Splunk Search

Community Activity

how can we set the default search mode to verbose always. Can we set it from a config file. Am running the calling the query from and SDK. Splunk returns results in Verbose mode. But it does not return results... by johnsasikumar Path Finder in Splunk Search 04-08-2018 0 1	0	1
create a drill-down multiple condition Hello, Is it possible to set a drill-down condition only for the cells of a specific column but to exclude one cell.... by vshakur Path Finder in Splunk Search 04-08-2018 0 9	0	9
How to search complex string Hello, In my Splunk dashboard I have a table that contains the following: <table> <search> <query> ... by vshakur Path Finder in Splunk Search 04-07-2018 0 2	0	2
Reading fields with periods in them using Python SDK I have a Python script that runs Splunk queries. Another team at my company changed their fields to have many, many p... by EricLloyd79 Builder in Splunk Search 04-06-2018 0 9	0	9
Searches are terminating with Unknown sid and The search job “xxxxxxxxxx.xxxxx” was canceled remotely or expired. When running a search which takes longer than a couple of seconds to complete, I suddenly see the following error mes... by faol Explorer in Splunk Search 04-06-2018 1 1	1	1
What does format do after a table lookup I inherited a search that contains he following line; [\| inputlookup <lookup table name> \| format ] and I can't fi... by OldManEd Builder in Splunk Search 04-06-2018 0 3	0	3
Microsoft DNS Query not parsing Hello, Here is what my dns queries are being indexed as. I am looking for a search time regex that will extract the ... by king2jd Path Finder in Splunk Search 04-06-2018 0 5	0	5
How to list the difference between two searches I currently have two searches that produce two different numbers: \|metadata type=hosts \|search host=abc1* or host=abc... by bgill0123 Loves-to-Learn in Splunk Search 04-06-2018 0 4	0	4
Is there any limit for field value for the transaction command? Hi, Is there any limit for field value for transaction command? I am executing transaction command over Security_ID... by apezuela Explorer in Splunk Search 04-06-2018 0 3	0	3
Timechart question I am currently running this search: index=events host=hig1* or host=hig2* \| timechart span-1d dc(host) the search ... by bgill0123 Loves-to-Learn in Splunk Search 04-06-2018 0 2	0	2
Event Time is less then 10 min old Hello I'm a splunk newbie, be gentle please. I'm try to monitoring my VPNs status with splunk, unfortunately my fire... by christopheducha Explorer in Splunk Search 04-06-2018 0 5	0	5
Active computers reporting to splunk last 30 days I would like to know how to search for all computers that are reporting to Splunk in the last 30 day. Thank you by cyler New Member in Splunk Search 04-06-2018 0 7	0	7
Avoid rows less than certain number of alerts basic search \| timechart span = 5m count by host \| where count > 3 for today 10% of the time,the count is greater th... by manapuna New Member in Splunk Search 04-06-2018 0 3	0	3
Is there any way to restrict searches based on user's source IP address? Is there any way possible to restrict searches based on source IP of splunk user? Current environment is Splunk Ente... by brettcave Builder in Splunk Search 04-06-2018 0 7	0	7
How to fix firewall data Parsing issue from the syslogs? Hi All, We are facing an data parsing issue with the check point firewall logs. Problem Details : index=firewall... by Hemnaath Motivator in Splunk Search 04-06-2018 0 6	0	6
Using like() in a case statement not working Hey everyone. I am working with telephone records, and am trying to work around Splunk's inability to search for lite... by msarro Builder in Splunk Search 04-06-2018 0 2	0	2
Pass a value from a macro to a subsearch after doing a join Hi , I have a macro which gets values including host,now i do a left join .Once i do a left join in the subsearch on... by krishnab Path Finder in Splunk Search 04-05-2018 0 2	0	2
Count days without events Hello, I'm trying to get the sum of days where no events occurred by a city name. I found the following answer (htt... by bntdumas Engager in Splunk Search 04-05-2018 0 4	0	4
Why is Eventstats and Subsearch adding non-existent values to the table? My data is structured in a way that there exists multiple types of events, each with a specific id field that is uniq... by brajaram Communicator in Splunk Search 04-05-2018 0 3	0	3
Why is outputlookup not updating the csv file as intended? I have a lookup file in the form of test.csv in the test.csv there are two columns with date fields(date_first and da... by esmonder Path Finder in Splunk Search 04-05-2018 0 2	0	2
How can I remove additional field values? I've tried several different ways to resolve this issue including using 'rex' and 'replace' but I can't seem to get i... by chrisschum Path Finder in Splunk Search 04-05-2018 0 8	0	8
Why is the time picker not working with date in logs? Data is forwarded to Splunk every couple of days meaning that the _time stamp relates to the day it was sent to Splun... by davidcraven02 Communicator in Splunk Search 04-05-2018 0 6	0	6
How to find employee manager up to levels above until CEO using dbquery? I have a report that I run against Oracel db using dbquery to gather the following fields in a table EMPLOYEEID ,EMP... by LintuMathews Explorer in Splunk Search 04-05-2018 0 3	0	3
Splunk Query Exclude Question I am building a search query and trying to find the correct syntax to exclude specific combinations of source and des... by johann2017 Explorer in Splunk Search 04-05-2018 0 5	0	5
What is this (search_startup_time) field in _audit index ? Hi Folks May I know what is this search_startup_time field in this event from splunk _audit index & also would like ... by PowerPacked Builder in Splunk Search 04-05-2018 1 5	1	5