Splunk Search

Community Activity

Facing issue with my Serach Hello All, Below is my alert script, and I dont want to have any alerts during night 11:50 to 00:25 midnight, however... by Amit79 Loves-to-Learn Everything in Splunk Search 03-20-2024 0 2	0	2
Where field count is less than, but not stats count by I run a Splunk query to see events from my web application firewall. I filter out certain violations by name, using a... by LatchJohnson Explorer in Splunk Search 03-20-2024 0 5	0	5
Filtering a weekly timewrap timechart by a specific time window each day. I have the following query that gives me week-over-week comparisons for the past month: index="myIndex" earliest=-1mo... by jbrenner Path Finder in Splunk Search 03-20-2024 0 1	0	1
Streamed Search Execute Failed Because: Error in 'lookup' command Good morning, I am having issues with admon and running into this error: Streamed Search Execute Failed Because: Erro... by JoshuaJJ Path Finder in Splunk Search 03-20-2024 0 1	0	1
Date difference in months on my search index=raw_fe5_autsust Aplicacao=HUB Endpoint="*/" \| eval RefUser=if(Mes!="", Mes, substr("0" + tostring... by vinihei_987 New Member in Splunk Search 03-20-2024 0 1	0	1
Prevent users from table sorting (when clicking on its headers) The question is really simple, not that sure about the answer though. I'm using Splunk 5.0.6 + Advanced XML panels to... by kikexclusive Path Finder in Splunk Search 03-20-2024 1 7	1	7
Display only weekdays in Time chart Hi,Is it possible to display only weekdays in Time chart ? PS: I am not looking to discard the data for weekend. Just... by AKG11 Path Finder in Splunk Search 03-20-2024 0 1	0	1
Syntax/use of subsearches I have a query …index=blah "BAD_REQUEST" \| rex "(?i) requestId (?P<requestId>[^:]+)" \| table requestId \| dedup reques... by Mick_OBrien Path Finder in Splunk Search 03-20-2024 0 9	0	9
How to search based on variable? \| search no = variable Hello,How to search based on variable? If select contains "many", then search no IN (1 to 30), else search NO 7\| e... by LearningGuy Motivator in Splunk Search 03-20-2024 0 5	0	5
Dedup within span Hi!I have an issue with a query and the dedup command. \| eval service=case( (method="GET" AND match(uri, "/v1/[a-zA-... by erkin Engager in Splunk Search 03-20-2024 0 1	0	1
Dedup is not working with mstats We are streaming Dynatrace metric data into Splunk, for some reason we are seeing duplicate 'MessageDeduplicationId'.... by sabari80 Explorer in Splunk Search 03-20-2024 0 3	0	3
How to extract fields from a json in _raw? I have an application which logs data in the following form:2023-06-30T12:21:08Z DEBUG scalehandler Getting metrics f... by Adisharma Engager in Splunk Search 03-20-2024 0 3	0	3
How to filter out a specific phrase in a Splunk search I'm trying to search for a specific phrase with the search below but I only want result1, not result2. The issue here... by frodelauka Observer in Splunk Search 03-20-2024 0 4	0	4
changing addtime=false on scheduled summary index - advanced edit has no effect Hello,Why does changing addtime=false on scheduled summary index - advanced edit has no effect?Thank you for your hel... by LearningGuy Motivator in Splunk Search 03-20-2024 0 1	0	1
How to return a single value from a subsearch into eval Hi, I'm trying to calculate a value through some lookup statements and then put that value into a variable using eva... by Sloefke Path Finder in Splunk Search 03-20-2024 1 8	1	8
Find a common field with _introspection and _internal or _auit Hi All,our SVC calculation is in _introspection and and our search name is in _internal and _audit. We need a common ... by sairajkiran Observer in Splunk Search 03-20-2024 0 1	0	1
How to search based on drop-down condition? Hello,How to search based on drop-down condition?Thank you in advance! index = test \| eval week_or_day_token = "w" ... by LearningGuy Motivator in Splunk Search 03-20-2024 0 2	0	2
How to run 2 queries on an index and then merge it on a column I have a single index which logs incoming request and completed request related details. There is a common indicator ... by jinishshah Explorer in Splunk Search 03-20-2024 0 1	0	1
How to dynamically change background color of pie based on drop-down selection? Hi.How can I change the background color of pie dynamically through drop-down selection ？Is it okay to look like this... by danliu Loves-to-Learn Everything in Splunk Search 03-20-2024 0 4	0	4
How to extract multiple JSON array? Thanks in Advance. 1.I have a json object as "content.List of Batches Processed{}" and Already splunk extract field a... by karthi2809 Builder in Splunk Search 03-19-2024 0 7	0	7
Need rex Sample Logs:<<< Reporting.logs : 2454 : 15671231232345:INFO :com.am.sss.inws.sample.connector.SampleDBinternalext... by mahesh27 Communicator in Splunk Search 03-19-2024 0 1	0	1
How to avaiod multiple results while using transaction command? Hi Guys,Thanks in Advance.I am using transaction command to fetch unique correlationId and i have multiple conditions... by karthi2809 Builder in Splunk Search 03-19-2024 0 1	0	1
How do I assign value to list or array and use it in where condition? How do I assign value to list or array and use it in where condition?Thank you in advance!!For example:I tried to sea... by LearningGuy Motivator in Splunk Search 03-19-2024 0 3	0	3
How to create a timechart with min, max, average and count values? I have written this query: index=index_name (log.event=res OR (log.event=tracing AND log.operationName=query_name)) \|... by shasha97 New Member in Splunk Search 03-19-2024 0 1	0	1
Plot data for two different time ranges in the same visualization? Hi.I found old article on the subject and followed, but I do not see overlaying charts.My SPL-------------index=firew... by bigll Path Finder in Splunk Search 03-19-2024 0 5	0	5