Splunk Search

Community Activity

Format with commas an \|appendpipe [stats sum() as by Number ... Good afternoon everyone, I need your help in this way. I have a stats sum with the wild card *\|appendpipe [stats sum(... by BeautyData Explorer in Splunk Search 03-14-2024 0 7	0	7
All Time searches best practices/exceptions I'm trying to create a workload management rule to prevent users from searching with "All Time". After researching, i... by sle Engager in Splunk Search 03-14-2024 0 2	0	2
Optimizing the search Hi All, How can I optimize the below query? Can we convert it to tstats? index=abc host=def* stalled \| rex field=... by abhi04 Communicator in Splunk Search 03-13-2024 0 3	0	3
Using Parameter in Search I am trying to use parameter into the search using IN condition. Query is retuning results if I put data directly in... by splunkuser320 Path Finder in Splunk Search 03-13-2024 0 8	0	8
Splunk query to skip alphanumeric string I've below 3 different types of API logs where I've to treat all 3 as same and get the count of the API.There are mul... by Deprasad Path Finder in Splunk Search 03-13-2024 0 5	0	5
How to calculate statistics for using PC Hello!I have a log that shows locking/unlocking PCs:1710320306,u09,unlocked1710320356,u09,locked1710320360,u10,unlock... by ipoluda Explorer in Splunk Search 03-13-2024 0 1	0	1
having exclamation symbol and showing warning message:indicates problems with underlying storage performance We have a Splunk Dashboard for our Team in Splunk Cluster. Almost every report item is having exclamation symbol and... by Splunk-Star Loves-to-Learn Lots in Splunk Search 03-13-2024 0 2	0	2
Prerequisites of Splunk if i had to write a document for myself on basic learning of splunk: to create a dashboard i can either use inputs li... by Tron-spectron47 Loves-to-Learn in Splunk Search 03-13-2024 0 3	0	3
user is getting the following error:Could not load lookup=LOOKUP-h_vms On splunk user is getting the following error:Could not load lookup=LOOKUP-pp_vms but admin is not getting any such ... by Splunk-Star Loves-to-Learn Lots in Splunk Search 03-13-2024 0 2	0	2
Merge numberous data in a field Good Morning i have a field that i've called problem_detail in our Helpdesk index. it contains all the types of prob... by PaulaCom Path Finder in Splunk Search 03-13-2024 0 2	0	2
How to extract two fields using regex? How to extract the two fields from the message ?In this need to extract after API: START: /v1/expense/extract/demand/... by karthi2809 Builder in Splunk Search 03-13-2024 0 3	0	3
Separate the array value in the different event. Hi team,I mentioned that the payload field contains the entity-internal-id and lead-id in an array format. I want to ... by parthiban Path Finder in Splunk Search 03-13-2024 0 5	0	5
Datas are not getting parsed after giving table name on splunk query. Please let me know the correct data extraction? index=* "Unknown message for StatusConsumer" topicId marshall \| rex f... by Splunk-Star Loves-to-Learn Lots in Splunk Search 03-12-2024 0 3	0	3
Grouping data based off a single field I have all the relevant data I need from a single source but I am wanting to present it in a way that I can't get it ... by 1tiger105 Engager in Splunk Search 03-12-2024 0 2	0	2
Is it possible to call lookup within case statement? I want to call lookup within case statement. if possible, please share sample query. by RSS_STT Explorer in Splunk Search 03-12-2024 0 6	0	6
Modify a date field value using SED I have a weird date/time value: 20240307105530.358753-360I would like to make it more user friendly 2024/03/07 10:5... by jason_hotchkiss Communicator in Splunk Search 03-12-2024 0 3	0	3
How to search and filter by a field that contains spaces? Hello Team, I could see a lot of discussions on this forum, but none solving my issue. I have a log with content li... by teknet7 Engager in Splunk Search 03-12-2024 1 3	1	3
Geostats Cluster Map Help Any reason why this can't be visualized in a geo cluster map?source="udp:514" index="syslog" NOT src_ip IN (10.0.0.0/... by ChocolateRocket Explorer in Splunk Search 03-12-2024 0 7	0	7
How to use the REST API to fetch and filter results from a saved search? I am using REST service - my requirement is to use Splunk REST URL to fetch details from a saved search .. but I want... by samkaj Explorer in Splunk Search 03-12-2024 1 4	1	4
How to use wildcard in case like condition? Hi Guys, Thanks in Advance. So i have case conditions to be match in my splunk query.below the message based on corre... by karthi2809 Builder in Splunk Search 03-12-2024 0 5	0	5
String formating Hello All, I have an Index = Application123 and it contains an Unique ID known as TraceNumber. For each Trace number ... by Satyapv Engager in Splunk Search 03-12-2024 0 3	0	3
Regular expression works separately but, not able to work it within Splunk query. Hello,I'm trying to find average response time of all events after the field totalTimeTaken. Thing is, when I tested ... by mappu Engager in Splunk Search 03-12-2024 0 3	0	3
Using lookup table within tstats Hi All,I am attempting to use lookup table "is_windows_system_file" for the following SPL where the Processes.proces... by losttranslation New Member in Splunk Search 03-11-2024 0 1	0	1
Peak hourly volume monthly wise for last 3 months. Hi Team,I want to calculate peak hourly volume of each month for each service. Each service can have different peak t... by Allampally Path Finder in Splunk Search 03-11-2024 0 7	0	7
custom query \|tstats count where index=app-idx host="abfd" sourcetype=app-source-logs by hostThis is my alert query, i want to m... by Harish2 Path Finder in Splunk Search 03-11-2024 0 18	0	18