Splunk Search

Community Activity

Pulling out duplicates from multivalue fields and counting I'm trying to achieve the following and hoped someone could help?I have a multivalue field that contains values that ... by steve_b_88 Engager in Splunk Search 03-28-2024 0 3	0	3
Need a Help with Query I have two lookups, 1 with 460K rows and another with 10K rows. I used join to get the 10K results from 460K rows, ho... by satyaallaparthi Communicator in Splunk Search 03-27-2024 0 3	0	3
Subsearch I have two SPL#1 index=index1 service IN (22, 53, 80, 8080) \| table src_ip #2 index=index2 dev_ip IN ( value from #1... by bigll Path Finder in Splunk Search 03-27-2024 0 4	0	4
eval case statement Hi, Am using case statement to sort the fields according to user requirement and not alphabetically. eval sort_fie... by surekhasplunk Communicator in Splunk Search 03-27-2024 2 4	2	4
Regex in Playbook I have required where the CEF comes as URL and I need just a part of the URL to pass as input(ARTIFACT.CEF.URL) to ac... by chandraprathi Explorer in Splunk Search 03-27-2024 0 5	0	5
Filtering out events based on common field and collecting wildcard sub-fields I'm trying to achieve the following search and hoped others might have some helpful suggestions?I have two events fro... by ms2151077 Engager in Splunk Search 03-27-2024 0 2	0	2
problem with join this is the query, so i'm still a baby in this world (so I'm sorry if there is a dummy mistakes that might drive you ... by Mahmoud Engager in Splunk Search 03-27-2024 0 1	0	1
How can I get regex to over ride the host value with another field value from an interesting field? Hi All, Need a help in regex for doing the host over ride with dvc_host field value from the interesting fields for a... by Hemnaath Motivator in Splunk Search 03-26-2024 0 31	0	31
Cron schedule We have an alert where the cron schedule runs for every 6hours0 /6 * *but I don’t want to receive the alert at 6pm... by Ash1 Communicator in Splunk Search 03-26-2024 0 6	0	6
Eval error via REST API Hi, I'm receiving the following error message: Error in 'EvalCommand': Failed to parse the provided arguments. Usage... by naorbarlev Engager in Splunk Search 03-26-2024 0 13	0	13
How to calculate the average based on fields. Hello I think this should be simple enough but somehow I am not able to understand how to approach it. Here is the s... by theouhuios Motivator in Splunk Search 03-26-2024 0 5	0	5
Plot rate of change of count Hi all, Im analysing event counts for a specific search criteria and I want to know how the count of values changed... by jpillai Path Finder in Splunk Search 03-26-2024 0 1	0	1
correlate value using common field Here is my search in question, the common field is the SessionID index=eis_lb apm_eis_rdp \|fillnull value="-" \|search... by MrGlass Explorer in Splunk Search 03-26-2024 0 3	0	3
Can I apply masking at host level instead of sourcetype? I want mask some data coming from web server logs particularly only one server out of all my web server logs. Can I a... by abi2023 Path Finder in Splunk Search 03-26-2024 0 1	0	1
Transaction without endswith Hi! Filtering data from an amount of hosts looking for downtime durations. I get a "forensic" use view with this sear... by martinhelgegren Explorer in Splunk Search 03-26-2024 0 2	0	2
Bring several events together. Hello everyone, I'm coming to you for advice. I am currently working with splunk to create monitor WSO2-APIM instance... by michaelteck Explorer in Splunk Search 03-26-2024 0 3	0	3
Identify predictor fields Good morning fellow Splunkthiasts!I have an index with 100k+ events per minute (all of them having the same sourcetyp... by eregon Path Finder in Splunk Search 03-26-2024 0 1	0	1
Get distinct count from different sources I have 3 different sources of the same filed. I want to aggregate all the 3 sources and get the distinct count of the... by raghubankapur Engager in Splunk Search 03-26-2024 0 2	0	2
Different search time in subsearch/join Hi I have two sets of data, one is proxy logs (index=netproxy) and the other is an extract of LTE Logs which is logs ... by KellyP Splunk Employee in Splunk Search 03-25-2024 0 4	0	4
How can I find the response time with an event time and max time of the events We have a use case where we need to calculate the time difference between the maximum infotime (steptype="endNBflow")... by slearntrain Explorer in Splunk Search 03-25-2024 0 6	0	6
Calculate Ratio of Two Counter Streams I've two counter streams, I would like to display that as a percentage asB/(B+C) in the chart but it always gives me... by sks New Member in Splunk Search 03-25-2024 0 2	0	2
Splunk not able to extract fields properly Hi Splunk Experts, I have some data coming into splunk which has the following format: [{"columns":[{"text":"id","t... by janesh222 Engager in Splunk Search 03-25-2024 0 2	0	2
Comparing lookup file with an index I am trying to compare an IP address field called ex_ip thats stored in a lookup file with an index called activity w... by pop345 Loves-to-Learn Lots in Splunk Search 03-25-2024 0 7	0	7
Unique users logging in each day chart / search I seem to be close on trying to find the statistics to be able to pull unique users per day but I know I'm missing so... by tylermonteith Explorer in Splunk Search 03-25-2024 0 5	0	5
How to use different time ranges in subsearch and main search ? Hi, am creation a dashboard using dashboard studio, and i want to run a query with subsearch.i want to use the time f... by selvaraj4u New Member in Splunk Search 03-25-2024 0 1	0	1