Splunk Search

Community Activity

How to fetch the search id from the triggered alert and use it in the sendemail command Hello Everyone,I have created and alert which uses sendresults command to format the email notification.But the probl... by sbollam Explorer in Splunk Search 02-02-2024 0 1	0	1
Plot multiple charts in one report Hello, I'm trying to sum by groups (I have 2 groups) and then plot them individually and also the sum. I'm using foll... by Shahnoor Explorer in Splunk Search 02-02-2024 0 1	0	1
How to repeat a regex to match more than one instances Hi,We are using following regex to capture "caused by" exceptions within java stack trace.Caused by: (?P<Exception>[^... by att35 Builder in Splunk Search 02-02-2024 0 1	0	1
Rex query for two different type event Need help on getting rex query. I am getting below two events. I am able to rex for event 1 with NULL field. But I a... by ravir_jbp Explorer in Splunk Search 02-02-2024 0 2	0	2
Writing Regex with Lookaheads to Capture Group Hello,I am attempting to write some regex with a lookahead.My event ispluginText: <plugin_output>Here is the list of ... by nateloepker Explorer in Splunk Search 02-02-2024 0 1	0	1
Unable to do simple calculation of aggregate durations between 2 states by host Given that per host there are 2 events logged, one indicating transition to active and one indicating transition to i... by smahoney Path Finder in Splunk Search 02-02-2024 0 1	0	1
Adding a column Hi Splunk experts,I’m a Splunk beginner. I need help with a requirement. I have fields named 'location,' 'login,' and... by Muthu_Vinith Path Finder in Splunk Search 02-02-2024 0 2	0	2
Set time using data in token I made a graph that send time data at click point.I use "fieldformat" to change time data shown.This is my code about... by Questioner Path Finder in Splunk Search 02-02-2024 0 3	0	3
Use the '\| from datamodel' command when the datamodel is configured as grandparent/parent/child. I want to query the user dataset using the from datamodel command.I know how to use nodename in the tstat command.Whe... by rrythi Loves-to-Learn in Splunk Search 02-01-2024 0 0	0	0
Nested inputlookup with join or eval My current search that is working is - \| from datamodel:Remote_Access_Authentication \| rex field=dest_nt_domain "^(?<... by jeradb Explorer in Splunk Search 02-01-2024 0 2	0	2
tstats stopped returning data with summariesonly=true after adding _time field Hi,We have a datamodel built against application data. All the tstats searches against the DM were running fine, incl... by att35 Builder in Splunk Search 02-01-2024 0 0	0	0
Streamlining with tstats Hi all, im looking to create a dashboard to capture various info on or proxy data. I have a few simple queries index=... by supersnedz Path Finder in Splunk Search 02-01-2024 0 4	0	4
How to subtract filed values in a column I have AWS Cloudtrail data and want to find out how long an EC2 instance was stopped. Is it possible to subtract the ... by ezamit Explorer in Splunk Search 01-31-2024 0 6	0	6
how to break down a record in multiple rows I have a records that comes with multiple items in a single row. Is there a way i can break it down in a single row. ... by ezamit Explorer in Splunk Search 01-31-2024 0 2	0	2
Inputs Conf on Deployment Apps and HFs Hi Splunkers, Have the following situation, and interested in another opinion:We have a distributed environment with ... by JohnEGones Communicator in Splunk Search 01-31-2024 0 1	0	1
How to calculate time difference? I'm looking to get a difference between both times and create a 3rd field for the results (Properties.actionedDate - ... by EvansB Path Finder in Splunk Search 01-31-2024 0 7	0	7
In a search combine two-three field values(columns) into one field Hi,I have an output like this -LocationEventNameErrorCodeSummaryserver1Mssql.LogBackupFailedBackupAgentErrorFailed ba... by man03359 Communicator in Splunk Search 01-31-2024 0 2	0	2
Splunk health check monitoring using command line ? Hi, is it possible to extract informations about Splunk System health check using command line ? For example I wo... by dlugasny New Member in Splunk Search 01-31-2024 0 3	0	3
Is using index=proxy really bad? HelloI have a question. We have lots of indexes, and rather than specify each one, I use index=proxy to search acro... by davidwaugh Path Finder in Splunk Search 01-31-2024 0 2	0	2
Filtering Hi Splunkers, I dont need the value in first line and need that value later in search to filter, so I tried tis way... by smanojkumar Contributor in Splunk Search 01-31-2024 0 7	0	7
splunk lets say i have a query which is giving no result at present date but may give in future . In this query I have calcu... by Siddharthnegi Contributor in Splunk Search 01-31-2024 0 3	0	3
How to display top 5 and replace the rest with others? How to display top 10 and replace the rest with others?I tried using top limit 5 with userother, but the number did... by LearningGuy Motivator in Splunk Search 01-31-2024 0 7	0	7
How can I search events based on another lookup file subsearch using like. Hi,Would you mind to help on this?, I have been working for days to figure out how can I pass a lookup file subsearch... by JMPP Explorer in Splunk Search 01-30-2024 0 3	0	3
Time conversion for AWS Cloudtrail logs using strptime() and strftime() not working My original time format in the search is eventID: d7d2d438-cc61-4e74-9e9a-3fd8ae96388d eventName: StartInstances ... by ezamit Explorer in Splunk Search 01-30-2024 0 2	0	2
How to find all Dashboards, Reports and Alerts related to a specific index ? Our Splunk instance is being overhauled and I need to update all of the content that has been built. We have some in... by john_glasscock Path Finder in Splunk Search 01-30-2024 1 13	1	13