Splunk Search

Community Activity

How to write queries for below condition ? Hi, we have hosts a,b,c,d,e,f hosts looking for visualizations ? 1)Trend count of all "filedname " per week for l... by splunker969 Communicator in Splunk Search 03-29-2018 1 15	1	15
How to create an INPUTLOOKUP that matches field1 but NOT field2? Hello, I am trying to perform a search against a lookup table that contains 2 columns (RDOMAIN and SDOMAIN). I would ... by mobrienmoore1 New Member in Splunk Search 03-29-2018 0 1	0	1
Stats count on list of values from lookup and how many times they are displayed in the results. I am currently running a dashboard with a datamodel. The dashboard is run against bulk IOCs from a lookup. How can I ... by ajinaqvi New Member in Splunk Search 03-29-2018 0 2	0	2
How to add results from stats value? Hi I have a field called department, on that field i have multiple values like department=Production for Medicine... by n4niyaz Explorer in Splunk Search 03-29-2018 0 4	0	4
IPLocation: how to use with both src-ip and dest-ip? Hello, I know how to use the iplocation command to obtain geo ip information for a single field, for example: sourc... by echojacques Builder in Splunk Search 03-29-2018 0 2	0	2
Create alert that checks every 30 mins if the attempt to FTP file to another host fails 3 times in a row? Goal: If "[FATAL]" FTP message to same destination host "host-xyz" is found 3 times within 1 minute, then trigger ale... by damonmanni Path Finder in Splunk Search 03-29-2018 0 2	0	2
stats, empty columns and fillnull I've problems not only with fillnull in this search which doesn't fill my columns with 12. If I add "\| table *" after... by astarchenkov Explorer in Splunk Search 03-29-2018 0 2	0	2
Transaction Question Trying to calculate the duration between two log messages, have found many resources online but nothing seems to work... by justintaylor9 Explorer in Splunk Search 03-29-2018 0 17	0	17
two indexes A power user cannot get results from index=* or index=foo OR index=bar when an admin can Below is the authorize.conf... by LoganRhamy New Member in Splunk Search 03-29-2018 0 4	0	4
Compare three date/time ranges Hi All, I have three dates which I need to compare, the dates that I have is: date1=03/29/2018 04:59:26 #this can b... by abbam Explorer in Splunk Search 03-29-2018 0 9	0	9
Basic Regex Field Extraction I want to extract from "Mozilla" to the closed quotes, pulling everything up to and including 27.0", how come my rege... by JPrictoe Loves-to-Learn in Splunk Search 03-29-2018 0 3	0	3
How to use tags in stats/eval expression? Hello Community, I have defined some tags like: Field=Value --> TAG OBJECT_TYPE=*_EMS --> EMS No... by hse8fe Explorer in Splunk Search 03-29-2018 1 5	1	5
How to validate regex expression? my regex: s/[^a-z]+\d/####/g Output: /v3/securemessages/members654fdfgd2-b2ad545a-b2f2-d545eb545d45/messages/incide... by karthi2809 Builder in Splunk Search 03-29-2018 0 8	0	8
How I can find duplicate fields in other message action on one index? Hi colleagues. I have many fields on other tasks on other message action in one index. My aim - find all duplicates f... by darkbenladan New Member in Splunk Search 03-29-2018 0 0	0	0
monitoring freeradius raddact files Hello, I'd like to monitor raddact files. I have the following config in inputs.conf.: [monitor:///var/log/freeradi... by ipteam Engager in Splunk Search 03-29-2018 0 5	0	5
Why did the lookup file not move despite changing its read perms? I changed the permissions on a lookup file from the UI via Manage Apps - > Search and Reporting -> View Objects -> Re... by sarahafrin Explorer in Splunk Search 03-29-2018 0 1	0	1
unable to finish extracting fields Hi I am new to splunk using it to collect syslog data, I started extracting fields after the 4 field I get this erro... by cybonet New Member in Splunk Search 03-29-2018 0 6	0	6
how to get difference between one value and the other values in a particular column or row? my data is like the table below. Column C is what I need to calculate: A----B----C 10----12----? 25----20----? 23----... by pramit46 Contributor in Splunk Search 03-29-2018 0 5	0	5
help to build the query using abstract command base query \| regex field= "XXX(?.)" \| stats count by regular_expression_value this query displaying 5 lines but wa... by logloganathan Motivator in Splunk Search 03-29-2018 0 17	0	17
viewing transforming command reult i want to display the output for the particular log with server name,error value and count eg: servername ABCD error ... by logloganathan Motivator in Splunk Search 03-29-2018 0 5	0	5
What is the difference between views and searches in uri after an app name? In an uri of any saved search at some places there is '/views/' and '/searches/' after an app name. I want to know th... by JuhiSaxena Explorer in Splunk Search 03-28-2018 0 6	0	6
Why does the dashboard search break, become limited, or run extremely slow but searching through the search app works fine? Lets say I have a search: ((value1 OR value_*) OR (status=404 OR status=500 OR status=503)) (index="main" OR index=... by SLoBello Explorer in Splunk Search 03-28-2018 0 4	0	4
How to get the difference between first and last fields of each row I have a table like below Month Col1 Col2 Jan 10 20 Feb 30 40 Mar ... by shihabno New Member in Splunk Search 03-28-2018 0 6	0	6
How to log in with IDs radius in the radius_auth application? Hello Everybody I installed the radius_auth application and I followed the procedure correctly. But when I try to l... by ALLIACOM New Member in Splunk Search 03-28-2018 0 0	0	0
Extract search window for all types searches run in splunk I want to run a query to extract all the searches that have been run in splunk , to identity search date ranges provi... by kapadiamayur New Member in Splunk Search 03-28-2018 0 1	0	1