Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
×
Join the Conversation
Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- About chimuru84
chimuru84
Path Finder
Member since:
08-18-2023
11-06-2025
Community Statistics
| Posts | 28 |
| Solutions | 1 |
| Karma Given | 3 |
| Karma Received | 0 |
| Member Since | 08-18-2023 |
Activity Feed
- Karma Re: Trying to filter a log using another log with same index for PickleRick. 11-06-2025 01:55 AM
- Posted Re: Trying to filter a log using another log with same index on Splunk Search. 11-05-2025 06:12 AM
- Posted Re: Trying to filter a log using another log with same index on Splunk Search. 11-05-2025 01:02 AM
- Posted Re: Trying to filter a log using another log with same index on Splunk Search. 11-04-2025 10:08 AM
- Posted Re: Trying to filter a log using another log with same index on Splunk Search. 11-04-2025 09:53 AM
- Posted Trying to filter a log using another log with same index on Splunk Search. 11-04-2025 09:28 AM
- Posted Re: Triggering third-party authentication Verification on Splunk Search. 08-12-2024 07:21 AM
- Posted Re: Triggering third-party authentication Verification on Splunk Search. 08-10-2024 01:40 AM
- Posted Re: Triggering third-party authentication Verification on Splunk Search. 08-06-2024 09:03 PM
- Posted Triggering third-party authentication Verification on Splunk Search. 08-06-2024 07:28 AM
- Karma Re: Extract data from 2 different logs for ITWhisperer. 04-30-2024 03:59 AM
- Posted Re: Extract data from 2 different logs on Splunk Search. 04-30-2024 03:49 AM
- Posted Extract data from 2 different logs on Splunk Search. 04-30-2024 02:34 AM
- Posted Re: Search and count by multiple specific substrings in a field on Splunk Search. 11-16-2023 10:40 AM
- Karma Re: Search and count by multiple specific substrings in a field for ITWhisperer. 11-16-2023 04:06 AM
- Posted Re: Search and count by multiple specific substrings in a field on Splunk Search. 11-16-2023 03:52 AM
- Posted Re: Search and count by multiple specific substrings in a field on Splunk Search. 11-15-2023 03:28 AM
- Posted Re: Search and count by multiple specific substrings in a field on Splunk Search. 11-14-2023 10:53 AM
- Posted Re: Search and count by multiple specific substrings in a field on Splunk Search. 11-14-2023 10:05 AM
- Posted Re: Search and count by multiple specific substrings in a field on Splunk Search. 11-14-2023 08:04 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 | |||
| 0 | |||
| 0 | |||
| 0 |
11-05-2025
06:12 AM
Yes, this gives me better answers. Thank you
... View more
11-05-2025
01:02 AM
@PickleRick What I want to do is to receive logs like this below to make a pie chart. So I have this index: index="index", and if I add to this index different fields I receive different outputs. The output below doesn't have fields like countryCode to use to filter logs only for Spain. But contains accountId, and if I add to the search index only accountId, I receive logs with countryCode. This is why I use subsearch to filter logs below only for Spain. Make sense? run: index="index" errorCode -> receive: 2025-11-04 Operation name [accountId=12345, errorCode=400] run: index="index" accountId-> receive: 2025-11-04 Operation name {accountId=12345, country='spain'}
... View more
11-04-2025
10:08 AM
I tried this one too. I think I solved by this one: index="index" errorCode [search index="index" countryCode="spain" | fields accountId | dedup accountId] | stats count by errorCode
... View more
11-04-2025
09:53 AM
Yes, no output. But I need results for many accounts. For example, if I run index="index" errorCode, I receive answers like this: 2025-11-04 Operation name [accountId=12345, errorCode=400] If I run index="index" accountId, I receive: 2025-11-04 Operation name {accountId=12345, country='spain'} I want to generate a pie chart for errorCode only for Spain
... View more
11-04-2025
09:28 AM
Hello. I have an index="index", and if I add a field to the search, such as index="index" errorCode, I retrieve logs that contain the needed information, but it returns for all existing countries. This query also contains the field accountId. If I search by: index="index" accountId, I receive logs with country, but I don't have the errorCode. I want to search by index="index" errorCode, and use accountId to filter by country. I tried some subsearches, but no result. Could someone help me?
... View more
Labels
- Labels:
-
subsearch
08-12-2024
07:21 AM
Hello again @gcusello ! Sorry again. I want to return id, nr_of_days (difference between last_date and_first_date), login of last_date (could be today, yesterday, 1 month ago etc.) and login of first_date (where first_date is 365 days or more).
