Splunk Search

Community Activity

How to resolve SPL fetching more number of data points for indexed data than event data? Hello All,I have the below SPL to compare hourly event data and indexed data to find if they follow similar pattern a... by Taruchit Contributor in Splunk Search 02-15-2024 0 8	0	8
Get user's search history Quick question: how can I view a user's search history? by Branden Builder in Splunk Search 02-15-2024 14 24	14	24
Timechart % failures every 30 mins from nginx access logs index=myindex source="/var/log/nginx/access.log" \| eval status_group=case(status!=200, "fail", status=200, "succe... by guywood13 Path Finder in Splunk Search 02-15-2024 0 2	0	2
How to add entry of source ip,host from the search or notable into lookup table Hello Team,Required help regarding below points :1] how to add entry of the ran search with the fields Host, SourceI... by HPACHPANDE Explorer in Splunk Search 02-14-2024 0 1	0	1
Creating a table with unique rows base upon unique fields I am relatively new to the Splunk coding space so bare with me in regards to my inquiry.Currently I am trying to crea... by Ho_Wai_Yung Explorer in Splunk Search 02-14-2024 0 10	0	10
REX: how to search in the opposite direction I'm new to REX and trying to extract strings from _raw (which is actually a malformed JSON, so SPATH is not a good op... by LHumberto Explorer in Splunk Search 02-14-2024 0 4	0	4
how can I tell if a data model is being used? I have a distributed environment with 2 independent search heads. I run the same search on both, and one shows a fie... by ilhwan Path Finder in Splunk Search 02-14-2024 0 4	0	4
Counting how many days users logged into the server for the last 12 months Hello, I am trying to count how many days out of the last 12 months our users logged into two of our servers. And ... by splunktrainingu Communicator in Splunk Search 02-14-2024 0 6	0	6
Passing token to macro when multiselect Hi Splunkers, I would like to pass the label value to the macro based on some condition, when a single value is sel... by smanojkumar Contributor in Splunk Search 02-14-2024 0 1	0	1
IPlocation updated I need some help updating the mmdb file for the iplocation command. Ive read the other forum questions regarding this... by Abass42 Communicator in Splunk Search 02-13-2024 0 0	0	0
Can't seem to understand relative_time Hi,I am working my way through some of the splunk courses. I am currently on "working with time".In one of the videos... by sfghjkl New Member in Splunk Search 02-13-2024 0 1	0	1
Splunk Append Query I am using the below query to merge 2 queries using append. However, I am unable to get the value of the field named ... by NishantKrishna Loves-to-Learn in Splunk Search 02-13-2024 0 7	0	7
Regex to extract next 5 lines after keyword hi i would like some help on how to extract the next 5 lines after a keyword where it extracts the full line where th... by thaghost99 Path Finder in Splunk Search 02-13-2024 0 5	0	5
Fetching alphanumeric value and numeric values in aline How to extract alphanumeric and numeric values from aline, both are dynamic values<Alphanumeric>_ETC_RFG: play this ... by Arani_Hari Loves-to-Learn Lots in Splunk Search 02-13-2024 0 7	0	7
Apply different calculation count/sum depending on value/index I have a "cost" for two different indexes that I want to calculate in one and the same SPL. As the "price" is differe... by martinmasif Explorer in Splunk Search 02-13-2024 0 2	0	2
Splunk Query to show average count and minimum for date_month and date_day Hi, I created a column chart in Splunk that shows month but will like to also indicate the day of the week for each o... by Strangertinz Path Finder in Splunk Search 02-13-2024 0 6	0	6
How to use rex to extract field before two symbols I have raw data like: Error=REQUEST ERROR \| request is not valid.\|","time":"1707622073040" and I want to extract "R... by adamsobczykhsbc Explorer in Splunk Search 02-13-2024 0 5	0	5
Compare the same search over two different time periods I have a number of devices that send logs to Splunk.I want to know when devices stop logging.For this example search:... by iainp New Member in Splunk Search 02-13-2024 0 2	0	2
I would like to take the hosts field from the below search and show the most recent event from each host I created an alert from the search below, and it emails a pdf - is there a way to add the most recent event from each... by mwcentracomm Explorer in Splunk Search 02-12-2024 0 5	0	5
Limiting Matching Events Hi Everyone, I am looking for a little advice, I am currently searching splunk against multiple sets of variables to... by EPitch Observer in Splunk Search 02-12-2024 0 4	0	4
How can limit the number of events shown on a table after using stats list I have a report that lists malware received by email that is part of a dashboard. Some months the list for each perso... by 0p3r4t0r8089 Explorer in Splunk Search 02-12-2024 0 7	0	7
Eval results from two time ranges Splunk sirs, I am trying to add a boolean column to my data called 'new_IP_detected' which will tell me whether an an... by marshalll3302 Explorer in Splunk Search 02-12-2024 0 4	0	4
I would like to see only the last item of a search HelloI would like a search to show the last entry of host="1.1.1.1", and show the full entry. Thank you by mwcentracomm Explorer in Splunk Search 02-12-2024 0 1	0	1
Show the current duration of equipment where the Status is not "null" Hello, I have the following data: I want to use this data to setup a dashboard. In this dashboard I want to show the ... by Roy1 Explorer in Splunk Search 02-12-2024 0 7	0	7
Using the map command to run searches from a lookup. I have this lookup that has a list of searches I want to run.I want to run a search that can run output the "magic" v... by paras Explorer in Splunk Search 02-11-2024 0 2	0	2