Splunk Search

Community Activity

	How to get mac addresses from static lookup table into IDS report? I have an input lookup table called mac_addresses.csv It has sections for IP, MAC, & OS. I can view it for i.e \| ... by Splunk0n New Member in Splunk Search 03-24-2018 0 2	0	2
	How to create a table with field value as column header, and another field value as the column value? I have data like 1. { studentId: 1111 subject: math grade: A } 2. { studentId: 1111 subject: ... by qxintuit Engager in Splunk Search 03-24-2018 0 2	0	2
	Is it possible to add only some specific values from lookup? Hello. I use a dbxquery to import some user data including user priority. The result looks like this: user \| pri... by AlexeySh Communicator in Splunk Search 03-24-2018 0 2	0	2
	Help with field extraction I have the following event being returned (any event that includes "Streaming"): Streaming 29 items to https://test.... by griffinpair Path Finder in Splunk Search 03-24-2018 0 4	0	4
	Dashboard panels with depends attribute still execute search with display? I am building a dashboard that has multiple panels and some searches are slow. So I added an input checkbox to contr... by wang Path Finder in Splunk Search 03-23-2018 0 4	0	4
	Is it possible to run a real time search and update the missed historic data? My task is to create a real-time search, ideally to run 24/7. Now the problem arises when I close my program(not nece... by f2mahmud Engager in Splunk Search 03-23-2018 0 0	0	0
	search report query with stats My below query works fine: index="jenkins-cicd-" source="*/test-metrics-summary.json" \| rex max_match=0 field=_raw... by kasimbekur Explorer in Splunk Search 03-23-2018 0 10	0	10
	Why do we get the exited with code 255 errors? When we search (on stage) using index = <index name>, no results come up and we get the following - 2 errors occurre... by ddrillic Ultra Champion in Splunk Search 03-23-2018 0 2	0	2
	How to extract a string using regex? Hello all, I am trying to write a regex to extract a string out an interesting field that I have already created an... by AbubakarShahid New Member in Splunk Search 03-23-2018 0 3	0	3
	How to find the first alphabetical value? Hi, I have a field which returns values in the following format: 10.6.3319.19 10.7.2113.33 10.6.179.135 10.7.2025.... by samwatson45 Path Finder in Splunk Search 03-23-2018 0 7	0	7
	Why is the subsearch truncating when using JOIN in the query? I am joining two queries by a common field but the problem is that the subsearch is truncating is there a better way ... by vrmandadi Builder in Splunk Search 03-23-2018 0 12	0	12
	How do I highlight an event in the timeline? I commonly need to find patterns within relation to a certain event. For instance I want to view all error logs after... by safetytrick Engager in Splunk Search 03-23-2018 0 5	0	5
	regular expression to find special character I want to use regular expression which should get special charcter in Splunk Please help in this by logloganathan Motivator in Splunk Search 03-23-2018 0 8	0	8
	Splunk 7 / Win2012r2: Retrieve Tag's Value, based on another Tag's Value & Time Hello, I'm new to Splunk. Need some advice, I need to do as follows: Pls. see attached, the sample. Tag 1 = Producti... by htkwan Path Finder in Splunk Search 03-23-2018 0 0	0	0
	How do I find an orphaned search in Splunk 6.4.1? After migrating to 6.4.1, we are now notified of orphaned objects. Cleaned them up or cloned them to new ones, but on... by tweaktubbie Communicator in Splunk Search 03-23-2018 0 11	0	11
	How can I display the count of host in the header? Hello, First of all I'm a splunk noob, I just got started and i'm learning... I have a simple search that returns a ... by lucien62 New Member in Splunk Search 03-23-2018 0 2	0	2
	Search for multiple values in field Hi, I am trying to omit search results for a field that might have a couple of different values. any ideas how to be... by banzen Engager in Splunk Search 03-22-2018 0 4	0	4
	How to get Wildcards and Special Characters on lookup table? I'm posting this as everything I have been referencing is from years ago. I need to relate Users to GPO changes. Th... by rororspec Explorer in Splunk Search 03-22-2018 0 10	0	10
	Determining if a CIDR Block is completely contained in another I'm looking for a way to take a CIDR range in the format x.x.x.x/x and tell if it is completely enclosed within one o... by BearMormont Path Finder in Splunk Search 03-22-2018 0 2	0	2
	How to compare two fields and result in a 'pass' or 'fail' in another field (give or take a count of 5)? Hello. I'm trying to compare two panels to see if there are any changes in the count. Both panels should be equal b... by Derben New Member in Splunk Search 03-22-2018 0 11	0	11
	What is a command that does the opposite of mvcombine? So, I know MV Combine asks that you specify the one unique field in a set of results, and returns a multi-value entry... by Haybuck15 Explorer in Splunk Search 03-22-2018 0 1	0	1
	How to search for all IP's not in a lookup table. Basically I want to use the inputlookup myspreadsheet.csv and I want to find all IP's that are not in that .csv file. by turnerde New Member in Splunk Search 03-22-2018 0 4	0	4
	Trying to match 2 fields in 2 different sources by wildcard I have 2 sources with different pieces information and i'm trying to return a coalesced search based on a partial mat... by fotc1969 New Member in Splunk Search 03-22-2018 0 3	0	3
	Why is the Syntax Highlighting options missing? When I visit my account setting in my splunk web instance any reference to Search options are not visible. Including ... by jat75 Explorer in Splunk Search 03-22-2018 0 2	0	2
	Why do I get "-bash: splunk: command not found" when I try to run the "splunk enable boot-start -user splunk" command? I log in to my Indexer as root, cd to /etc/init.d and then ran the "splunk enable boot-start -user splunk" command. A... by dharveynswccd Path Finder in Splunk Search 03-22-2018 0 3	0	3