Splunk Search

Community Activity

	Search to check if request duration search has recovered index=my_index source="/var/log/nginx/access.log" \| stats avg(request_time) as Average_Request_Time \| where Average... by guywood13 Path Finder in Splunk Search 02-21-2024 0 7	0	7
	case-sensitive on subsearch hiI have this situationindex="idx" [\| inputlookup name.csv \| table id name ]idx=idname1a2aaa1A2aaa12abbb lookupidname... by simo Path Finder in Splunk Search 02-21-2024 0 1	0	1
	Regex Help to extract fields Can some one please help with the regex that can be used to view the below event in tabular format.EventINFO > 2024-0... by Harikiranjammul Explorer in Splunk Search 02-21-2024 0 1	0	1
	Splint date/time filed in multiple fields for calculations Hi.I have a single filed for date and time of event - 2024-02-19T11:16:58.930104ZI would like to have to fields Date ... by bigll Path Finder in Splunk Search 02-21-2024 0 3	0	3
	How to populate a single column with dynamic field values? HelloI have a working dashboard where I have various fields that can be defined (field1 and field2 in the example), a... by ea-2023 Path Finder in Splunk Search 02-20-2024 0 11	0	11
	How to manage multiple regex using same field name We have application data coming from Apache Tomcat's and have a regex in place to extract exception name. But there a... by att35 Builder in Splunk Search 02-20-2024 0 3	0	3
	query returned field passed to another query I need help to write a search query where the result from the one query is passed onto the second query1 we import th... by atul9771 Engager in Splunk Search 02-20-2024 0 2	0	2
	How to calculate time difference b/w multiple events and sum for a field I have requirement to calculate total time a user has been connected to system, for that I have logs as below which s... by ramnaresh2051 Engager in Splunk Search 02-20-2024 0 3	0	3
	Searching for "-" in IIS logs? In Microsoft IIS logs, when a field is empty, a dash ( - ) is used instead of leaving the value blank. Presumably th... by DaClyde Contributor in Splunk Search 02-20-2024 0 4	0	4
	How to retain fields from base search to use after a map command? We have a search where one of the fields from base search is passed onto a REST API using map command. <Base Search>... by att35 Builder in Splunk Search 02-20-2024 0 2	0	2
	Extract a part of field Hi all,I'm trying to extract a part of a field. The field named Computer and is like MySrv.MyDomain.MySubDom1.comMySu... by Olivier2024 Explorer in Splunk Search 02-20-2024 0 4	0	4
	map search question I'm using a modified search from splunksearches.com to get the events from the past two days and returning the differ... by ITSplunk117 Path Finder in Splunk Search 02-20-2024 0 2	0	2
	Extracting a composite variable and comparing it with the rows of an index. "I have an issue with creating a field named 'Path' which should be populated with 'YES' or 'NO' based on the followi... by omcollia Engager in Splunk Search 02-20-2024 0 3	0	3
	Restricting timechart to smaller set of days than search I have a timechart that shows the last 30d and with the timechart I also have a trendline showing the sma7. The prob... by DEADBEEF Path Finder in Splunk Search 02-19-2024 0 3	0	3
	mstats custom query \|mstats avg(os.mem.utilized) as Memory_Used where index=metricsidx host=host1 OR host=host2 span=1d \|table Memory_Us... by Harish2 Path Finder in Splunk Search 02-19-2024 0 3	0	3
	Searching data from two subsequent events I have a logfile like this - 2024-02-15 09:07:47,770 INFO [com.mysite.core.app1.upload.FileUploadWebScript] [http-ni... by runiyal Path Finder in Splunk Search 02-19-2024 0 7	0	7
	Why am I receiving this lookup error? hi When I call the lookup like below it works fine \| inputlookup test.csv but when I use the lookup in a sear... by jip31 Motivator in Splunk Search 02-19-2024 0 20	0	20
	Index doesn't show event anymore Hi, I have an index that doesn't show events anymore. Could you help me please?On November I had a problem with Mongo... by MattiaP Loves-to-Learn Lots in Splunk Search 02-19-2024 0 9	0	9
	Set a default value for rows when they don't get a hit So we have a query: (index="it_ops") source="bank_sys" message.content.country IN ("CANADA","USA","UK","FRANCE","SP... by codetester Loves-to-Learn Lots in Splunk Search 02-19-2024 0 1	0	1
	How to disable splunk alert for a specific time frame? We want an alert to run every day (Monday-Sunday) on a 30 minutes interval with one exception. The exception is it sh... by rzv424 Engager in Splunk Search 02-19-2024 0 2	0	2
	Need Help on Drop down Created 2 drop downs in a dashboard. 1. Country2. Applications (getting data from .csv file)In applications drop down... by mahesh27 Communicator in Splunk Search 02-18-2024 0 4	0	4
	Different Count for Events over a specified 15 min period I am trying to get a understanding why I get a different count total for the number of events for the following searc... by pitt93 New Member in Splunk Search 02-18-2024 0 1	0	1
	How to compare time in lookup. Hello,I have a lookup table called account_audit.csv and have a timestamp field UPDATE_DATE=01/05/24 04:49:26. How ca... by SplunkDash Motivator in Splunk Search 02-18-2024 0 6	0	6
	SPL Hey Experts, I'm new to splunk and I'm trying to extract APP WEB and MNOPQ from a field called result. Can someone pl... by Muthu_Vinith Path Finder in Splunk Search 02-18-2024 0 8	0	8
	Lookup Hey Experts, I'm new to splunk and I'm trying to create a new lookup from data in a index=abc. Can someone please gui... by Muthu_Vinith Path Finder in Splunk Search 02-17-2024 0 8	0	8