Splunk Search

Community Activity

Calculating the average time between start and stop jobs for a service Hi, i've asked this question before and never got it to work.maybe it was my fault that i was not clear on what i wa... by carlyleadmin Contributor in Splunk Search 04-09-2018 0 9	0	9
How to custom field extract for the field "ending with"? My sample log (Modified to remove confidential data) looks like following. Apr 9 13:54:13 10.195.247.77 04/09/2018:... by e400425 New Member in Splunk Search 04-09-2018 0 2	0	2
How to search a query based on the result of another query? I have list of events that have IP address {<!-- --> USERID: system01 browser: Chrome, ip: 192.168.10.10 ...} {<!-- --> USERID: syste... by krishman23 Explorer in Splunk Search 04-09-2018 0 1	0	1
How to collapse variable part of url to get a list of urls? Hi, I'm trying to get a list of urls that users are visiting for each of the customer sites that we manage. I hav... by andrewbeak Path Finder in Splunk Search 04-09-2018 0 1	0	1
How to get the month name for selecting previous month via date_month? We've got the following search: tag=PeopleCounters earliest=-13mon@mon latest=@mon date_month=March \| chart sum(coun... by aaron_sakovich Path Finder in Splunk Search 04-09-2018 0 8	0	8
Visited website duration Hi Everyone, I have the query below and it works, however I would like to add the time spend on each website/domain ... by bryansocito New Member in Splunk Search 04-09-2018 0 1	0	1
Getting values from a field and comparing them I have the following query: index=source sourcetype=type_example \| bin _time span=5m\| eval TIME=strftime(_time,"%D:... by mauricio2354 Explorer in Splunk Search 04-09-2018 0 2	0	2
Is it possible to combine multiple rows in a lookup table? Hello, I use a dbxquery to import asset’s tags which includes information about asset’s category, business unit and ... by AlexeySh Communicator in Splunk Search 04-09-2018 0 4	0	4
How can I display my data in a bubble chart? I am running the following search: "authentication failed" \| stats count by user, sourceip \| sort -count \| head 10 ... by dannestor Explorer in Splunk Search 04-09-2018 0 4	0	4
How to count stats for two different field logs coming from the same device by using the OR command? I have two different fields in logs coming from the same device. I want to count that stats for both fields by using ... by aqudoos Explorer in Splunk Search 04-09-2018 0 6	0	6
rex to extract field from csv Hi, I want to extract below fields First 5 fields are automatically extracted by splunk witihout any issues. But la... by surekhasplunk Communicator in Splunk Search 04-09-2018 0 10	0	10
How to add the regex in datamodel and use in tstats? Want to add the below logic in the datamodel and use with tstats \| eval _raw=replace(_raw,"\","null") \|rex "Network... by payal23 Path Finder in Splunk Search 04-08-2018 0 2	0	2
how can we set the default search mode to verbose always. Can we set it from a config file. Am running the calling the query from and SDK. Splunk returns results in Verbose mode. But it does not return results... by johnsasikumar Path Finder in Splunk Search 04-08-2018 0 1	0	1
create a drill-down multiple condition Hello, Is it possible to set a drill-down condition only for the cells of a specific column but to exclude one cell.... by vshakur Path Finder in Splunk Search 04-08-2018 0 9	0	9
How to search complex string Hello, In my Splunk dashboard I have a table that contains the following: <table> <search> <query> ... by vshakur Path Finder in Splunk Search 04-07-2018 0 2	0	2
Reading fields with periods in them using Python SDK I have a Python script that runs Splunk queries. Another team at my company changed their fields to have many, many p... by EricLloyd79 Builder in Splunk Search 04-06-2018 0 9	0	9
Searches are terminating with Unknown sid and The search job “xxxxxxxxxx.xxxxx” was canceled remotely or expired. When running a search which takes longer than a couple of seconds to complete, I suddenly see the following error mes... by faol Explorer in Splunk Search 04-06-2018 1 1	1	1
What does format do after a table lookup I inherited a search that contains he following line; [\| inputlookup <lookup table name> \| format ] and I can't fi... by OldManEd Builder in Splunk Search 04-06-2018 0 3	0	3
Microsoft DNS Query not parsing Hello, Here is what my dns queries are being indexed as. I am looking for a search time regex that will extract the ... by king2jd Path Finder in Splunk Search 04-06-2018 0 5	0	5
How to list the difference between two searches I currently have two searches that produce two different numbers: \|metadata type=hosts \|search host=abc1* or host=abc... by bgill0123 Loves-to-Learn in Splunk Search 04-06-2018 0 4	0	4
Is there any limit for field value for the transaction command? Hi, Is there any limit for field value for transaction command? I am executing transaction command over Security_ID... by apezuela Explorer in Splunk Search 04-06-2018 0 3	0	3
Timechart question I am currently running this search: index=events host=hig1* or host=hig2* \| timechart span-1d dc(host) the search ... by bgill0123 Loves-to-Learn in Splunk Search 04-06-2018 0 2	0	2
Event Time is less then 10 min old Hello I'm a splunk newbie, be gentle please. I'm try to monitoring my VPNs status with splunk, unfortunately my fire... by christopheducha Explorer in Splunk Search 04-06-2018 0 5	0	5
Active computers reporting to splunk last 30 days I would like to know how to search for all computers that are reporting to Splunk in the last 30 day. Thank you by cyler New Member in Splunk Search 04-06-2018 0 7	0	7
Avoid rows less than certain number of alerts basic search \| timechart span = 5m count by host \| where count > 3 for today 10% of the time,the count is greater th... by manapuna New Member in Splunk Search 04-06-2018 0 3	0	3