Splunk Search

Community Activity

I would like to use timechart to show the trend for 7days using below source=IN1 STATUS=SUCCESS OR STATUS=FAILED earliest=-2d@d+14h latest=-1d@d+14h APP=DEV \| stats count(APP) as "numbero... by phoebepascual New Member in Splunk Search 04-12-2019 0 7	0	7
Can you help me build a query that shows users who have not connected to a VPN in the last 7 days? New to Splunk and I am learning as much as I can. I am trying to build on a query I have that shows the users who hav... by bluecollar Engager in Splunk Search 04-12-2019 0 7	0	7
Trouble comparing timestamps I have two timestamps in different formats and I want to see how much time has elapsed between them. I have a rex th... by ShagVT Path Finder in Splunk Search 04-12-2019 0 9	0	9
How to extract JSON format using rex command? How to extract JSON format using rex command, removing double quotes & semi colon? "TranID":"a2775f5d", "TranStartTi... by karthi2809 Builder in Splunk Search 04-12-2019 0 4	0	4
Scheduled search returns different results There are two ways users can register for our site and I'm trying to track how many registered in the last quarter. W... by jrfreeze Explorer in Splunk Search 04-12-2019 0 1	0	1
Querying for values without a specific character? Attempting to create a query that will return all values that do not have a . (dot) in their file name, meaning no fi... by yepyepyayyooo New Member in Splunk Search 04-12-2019 0 4	0	4
Please help! How to use REX to extract the values Can someone please help me with this? I just start using splunk and I cannot figure out this, what I need is to ext... by splunknewbie123 New Member in Splunk Search 04-12-2019 0 1	0	1
Count a value by a value without stats? Im currently trying to build a search where im trying to determine if a user is trying to send data out maliciously. ... by brienhawker Explorer in Splunk Search 04-12-2019 0 1	0	1
Generate timechart from one event with known duration I have events where I know what the _time is(obviously). _time lets me know the end of the event. I also have data fo... by kkos94 Explorer in Splunk Search 04-12-2019 0 2	0	2
How Extract Fields and Values on a multivalue field in search time I want to extract the fields and values from the following event: 1997-11-14 12:11:56 schedule ERROR a.b.c.d.e Some... by nravichandran Communicator in Splunk Search 04-11-2019 0 12	0	12
How to create dashboard filters with lookups? Hello, I am trying to create dashboard filters (multiselect) using a lookup. The filters I am trying to add to my re... by katzr Path Finder in Splunk Search 04-11-2019 0 3	0	3
MYSQLの結果取り込 MYSQLでSelectした結果をインデックスに取り込たいのですが、 ①InputType＝Risingの場合、指定したCheckpoint以降のデータした登録されない ②InputRtpe＝Btachの場合、取り込前のデータを削除し... by bigginer New Member in Splunk Search 04-11-2019 0 0	0	0
Extracting fields from SNMP GETBULK data Hi everyone, I need to extract fields from data continuously polled for via SNMP Modular Input. Each event looks lik... by adlireza Path Finder in Splunk Search 04-11-2019 0 7	0	7
Regex to Select Data Between Line Breaks Hello, I am trying to create a regex so that I can have all data in between line breaks as one event. Here is a samp... by dfrench151 Explorer in Splunk Search 04-11-2019 0 9	0	9
Lookup table vs Add Data Basic question: when using a static csv as a data source, what are the pros and cons of creating a new lookup table v... by mistydennis Communicator in Splunk Search 04-11-2019 0 2	0	2
Get logs with a distinct value of a field I saw some similar questions but none seem to work In my splunk logs, I have this field called TransactionID: 6c5802... by ank15july96 Engager in Splunk Search 04-11-2019 0 3	0	3
Stats Latest is not returning the Latest value The following search returns the listed DateTime values for the field S3KeyLastModified. index="aws-billing" sourc... by robinettdonWY Path Finder in Splunk Search 04-11-2019 0 3	0	3
how to set token from a table Hi suppose search result: col1 col2 1 2 then <preview> <set token="row1_col2">$result.col2$</set> </previe... by crazyeva Contributor in Splunk Search 04-11-2019 0 7	0	7
tstats web datamodel unable to use status in eval Hi, ive been having issues with using eval commands with the status field from the Web datamodel specifically with t... by eco_rb023 Engager in Splunk Search 04-11-2019 1 3	1	3
Comparing results of subsearch and main search Hi All , My problem statement is to find the blocked queues over 60 minutes consistently which means that there shou... by lohit Path Finder in Splunk Search 04-11-2019 0 3	0	3
Make field reference after a certain value I have a query that has two native fields, they are "referenced_host" and "url". I performed the extraction of the "r... by LeandroKopke Explorer in Splunk Search 04-11-2019 0 3	0	3
Does Splunk SDK provide api for retrying searches I wonder if I have to implement the retry logic by myself by fpan_splunk Splunk Employee in Splunk Search 04-11-2019 0 0	0	0
How to generate multiple charts from one search result faster? Hello, I'm wondering if there is any faster or more efficient way (either using Pivot or some unique query) to gener... by hcheang Path Finder in Splunk Search 04-11-2019 0 9	0	9
Display error :Could not create search create many query in panels, but some panels can display right search result, some can not and display the error:Coul... by kavana Explorer in Splunk Search 04-11-2019 0 12	0	12
Create an list that shows unused data in specific index Hi, Can I in someway create an list that shows unused data in a specific index? Is it possible? by amirarsalan Explorer in Splunk Search 04-11-2019 0 5	0	5