Splunk Search

Community Activity

Alert if Fortigate and Clearpass events match HI, i've two datasources. Clearpass and Fortigate. I want to trigger an alarm if the Fortigate log contains Virus an... by nielsg97 Engager in Splunk Search 04-05-2018 0 5	0	5
How to display multiple data points when hovering on one data point on timechart line graph? The issue I run into is if, at a given time, the # of apples, oranges and pears are all let's say 8, then it appears ... by bgeshk Engager in Splunk Search 04-05-2018 0 3	0	3
How to setup a timechart showing three different statuses? I want to set up a timechart, showing three different status. Now I found this SPL online, which was modified by myse... by ThomasLehenberg New Member in Splunk Search 04-05-2018 0 3	0	3
How can I count same field from different sourcetypes? I have two sourcetypes. In both, there is a field present that has the same value in both but just another name, let'... by Mike6960 Path Finder in Splunk Search 04-05-2018 0 6	0	6
modify a query based on condition Hi, I have created a query which gives me date, and start and end time of a job in the below format. Date ... by dileepsri9 Engager in Splunk Search 04-05-2018 0 10	0	10
How to exclude splunk cloud server logs from my search I have a new splunk instance and I am seeing log entries for the splunk cloud host logs with host names: dx* idx-i-... by kaphie2002 New Member in Splunk Search 04-05-2018 0 2	0	2
Select all values from a dropdown input At the moment I have a final dropdown input which has options for hosts already predetermined in it from previous dro... by danielsavage New Member in Splunk Search 04-04-2018 0 13	0	13
How can I get accumulative values for a day for a period of time? One of the things I'm using Splunk to monitor is electricity usage, one of the fields indexed is the accumulative Kw ... by northwarks Engager in Splunk Search 04-04-2018 0 8	0	8
How to get time to propogate through stats command? Events in my sourcetype contain a build time, and an ID field. A given ID can have multiple events, and each event co... by brajaram Communicator in Splunk Search 04-04-2018 0 5	0	5
get average actions per hour Hello, Sorry for may what be an easy question, I have been searching for hours to find a solution to my problem. I... by h3xm0nk37 New Member in Splunk Search 04-04-2018 0 3	0	3
Transaction with WinEventLog:Security EventCodes 4624 and 4625 Trying to figure out how to get a transaction search to show results where there are 5 or more failed logons (4625) a... by donaldwayne1975 Path Finder in Splunk Search 04-04-2018 0 1	0	1
How to return the 5 most repeat_count values per environment? Hi Team, need your help sourcetype=amc\| search environment=* \|top 5 showperc=f countfield="repeat_count" environme... by harsush Path Finder in Splunk Search 04-04-2018 0 2	0	2
Can a search detect it's own sample ratio? Is there a way for a search to determine its own sample ratio at search time? This would be helpful when scaling res... by Lowell Super Champion in Splunk Search 04-04-2018 0 3	0	3
Combine 2 TimeDate fields of different types into one I have 3 different time date fields in my logs with 2 being redundant and the other being a different measure. Time_A... by Riosrr New Member in Splunk Search 04-04-2018 0 4	0	4
How to use date-time field from event as span for search in Dashboard Hello I have a field in my events that is named info_date_resReviewed in format "2017-09-24 00:00:00" and I'd like t... by tkwaller_2 Communicator in Splunk Search 04-04-2018 0 1	0	1
Monitoring a rolling log file I have a requirement to monitor a rolling log file from a folder. The name of the file is like below CalculationMgr-... by santosh_sshanbh Path Finder in Splunk Search 04-04-2018 0 4	0	4
How to extract fields for WinEventLog Fields when Exported as a CSV? I am trying not to reinvent the wheel. There is a requirement where WinEventLogs are indexed as csv files. The sour... by jodros Builder in Splunk Search 04-04-2018 0 2	0	2
How to specify a literal asterisk as a conditional value in dashboard I'm trying to create a dashboard that displays one dash panel if the user enters "*" into a text input, and display a... by ehowardl3 Path Finder in Splunk Search 04-04-2018 1 4	1	4
Facing trouble in validation of conditions using if statement index=abcd source=xyz \| FILTERS \| eval s= case(S > 0 AND S <= 2, "V", S > 0 AND S <= 3, "O", S > 3 AND S <= 4, "D", ... by 1132307 New Member in Splunk Search 04-04-2018 0 4	0	4
Why does the date filtering only displays information from the first day of the week (Monday)? Hello, I have a little problem with the filtering date, I need a way to filter my dashboard so as to have the informa... by taha13 Explorer in Splunk Search 04-04-2018 0 10	0	10
How to search average response + total application count for last 6 months with span of 1 month I am trying to query and not able to get the output , only i am getting host names, Avg response , count , but need S... by ngaviran New Member in Splunk Search 04-04-2018 0 3	0	3
How to extract Target Account Name or Subject Account Name Security ID field from Windows Security Log? I'm searching on Windows Security Auditing logs and the Security_ID field but when I do, I'm realizing that there is ... by erictodor New Member in Splunk Search 04-04-2018 0 2	0	2
Using DB CONNECT to query data but the value of "where condition" is variable We want to query data from DB Using DB CONNECT but the value of "where condition" is variable. For example,the value... by kavana Explorer in Splunk Search 04-04-2018 0 3	0	3
Splunk qyery for failure status more than 10%? Three type of status: status:400 status:404 status:500 need total count and status count. if count of status more th... by karthi2809 Builder in Splunk Search 04-04-2018 0 2	0	2
Has anyone calculated the Percentile Distribution using Splunk? Has anyone calculated the Percentile Distribution using Splunk? Thanks, Lp by lpolo Motivator in Splunk Search 04-04-2018 0 1	0	1