... View more
08-10-2024
01:40 AM
Hi @gcusello! I think I didn't ask the question correctly. I want to make a query that returns the users who had a third-party authentication (at the moment), and the last time they passed the authentication was 365 days ago.
... View more
08-06-2024
09:03 PM
It didn't help... I mean that a user has not made a check for 365 (or more) days until now.
... View more
08-06-2024
07:28 AM
Hello! I'm trying to implement a mechanism to flag users who have not had a third-party authentication verification in the last 365 days.
I tried this search, but is not give desired result.
index=......
| stats count by id
| search id=*
| eval Duration=relative_time(now(), "-365d@d")
| sort id
| table id Duration | dedup id
I'm grateful for any ideas. Thanks.
... View more
04-30-2024
03:49 AM
It works, thank you very much. One more thing, time filter isn't work, I mean if I set for 24H, search return logs for all time
... View more
04-30-2024
02:34 AM
Hello community! I want to extract data from 2 different logs like bellow: Log 1: 2024-04-28 06:38:51 INFO Start auth for accountId=1, ip=192.168.1.1 Log 2: 2024-04-28 06:38:27 INFO Collect response for accountId=1, was: response=FINISH For example for accountId=1 I have 10 logs with "Start auth", I mean 10 attempts of start auth. In second log, for the same accountId I have 1 or more logs with FINISH. I want to make a table like accountId Start auth FINISH 1 10 1 Could you helm me with this? Thank you.
... View more
11-16-2023
10:40 AM
I mean return all fields which does not contain firstName or lastName (do not remove them). Like in picture, second field does not contain firstName and lastName.
... View more
11-16-2023
03:52 AM
Work fine, Thank you. How can I ignore some value from result in same query, for example if I want to return only fields like second one in the screenshot. I mean, from first line in screenshot I want to exclude firstName, lastName and others. Thank you.
... View more
11-15-2023
03:28 AM
This is simple search, which give me this result. Result contains fields which contains "mobilePhoneNumber" OR "countryCode" OR "mobilePhoneNumber AND countryCode" I want to return count (in one line) of all fields which contains both, mobilePhoneNumber and countryCode ("mobilePhoneNumber AND countryCode").
... View more
11-14-2023
10:53 AM
This is simple search, which give me this result. Result contains fields which contains "mobilePhoneNumber" OR "countryCode" OR "mobilePhoneNumber AND countryCode" I want to return count (in one line) of all fields which contains both, mobilePhoneNumber and countryCode ("mobilePhoneNumber AND countryCode").
... View more
11-14-2023
08:04 AM
This is a part of result. What I want, to get in one line only mobileNumber and countryCode, on other line lastName, firstName, not all log where this words are meet.
... View more
11-14-2023
07:53 AM
yes, I tried like this, bus 0 events are returned
... View more
11-14-2023
07:42 AM
This query is giving this result but, I want to count by 2 or more words. Thank You
... View more
11-14-2023
06:36 AM
Hello.
I have logs which contains field "matching" which is a String type. This field contains this kind of information: [firstName, lastName, mobileNumber, town, ipAddress, dateOfBirth, emailAddress, countryCode, fullAddress, postCode, etc]. What I want to do is to compose a query that will return count of a specific search, such as [mobileNumber, countryCode] and display only the fields that contain the above words.
I tried this query:
index="source*" | where matching LIKE "%mobileNumber%" AND matchingLIKE "%countryCode%" | stats count by matching | table count matching
But the answer returns all the possible variants that also contains [mobileNumber, countryCode].
What I want is a count only for all this results
Also I want to create a table with all specific searches I do. I know how to use append, but result is like a stairs, what other solution can be used?
Than you!
... View more
11-14-2023
01:57 AM
Sorry for late answer. By "\"source\" originalField" I mean field which contains this kind of logs
... View more
08-18-2023
07:47 AM
This is how 2 success messages looks like. And I want to make 2 groups. For first, 1 query works fine, for second need to add to this query something. Thanks you.
... View more
08-18-2023
07:36 AM
with this query messages with success are not grouped. I want to have one group with success and another with success/detailedReason. Is possible that? Thank You
... View more
08-18-2023
07:26 AM
It works. Thank you. Now I saw that I have one more kind of success message. How can I group this message too?
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-06-2025
01:55 AM
|
