Splunk Search

Community Activity

How to list the difference between two searches I currently have two searches that produce two different numbers: \|metadata type=hosts \|search host=abc1* or host=abc... by bgill0123 Loves-to-Learn in Splunk Search 04-06-2018 0 4	0	4
Is there any limit for field value for the transaction command? Hi, Is there any limit for field value for transaction command? I am executing transaction command over Security_ID... by apezuela Explorer in Splunk Search 04-06-2018 0 3	0	3
Timechart question I am currently running this search: index=events host=hig1* or host=hig2* \| timechart span-1d dc(host) the search ... by bgill0123 Loves-to-Learn in Splunk Search 04-06-2018 0 2	0	2
Event Time is less then 10 min old Hello I'm a splunk newbie, be gentle please. I'm try to monitoring my VPNs status with splunk, unfortunately my fire... by christopheducha Explorer in Splunk Search 04-06-2018 0 5	0	5
Active computers reporting to splunk last 30 days I would like to know how to search for all computers that are reporting to Splunk in the last 30 day. Thank you by cyler New Member in Splunk Search 04-06-2018 0 7	0	7
Avoid rows less than certain number of alerts basic search \| timechart span = 5m count by host \| where count > 3 for today 10% of the time,the count is greater th... by manapuna New Member in Splunk Search 04-06-2018 0 3	0	3
Is there any way to restrict searches based on user's source IP address? Is there any way possible to restrict searches based on source IP of splunk user? Current environment is Splunk Ente... by brettcave Builder in Splunk Search 04-06-2018 0 7	0	7
How to fix firewall data Parsing issue from the syslogs? Hi All, We are facing an data parsing issue with the check point firewall logs. Problem Details : index=firewall... by Hemnaath Motivator in Splunk Search 04-06-2018 0 6	0	6
Using like() in a case statement not working Hey everyone. I am working with telephone records, and am trying to work around Splunk's inability to search for lite... by msarro Builder in Splunk Search 04-06-2018 0 2	0	2
Pass a value from a macro to a subsearch after doing a join Hi , I have a macro which gets values including host,now i do a left join .Once i do a left join in the subsearch on... by krishnab Path Finder in Splunk Search 04-05-2018 0 2	0	2
Count days without events Hello, I'm trying to get the sum of days where no events occurred by a city name. I found the following answer (htt... by bntdumas Engager in Splunk Search 04-05-2018 0 4	0	4
Why is Eventstats and Subsearch adding non-existent values to the table? My data is structured in a way that there exists multiple types of events, each with a specific id field that is uniq... by brajaram Communicator in Splunk Search 04-05-2018 0 3	0	3
Why is outputlookup not updating the csv file as intended? I have a lookup file in the form of test.csv in the test.csv there are two columns with date fields(date_first and da... by esmonder Path Finder in Splunk Search 04-05-2018 0 2	0	2
How can I remove additional field values? I've tried several different ways to resolve this issue including using 'rex' and 'replace' but I can't seem to get i... by chrisschum Path Finder in Splunk Search 04-05-2018 0 8	0	8
Why is the time picker not working with date in logs? Data is forwarded to Splunk every couple of days meaning that the _time stamp relates to the day it was sent to Splun... by davidcraven02 Communicator in Splunk Search 04-05-2018 0 6	0	6
How to find employee manager up to levels above until CEO using dbquery? I have a report that I run against Oracel db using dbquery to gather the following fields in a table EMPLOYEEID ,EMP... by LintuMathews Explorer in Splunk Search 04-05-2018 0 3	0	3
Splunk Query Exclude Question I am building a search query and trying to find the correct syntax to exclude specific combinations of source and des... by johann2017 Explorer in Splunk Search 04-05-2018 0 5	0	5
What is this (search_startup_time) field in _audit index ? Hi Folks May I know what is this search_startup_time field in this event from splunk _audit index & also would like ... by PowerPacked Builder in Splunk Search 04-05-2018 1 5	1	5
How to REGEX and ROUTE incoming syslog data to the correct index? I have an HF listener receiving syslog data from multiple sources. The source(s) events are going to the same index ... by Log_wrangler Builder in Splunk Search 04-05-2018 0 2	0	2
Field Extraction and search Here is the line in the log I am working with; Message=COMPUTERNAME [Monday, April 02, 2018 7:15:53 AM (GMT-06:00)]:... by cyler New Member in Splunk Search 04-05-2018 0 7	0	7
How to get the difference between 2 queries? This is the query that reports when a user last changed their password: index=_audit "action=password change" This... by kiamco Path Finder in Splunk Search 04-05-2018 0 5	0	5
Need help in creating timechart query I have hourly data for 30 days on execution of jobs. I wanted to create a timechart based on elapsed time. could you ... by jcvytla New Member in Splunk Search 04-05-2018 0 7	0	7
Could somebody assist with this query? Hi All We're importing our WAF logs into Splunk, and I'd like to create a table to shows where traffic is originatin... by kelvinJE Engager in Splunk Search 04-05-2018 0 2	0	2
What is desc short for? For example I've seen example queries that say "sort count desc" What is this doing? by summitsplunk Communicator in Splunk Search 04-05-2018 0 2	0	2
How to find events between date ranges? This has been answered but using the methods still do not provide the right results. I have a date column. Format i... by jimbolya11 New Member in Splunk Search 04-05-2018 0 2	0	2