Splunk Search

Community Activity

Sanity check: using makeresults and a case for earliest/latest In a perfect world I'd find a way to get this into the time picker,but I haven't seen suggestions for that (please wa... by lembark Loves-to-Learn in Splunk Search 03-17-2024 0 1	0	1
Can the eval case function be used in conjunction with lookup tables? Hello, I am fairly new to Splunk and was wondering if the eval case function could be used in conjunction with looku... by aaloisi Explorer in Splunk Search 03-17-2024 0 7	0	7
Custom Splunk query \|mstats sum(faliure.count) as Failed where index=metric-logs by service application_codesForm the above query i am ge... by Ash1 Communicator in Splunk Search 03-17-2024 0 6	0	6
JSON array and stats command Hi,I am having trouble generating a stats report based on JSON data containing an array. I want to produce the follo... by TSplunk Engager in Splunk Search 03-16-2024 0 2	0	2
How to filter a field from the log where the values change How to filter a field from the log where the values change for example please see below,logfile =(result1=0 result2=5... by Rajpranar Explorer in Splunk Search 03-16-2024 0 2	0	2
how to filter only desired fields from fetched events? In SQL-speak, "how to specify the columns in SELECT clause"? Normally, Splunk does the equivalent of SELECT *, which... by V_at_Splunk Splunk Employee in Splunk Search 03-16-2024 1 6	1	6
Need an dashboard spl Hi,Could if anyone pls share the dashboard spl for the lateral movement in this YouTube video.https://youtu.be/bCCf9q... by Raj Builder in Splunk Search 03-16-2024 0 1	0	1
Help on a use case: Suspicious emails from a previously unseen domain Dear team, Good day! Hope you are doing well. I need some help in understanding a correlation search. The search is... by anoop Loves-to-Learn Lots in Splunk Search 03-15-2024 0 5	0	5
How to modify _time when running summary index on a scheduled search? Hello,How to modify _time when running summary index on a scheduled search?Please suggest. I appreciate your help. Th... by LearningGuy Motivator in Splunk Search 03-15-2024 0 9	0	9
How to create and extract values from multivalue field ? Hello to all, I have a multivalue field with a content.errormsg with values and also with a null value. If the null v... by karthi2809 Builder in Splunk Search 03-15-2024 0 2	0	2
Stats for group of devices I want to create statistic per group of device rather than individual devices.I tried eval, but it produced no result... by bigll Path Finder in Splunk Search 03-15-2024 0 6	0	6
Filter results with value in realtime I'm trying to build a query to give real time results for a value, but the is a time delay between the data send and ... by dataisbeautiful Communicator in Splunk Search 03-15-2024 0 5	0	5
How can I have the Pie Chart and the Table side by side using a single panel? Hello! I have tried a lot of options to solve this, but nothing has worked so far. I have a single panel, with 3 el... by Ginzoa Explorer in Splunk Search 03-15-2024 0 3	0	3
Change _time field to a custom extracted field in Splunk Cloud Is there a way to change the _time field of imported data to be a custom extracted datetime field?Or at least some wa... by HankinAlex Explorer in Splunk Search 03-14-2024 0 10	0	10
Custom token in dashboard i have a dashboard, In that there is a drop down for services.we have 10 panels in a dashboard.When i select service ... by mahesh27 Communicator in Splunk Search 03-14-2024 0 1	0	1
Combine timechart data into a sum of some fields and values of others. Q: Given a "timechart span=1m sep='-" last(foo) as foo last( bar) as bar by hostname", how would I get a unique valu... by lembark Loves-to-Learn in Splunk Search 03-14-2024 0 8	0	8
Help with joining two queries Hi all I am trying to join two queries but unable to get the expected result.I am using join command to extract usern... by binay2634 Explorer in Splunk Search 03-14-2024 0 7	0	7
How to extract data using rex ? Hi,I want to extract value c611b43d-a574-4636-9116-ec45fe8090f8 from below.Could you please let me know how I can do ... by anil1219 Engager in Splunk Search 03-14-2024 0 2	0	2
Create Dynamic Drop-down I am trying to create a dashboard to examine group policy processing errors. I would like to create a drop-down base... by CoryC Engager in Splunk Search 03-14-2024 0 4	0	4
Not receiving data in internal index From last two days I am not receiving data in my Splunk internal index. Please help me understand this issue . by uagraw01 Motivator in Splunk Search 03-14-2024 0 16	0	16
How do I set a token to an html search string <row> <panel depends="$tok_tab_1$"> <table> <title>Alerts Fired</title> <search> ... by jeradb Explorer in Splunk Search 03-14-2024 0 1	0	1
Issue with Send Alert and updating Notable "Splunk cant figure it out" Can you Hello, Looking for some real guidance here. We just implemented Splunk with an Implementation team. We are pulling ou... by cjharmening Loves-to-Learn Lots in Splunk Search 03-14-2024 0 1	0	1
Format with commas an \|appendpipe [stats sum() as by Number ... Good afternoon everyone, I need your help in this way. I have a stats sum with the wild card *\|appendpipe [stats sum(... by BeautyData Explorer in Splunk Search 03-14-2024 0 7	0	7
All Time searches best practices/exceptions I'm trying to create a workload management rule to prevent users from searching with "All Time". After researching, i... by sle Engager in Splunk Search 03-14-2024 0 2	0	2
Optimizing the search Hi All, How can I optimize the below query? Can we convert it to tstats? index=abc host=def* stalled \| rex field=... by abhi04 Communicator in Splunk Search 03-13-2024 0 3	0	3