Splunk Search

Community Activity

Perform an operation on values in the column of a lookup table that share the same row values I have a lookup table that looks like this (:Column 1Column 2Column 3Column 4Value 1--15Value 1--60Value 2--75Value 2... by matthewob5 Engager in Splunk Search 03-25-2024 0 1	0	1
JSON extraction Hello Expert Splunk Community ,I am struggling with a JSON extraction .Need help/advice on how to do this operationDa... by psamuel69 Explorer in Splunk Search 03-25-2024 0 5	0	5
Using mstats to create separate columns per metrics I know that I can combine multiple metrics using mstats as: \| mstats avg(_value) AS "Average" WHERE metric_name=metr... by kutsyy Engager in Splunk Search 03-24-2024 0 3	0	3
To Remove values with '0' from the calculation I have below query to calculate average response times. For some reason some times the value is coming as '0'. i want... by sabari80 Explorer in Splunk Search 03-23-2024 0 7	0	7
Help on Splunk query Hi, I have 4 fields in my index ID, Method, URL, HTTP_responsecodeID is in the form of XXXX-YYYY-ZZZZ-AAAA, Now, I wa... by suvi6789 Path Finder in Splunk Search 03-23-2024 0 1	0	1
How to Remove the null values in a field for particular type only. HI,I have a single query to get all types of data in table.for one particular type I have an issue with the null valu... by vinod743374 Communicator in Splunk Search 03-23-2024 0 2	0	2
Combining two fields into one field I currently have two different fieldsHost DomainF32432KL34 domain.comI wish to combine these i... by psomeshwar Path Finder in Splunk Search 03-22-2024 0 3	0	3
extract only xml part from an event Hi,my event has unstructured data i.e. few strings than xml part than few more strings and another xml follow by few ... by eranhauser Path Finder in Splunk Search 03-22-2024 0 5	0	5
Few fields not visible when check on the all feilds section but i can see them when i table them with the names. I have a strange issue, when i search for specific event in Splunk and I am looking for specific fields( ex field1, f... by HarishSamudrala Loves-to-Learn in Splunk Search 03-22-2024 0 6	0	6
Excluding multiple slashes throughout regex capture string Trying to figure out how to extract a field using regex to capture the entire string. Only problem is there are a bu... by splunkrush Engager in Splunk Search 03-22-2024 0 2	0	2
How to create a base search that retains multiple regex fields? I have a dashboard that is built from 3 different searches. They all come from the same data so I would like to turn... by kmaron Motivator in Splunk Search 03-22-2024 1 13	1	13
multiple Case conditions? Hi,I am using multiple case conditions but the condition is not matching. In the third line of the code used AND cond... by karthi2809 Builder in Splunk Search 03-22-2024 0 6	0	6
How to use stats in multiple Condition and fields ? Hi Guys,I am trying fetch details using stats.In this query I am trying get status from the below conditions and when... by karthi2809 Builder in Splunk Search 03-22-2024 0 2	0	2
Dividing combined value into separate values Currently, I have a table that looks like this:Table1Hostname Vendor Product Version----------... by psomeshwar Path Finder in Splunk Search 03-22-2024 0 6	0	6
Lateral movement search needed Hi, I need an help with my windows security logs how we can create the lateral movement use case by AL3Z Builder in Splunk Search 03-21-2024 0 1	0	1
Log searching Splunk I am searching some logs in an application for the last 24 hours (or any time range the user has selected). Is it pos... by av_ Path Finder in Splunk Search 03-21-2024 0 4	0	4
Issue using rex to replace string Hello world,I'm trying to use rex to rename the part of the strings below where it says "g0" to "GRN". So the output ... by Scharf Explorer in Splunk Search 03-21-2024 0 5	0	5
Setting a date range as a field for the chargeback app I have a question regarding how to properly extract the time ranges between the Events to use as a field value for a ... by Abass42 Communicator in Splunk Search 03-21-2024 0 1	0	1
Collect command with federated searches I have a use case where I'm trying to collect events from a federated search. I can run and search results using the ... by MJAITEH Engager in Splunk Search 03-21-2024 1 0	1	0
How to exclude field values in the query? Hi Guys,I am try to exclude field value . need to exclude message=""API:START: /v1/Journals_outbound" index="mulesof... by karthi2809 Builder in Splunk Search 03-21-2024 0 1	0	1
mutiple search Hello everyone, i need solution for this.my data :userID=text123 , login_time="2024-03-21 08:04:42.201000", ip_addr=1... by riposans Explorer in Splunk Search 03-20-2024 0 1	0	1
Facing issue with my Serach Hello All, Below is my alert script, and I dont want to have any alerts during night 11:50 to 00:25 midnight, however... by Amit79 Loves-to-Learn Everything in Splunk Search 03-20-2024 0 2	0	2
Where field count is less than, but not stats count by I run a Splunk query to see events from my web application firewall. I filter out certain violations by name, using a... by LatchJohnson Explorer in Splunk Search 03-20-2024 0 5	0	5
Filtering a weekly timewrap timechart by a specific time window each day. I have the following query that gives me week-over-week comparisons for the past month: index="myIndex" earliest=-1mo... by jbrenner Path Finder in Splunk Search 03-20-2024 0 1	0	1
Streamed Search Execute Failed Because: Error in 'lookup' command Good morning, I am having issues with admon and running into this error: Streamed Search Execute Failed Because: Erro... by JoshuaJJ Path Finder in Splunk Search 03-20-2024 0 1	0	1