Splunk Search

Community Activity

	Searching for "-" in IIS logs? In Microsoft IIS logs, when a field is empty, a dash ( - ) is used instead of leaving the value blank. Presumably th... by DaClyde Contributor in Splunk Search 02-20-2024 0 4	0	4
	How to retain fields from base search to use after a map command? We have a search where one of the fields from base search is passed onto a REST API using map command. <Base Search>... by att35 Builder in Splunk Search 02-20-2024 0 2	0	2
	Extract a part of field Hi all,I'm trying to extract a part of a field. The field named Computer and is like MySrv.MyDomain.MySubDom1.comMySu... by Olivier2024 Explorer in Splunk Search 02-20-2024 0 4	0	4
	map search question I'm using a modified search from splunksearches.com to get the events from the past two days and returning the differ... by ITSplunk117 Path Finder in Splunk Search 02-20-2024 0 2	0	2
	Extracting a composite variable and comparing it with the rows of an index. "I have an issue with creating a field named 'Path' which should be populated with 'YES' or 'NO' based on the followi... by omcollia Engager in Splunk Search 02-20-2024 0 3	0	3
	Restricting timechart to smaller set of days than search I have a timechart that shows the last 30d and with the timechart I also have a trendline showing the sma7. The prob... by DEADBEEF Path Finder in Splunk Search 02-19-2024 0 3	0	3
	mstats custom query \|mstats avg(os.mem.utilized) as Memory_Used where index=metricsidx host=host1 OR host=host2 span=1d \|table Memory_Us... by Harish2 Path Finder in Splunk Search 02-19-2024 0 3	0	3
	Searching data from two subsequent events I have a logfile like this - 2024-02-15 09:07:47,770 INFO [com.mysite.core.app1.upload.FileUploadWebScript] [http-ni... by runiyal Path Finder in Splunk Search 02-19-2024 0 7	0	7
	Why am I receiving this lookup error? hi When I call the lookup like below it works fine \| inputlookup test.csv but when I use the lookup in a sear... by jip31 Motivator in Splunk Search 02-19-2024 0 20	0	20
	Index doesn't show event anymore Hi, I have an index that doesn't show events anymore. Could you help me please?On November I had a problem with Mongo... by MattiaP Loves-to-Learn Lots in Splunk Search 02-19-2024 0 9	0	9
	Set a default value for rows when they don't get a hit So we have a query: (index="it_ops") source="bank_sys" message.content.country IN ("CANADA","USA","UK","FRANCE","SP... by codetester Loves-to-Learn Lots in Splunk Search 02-19-2024 0 1	0	1
	How to disable splunk alert for a specific time frame? We want an alert to run every day (Monday-Sunday) on a 30 minutes interval with one exception. The exception is it sh... by rzv424 Engager in Splunk Search 02-19-2024 0 2	0	2
	Need Help on Drop down Created 2 drop downs in a dashboard. 1. Country2. Applications (getting data from .csv file)In applications drop down... by mahesh27 Communicator in Splunk Search 02-18-2024 0 4	0	4
	Different Count for Events over a specified 15 min period I am trying to get a understanding why I get a different count total for the number of events for the following searc... by pitt93 New Member in Splunk Search 02-18-2024 0 1	0	1
	How to compare time in lookup. Hello,I have a lookup table called account_audit.csv and have a timestamp field UPDATE_DATE=01/05/24 04:49:26. How ca... by SplunkDash Motivator in Splunk Search 02-18-2024 0 6	0	6
	SPL Hey Experts, I'm new to splunk and I'm trying to extract APP WEB and MNOPQ from a field called result. Can someone pl... by Muthu_Vinith Path Finder in Splunk Search 02-18-2024 0 8	0	8
	Lookup Hey Experts, I'm new to splunk and I'm trying to create a new lookup from data in a index=abc. Can someone please gui... by Muthu_Vinith Path Finder in Splunk Search 02-17-2024 0 8	0	8
	Customised search Query:index=abc mal_code=xyz TERM(application) OR (TERM(status) TERM(success)) NOT (TERM(unauthorized) TERM(time) TER... by Santosh2 Path Finder in Splunk Search 02-17-2024 0 10	0	10
	Nested query Hi,So my task is to extract a field from a query and search for that field. That query will give an object value as a... by vihshah Engager in Splunk Search 02-17-2024 0 84	0	84
	Splunk search to exclude events from field value Hello Splunk Community, I have a requirement to exclude the events from field values between 2AM-3AM everyday.For Ex... by iamsplunker0415 Engager in Splunk Search 02-16-2024 0 3	0	3
	messages truncate Good morning, I come to you because after looking for an answer to my problem, my last solution is to come and seek h... by keorus New Member in Splunk Search 02-16-2024 0 4	0	4
	searching events for "was down for" and averaging the time I have events like the below that are saying when a particular pool member was out of rotation for a particular perio... by jyates76 Explorer in Splunk Search 02-16-2024 0 1	0	1
	Change order of comma separated names I have a list of comma separated names (lastname, firstname) that I need to reverse. So "Smith, Suzy" becomes "Suzy S... by Kat456 Engager in Splunk Search 02-16-2024 0 3	0	3
	Data model - eval expression I can run the below command in a search successfully - \| eval message=replace(Message, "^Installation Successful: Wi... by jeradb Explorer in Splunk Search 02-15-2024 0 2	0	2
	EVAL for ELSE IF condition My logic for my field "Action" is below, but because there is different else conditions I cannot write an eval do ach... by davidcraven02 Communicator in Splunk Search 02-15-2024 0 14	0	14