Splunk Search

Community Activity

How to get time to propogate through stats command? Events in my sourcetype contain a build time, and an ID field. A given ID can have multiple events, and each event co... by brajaram Communicator in Splunk Search 04-04-2018 0 5	0	5
get average actions per hour Hello, Sorry for may what be an easy question, I have been searching for hours to find a solution to my problem. I... by h3xm0nk37 New Member in Splunk Search 04-04-2018 0 3	0	3
Transaction with WinEventLog:Security EventCodes 4624 and 4625 Trying to figure out how to get a transaction search to show results where there are 5 or more failed logons (4625) a... by donaldwayne1975 Path Finder in Splunk Search 04-04-2018 0 1	0	1
How to return the 5 most repeat_count values per environment? Hi Team, need your help sourcetype=amc\| search environment=* \|top 5 showperc=f countfield="repeat_count" environme... by harsush Path Finder in Splunk Search 04-04-2018 0 2	0	2
Can a search detect it's own sample ratio? Is there a way for a search to determine its own sample ratio at search time? This would be helpful when scaling res... by Lowell Super Champion in Splunk Search 04-04-2018 0 3	0	3
Combine 2 TimeDate fields of different types into one I have 3 different time date fields in my logs with 2 being redundant and the other being a different measure. Time_A... by Riosrr New Member in Splunk Search 04-04-2018 0 4	0	4
How to use date-time field from event as span for search in Dashboard Hello I have a field in my events that is named info_date_resReviewed in format "2017-09-24 00:00:00" and I'd like t... by tkwaller_2 Communicator in Splunk Search 04-04-2018 0 1	0	1
Monitoring a rolling log file I have a requirement to monitor a rolling log file from a folder. The name of the file is like below CalculationMgr-... by santosh_sshanbh Path Finder in Splunk Search 04-04-2018 0 4	0	4
How to extract fields for WinEventLog Fields when Exported as a CSV? I am trying not to reinvent the wheel. There is a requirement where WinEventLogs are indexed as csv files. The sour... by jodros Builder in Splunk Search 04-04-2018 0 2	0	2
How to specify a literal asterisk as a conditional value in dashboard I'm trying to create a dashboard that displays one dash panel if the user enters "*" into a text input, and display a... by ehowardl3 Path Finder in Splunk Search 04-04-2018 1 4	1	4
Facing trouble in validation of conditions using if statement index=abcd source=xyz \| FILTERS \| eval s= case(S > 0 AND S <= 2, "V", S > 0 AND S <= 3, "O", S > 3 AND S <= 4, "D", ... by 1132307 New Member in Splunk Search 04-04-2018 0 4	0	4
Why does the date filtering only displays information from the first day of the week (Monday)? Hello, I have a little problem with the filtering date, I need a way to filter my dashboard so as to have the informa... by taha13 Explorer in Splunk Search 04-04-2018 0 10	0	10
How to search average response + total application count for last 6 months with span of 1 month I am trying to query and not able to get the output , only i am getting host names, Avg response , count , but need S... by ngaviran New Member in Splunk Search 04-04-2018 0 3	0	3
How to extract Target Account Name or Subject Account Name Security ID field from Windows Security Log? I'm searching on Windows Security Auditing logs and the Security_ID field but when I do, I'm realizing that there is ... by erictodor New Member in Splunk Search 04-04-2018 0 2	0	2
Using DB CONNECT to query data but the value of "where condition" is variable We want to query data from DB Using DB CONNECT but the value of "where condition" is variable. For example,the value... by kavana Explorer in Splunk Search 04-04-2018 0 3	0	3
Splunk qyery for failure status more than 10%? Three type of status: status:400 status:404 status:500 need total count and status count. if count of status more th... by karthi2809 Builder in Splunk Search 04-04-2018 0 2	0	2
Has anyone calculated the Percentile Distribution using Splunk? Has anyone calculated the Percentile Distribution using Splunk? Thanks, Lp by lpolo Motivator in Splunk Search 04-04-2018 0 1	0	1
WHOIS Search I've looked at splunkbase for "whois" apps and searched the community for whois-type scripts, but found none that mee... by afarmer Explorer in Splunk Search 04-03-2018 0 1	0	1
How to loop through columns and do further calculation on a particular column? I have data like this: `a----b----c----d` `10----12----30----5` `50----34----46----55` `22----23----98----56` `32---... by pramit46 Contributor in Splunk Search 04-03-2018 0 2	0	2
How to create a funnel using a subsearch? Hello, I am trying to create a funnel that first count the number visits to page one and out of those how many went t... by Valisha2005 New Member in Splunk Search 04-03-2018 0 5	0	5
Should I hide Extreme Search? All, I just installed ES. We're moving nice and slow here. I see it installs a supporting app called "Extreme" Sear... by daniel333 Builder in Splunk Search 04-03-2018 0 1	0	1
How can I compare the results of two weeks ago with one week ago, with several fields? I have the following issue: 1- Two weeks ago I have 10 results of my entity with 3 fields; 2- One week ago I have 12 ... by splunk_exercice New Member in Splunk Search 04-03-2018 0 9	0	9
Does ignoreOlderThan work on Windows? Does ignoreOlderThan work on Windows? Apparently for windows events logs and for open files there might be issues. by ddrillic Ultra Champion in Splunk Search 04-03-2018 0 2	0	2
Is there a way to deduplicate data by date? I'm trying to run a quarterly report that lists unique individuals in a building. The search lists each building name... by brcrommett Engager in Splunk Search 04-03-2018 0 2	0	2
Still lost - Where do props and transforms go?? We have data coming from a file on a Universal Forwarder that requires field extractions. The extractions are in a p... by aferone Builder in Splunk Search 04-03-2018 0 10	0	10