Splunk Search

Community Activity

is it possible to have expression in case command for argument Y? is it possible to have expression in case command for argument Y?case(x,y)\|eval test=case(x=="X", 'a+b') The Y argume... by billchen99k Engager in Splunk Search 04-03-2024 0 3	0	3
How to pass value in subsearches without searching Hi All,I am having a requirement like this. First I need to fetch all the failed searches (lets say skipped searches)... by NAGA4 Engager in Splunk Search 04-03-2024 0 3	0	3
Exclude a result in search I am trying to exclude this from a search. They are almost all the same just the sshd instance changes can someone he... by djras123 Observer in Splunk Search 04-03-2024 0 2	0	2
How to apply a field extractor created to a search ? I created a field extractor for different fields for an event. Now I would like to search all the events from a sourc... by rcrisan09 Engager in Splunk Search 04-03-2024 1 11	1	11
Searching a Field with Large Number of Selectors - NOT I have a search for which I need to tune out a large number of values (about 25) in a proctitle command field. Curre... by tom_porter Explorer in Splunk Search 04-03-2024 0 4	0	4
Capture groups extracting empty values from log messages Requesting help with search query. I have application logs in Splunk like,2024-04-02T12:26:02.244-04:00,severity=DEBU... by search_in_splun Explorer in Splunk Search 04-03-2024 0 6	0	6
What Cron schedule can we use to run report on first Monday of each month? Please help share the exact cron schedule that can be used here. Existing posts are not helping Thanks by AnmolKohli Explorer in Splunk Search 04-03-2024 0 4	0	4
Superset of data fragments / Compress diagonal data with extra obstacles I have three tables. Each has one or more ID fields (out of ID_A, ID_B, ID_C) and assigns values Xn, Yn, Zn to these ... by rikinet Path Finder in Splunk Search 04-03-2024 0 3	0	3
Need help on a query \|msats sum(count-error) as Failed where index=metrics_index by service errorNumber errortype Results:serviceerrorNum... by mahesh27 Communicator in Splunk Search 04-03-2024 0 2	0	2
Compare 2 source types within the same index and find the Gap Hello,How do I compare 2 source types within the same index and find the Gap. For Example: index=compare sourcetype=a... by SplunkDash Motivator in Splunk Search 04-03-2024 0 4	0	4
strptime works when using makeresults, but not with actual results I have a dataset of user data including the user's LastLogin. The LastLogin field is slightly oddly formatted but ver... by raoul Path Finder in Splunk Search 04-03-2024 0 2	0	2
applying current time multiple times (per specific event) Hello EveryoneI'm trying to calculate the "time_difference" between one column and another in Splunk. The problem is ... by PawelSplunk Engager in Splunk Search 04-02-2024 0 2	0	2
Need Help on Splunk query open the "Search & Reporting" application, and find through SPL searches against all data the password utilized durin... by Ramtejachode Observer in Splunk Search 04-02-2024 0 1	0	1
How to include the country in the PIE chart Hi Can anyone help me with below query I have created a pie chart based on the error message, however i am not sure h... by jaibalaraman Path Finder in Splunk Search 04-02-2024 0 3	0	3
How to compare pervious hour events with present hour I want to compare pervious hour data with present hour data and get the percentage using below query.\|mstats sum(tran... by mahesh27 Communicator in Splunk Search 04-02-2024 0 5	0	5
Why is field missing in piechart? Hi All, Need your support in resolving an issue in a pie chart. I can see the below-mentioned results in statistics a... by Shan Builder in Splunk Search 04-02-2024 0 11	0	11
Adding data to the table from subsearch Hey, I have a problem preparing a Splunjk query. Could you assist me?I have a simple query that returns a table with ... by abroun Engager in Splunk Search 04-02-2024 0 3	0	3
How to show Total time elapsed time in splunk dashboard? Hi Guys,I am using timeline visualization in my Splunk dashboard to show total elapsed time. But in some times its no... by karthi2809 Builder in Splunk Search 04-02-2024 0 1	0	1
How to get TOP 3 values from STATS list() Hello Everyone, I am trying to get the top 3 max values of a field "elapseJobTime" for all the instances associated ... by rajatsinghbagga Explorer in Splunk Search 04-02-2024 0 12	0	12
Search Query Help! Hello, I am looking for my search results for only 6pm to 9pm over the last 90 days. How can I achieve this with the ... by kc_prane Communicator in Splunk Search 04-02-2024 0 1	0	1
Require to extract info from messages and create table Below I provided a sample trace where we have message with below format Error_Request_Response for URI: {}, and Excep... by UdayBhaskar Engager in Splunk Search 04-02-2024 0 1	0	1
How to show two json response in single field? Hi Guys,I want to show two field values into single column in a table .query and sample logs given below. index="mule... by karthi2809 Builder in Splunk Search 04-02-2024 0 7	0	7
Using input file but only want select results returned I have a dashboard where I have 4 multi select boxes and a input file with all possible results for each app. When t... by bullbasin Explorer in Splunk Search 04-02-2024 0 4	0	4
How can I use login and logout events for specific UserIDs to determine concurrent users at a given time? These are the fields I'm using - Body, ATNVersion, operatingsystem, osversion, MID by purcell12491 Loves-to-Learn in Splunk Search 04-02-2024 0 3	0	3
How to create graph based on Std deviation & Avg Hi Can anyoine suggest me how to create Avg & Std Dev graph from the fields by jaibalaraman Path Finder in Splunk Search 04-02-2024 0 5	0	5