunk Search 03-26-2024 0 31	0	31
Cron schedule We have an alert where the cron schedule runs for every 6hours0 /6 * *but I don’t want to receive the alert at 6pm... by Ash1 Communicator in Splunk Search 03-26-2024 0 6	0	6
Eval error via REST API Hi, I'm receiving the following error message: Error in 'EvalCommand': Failed to parse the provided arguments. Usage... by naorbarlev Engager in Splunk Search 03-26-2024 0 13	0	13
How to calculate the average based on fields. Hello I think this should be simple enough but somehow I am not able to understand how to approach it. Here is the s... by theouhuios Motivator in Splunk Search 03-26-2024 0 5	0	5
Plot rate of change of count Hi all, Im analysing event counts for a specific search criteria and I want to know how the count of values changed... by jpillai Path Finder in Splunk Search 03-26-2024 0 1	0	1
correlate value using common field Here is my search in question, the common field is the SessionID index=eis_lb apm_eis_rdp \|fillnull value="-" \|search... by MrGlass Explorer in Splunk Search 03-26-2024 0 3	0	3
Can I apply masking at host level instead of sourcetype? I want mask some data coming from web server logs particularly only one server out of all my web server logs. Can I a... by abi2023 Path Finder in Splunk Search 03-26-2024 0 1	0	1
Transaction without endswith Hi! Filtering data from an amount of hosts looking for downtime durations. I get a "forensic" use view with this sear... by martinhelgegren Explorer in Splunk Search 03-26-2024 0 2	0	2
Bring several events together. Hello everyone, I'm coming to you for advice. I am currently working with splunk to create monitor WSO2-APIM instance... by michaelteck Explorer in Splunk Search 03-26-2024 0 3	0	3
Identify predictor fields Good morning fellow Splunkthiasts!I have an index with 100k+ events per minute (all of them having the same sourcetyp... by eregon Path Finder in Splunk Search 03-26-2024 0 1	0	1
Get distinct count from different sources I have 3 different sources of the same filed. I want to aggregate all the 3 sources and get the distinct count of the... by raghubankapur Engager in Splunk Search 03-26-2024 0 2	0	2
Different search time in subsearch/join Hi I have two sets of data, one is proxy logs (index=netproxy) and the other is an extract of LTE Logs which is logs ... by KellyP Splunk Employee in Splunk Search 03-25-2024 0 4	0	4