Splunk Search

Community Activity

messages truncate Good morning, I come to you because after looking for an answer to my problem, my last solution is to come and seek h... by keorus New Member in Splunk Search 02-16-2024 0 4	0	4
searching events for "was down for" and averaging the time I have events like the below that are saying when a particular pool member was out of rotation for a particular perio... by jyates76 Explorer in Splunk Search 02-16-2024 0 1	0	1
Change order of comma separated names I have a list of comma separated names (lastname, firstname) that I need to reverse. So "Smith, Suzy" becomes "Suzy S... by Kat456 Engager in Splunk Search 02-16-2024 0 3	0	3
Data model - eval expression I can run the below command in a search successfully - \| eval message=replace(Message, "^Installation Successful: Wi... by jeradb Explorer in Splunk Search 02-15-2024 0 2	0	2
EVAL for ELSE IF condition My logic for my field "Action" is below, but because there is different else conditions I cannot write an eval do ach... by davidcraven02 Communicator in Splunk Search 02-15-2024 0 14	0	14
replace join with stats maybe? Hello guys, I have below query which uses join. I see lots of examples how to replace that with stats, but I am not a... by dmitrynt Engager in Splunk Search 02-15-2024 0 12	0	12
Add entry data to an alert I am using the search below \| metadata type=hosts \| where recentTime < now() - 10800\| eval lastSeen = strftime(recent... by mwcentracomm Explorer in Splunk Search 02-15-2024 0 3	0	3
How to resolve SPL fetching more number of data points for indexed data than event data? Hello All,I have the below SPL to compare hourly event data and indexed data to find if they follow similar pattern a... by Taruchit Contributor in Splunk Search 02-15-2024 0 8	0	8
Get user's search history Quick question: how can I view a user's search history? by Branden Builder in Splunk Search 02-15-2024 14 24	14	24
Timechart % failures every 30 mins from nginx access logs index=myindex source="/var/log/nginx/access.log" \| eval status_group=case(status!=200, "fail", status=200, "succe... by guywood13 Path Finder in Splunk Search 02-15-2024 0 2	0	2
How to add entry of source ip,host from the search or notable into lookup table Hello Team,Required help regarding below points :1] how to add entry of the ran search with the fields Host, SourceI... by HPACHPANDE Explorer in Splunk Search 02-14-2024 0 1	0	1
Creating a table with unique rows base upon unique fields I am relatively new to the Splunk coding space so bare with me in regards to my inquiry.Currently I am trying to crea... by Ho_Wai_Yung Explorer in Splunk Search 02-14-2024 0 10	0	10
REX: how to search in the opposite direction I'm new to REX and trying to extract strings from _raw (which is actually a malformed JSON, so SPATH is not a good op... by LHumberto Explorer in Splunk Search 02-14-2024 0 4	0	4
how can I tell if a data model is being used? I have a distributed environment with 2 independent search heads. I run the same search on both, and one shows a fie... by ilhwan Path Finder in Splunk Search 02-14-2024 0 4	0	4
Counting how many days users logged into the server for the last 12 months Hello, I am trying to count how many days out of the last 12 months our users logged into two of our servers. And ... by splunktrainingu Communicator in Splunk Search 02-14-2024 0 6	0	6
Passing token to macro when multiselect Hi Splunkers, I would like to pass the label value to the macro based on some condition, when a single value is sel... by smanojkumar Contributor in Splunk Search 02-14-2024 0 1	0	1
IPlocation updated I need some help updating the mmdb file for the iplocation command. Ive read the other forum questions regarding this... by Abass42 Communicator in Splunk Search 02-13-2024 0 0	0	0
Can't seem to understand relative_time Hi,I am working my way through some of the splunk courses. I am currently on "working with time".In one of the videos... by sfghjkl New Member in Splunk Search 02-13-2024 0 1	0	1
Splunk Append Query I am using the below query to merge 2 queries using append. However, I am unable to get the value of the field named ... by NishantKrishna Loves-to-Learn in Splunk Search 02-13-2024 0 7	0	7
Regex to extract next 5 lines after keyword hi i would like some help on how to extract the next 5 lines after a keyword where it extracts the full line where th... by thaghost99 Path Finder in Splunk Search 02-13-2024 0 5	0	5
Fetching alphanumeric value and numeric values in aline How to extract alphanumeric and numeric values from aline, both are dynamic values<Alphanumeric>_ETC_RFG: play this ... by Arani_Hari Loves-to-Learn Lots in Splunk Search 02-13-2024 0 7	0	7
Apply different calculation count/sum depending on value/index I have a "cost" for two different indexes that I want to calculate in one and the same SPL. As the "price" is differe... by martinmasif Explorer in Splunk Search 02-13-2024 0 2	0	2
Splunk Query to show average count and minimum for date_month and date_day Hi, I created a column chart in Splunk that shows month but will like to also indicate the day of the week for each o... by Strangertinz Path Finder in Splunk Search 02-13-2024 0 6	0	6
How to use rex to extract field before two symbols I have raw data like: Error=REQUEST ERROR \| request is not valid.\|","time":"1707622073040" and I want to extract "R... by adamsobczykhsbc Explorer in Splunk Search 02-13-2024 0 5	0	5
Compare the same search over two different time periods I have a number of devices that send logs to Splunk.I want to know when devices stop logging.For this example search:... by iainp New Member in Splunk Search 02-13-2024 0 2	0	2