Splunk Search

Community Activity

Splunk - Join two queries from same index and eventtype I have the following two events from the same index (VPN). I've been unable to try and join two searches to get a tab... by mikeyemane New Member in Splunk Search 03-21-2018 0 7	0	7
Splunk license usage per sourcetype Hello, Is there a way to find out which sourcetype is sending too much of data to an index. i know an index but i wo... by iamlearner123 Explorer in Splunk Search 03-21-2018 0 3	0	3
How do I remove rows with null values on single/multivalue fields? Hello Everyone I have a below search query that results me 4 column table. Process, RunID, StartTime and EndTime. s... by maria2691 Path Finder in Splunk Search 03-21-2018 0 20	0	20
extract name from multivalue Within MSAD, the manager field looks like this: manager=CN=The Boss,OU=HLGIT,OU=CO,OU=mytownUsers,OU=ourFIRE,DC=ourc... by mcbradfordwcb Engager in Splunk Search 03-21-2018 0 1	0	1
How to find the oldest timestamp of an event available for search I would like to find the oldest timestamp of events available for search (with respect to sourcetype) in an index. Me... by jayakumar89 Explorer in Splunk Search 03-21-2018 0 3	0	3
How to sort using formatted time Hi, I have a result table with two columns "formattedTime" and "Unsuccessful logins". I am displaying time in the fo... by rakeshyv0807 Explorer in Splunk Search 03-21-2018 0 2	0	2
Why is the background search failed with an error "search was canceled"? We are running Splunk v 7.0.1. One of our splunk users sent a search to the background and received the following ema... by mlevsh Builder in Splunk Search 03-21-2018 0 4	0	4
How to use an index for a lookup Noob question. I had about a dozen CSVs that had the same information on them but the columns were out of order. I ... by subhuman New Member in Splunk Search 03-21-2018 0 3	0	3
Why it changes the sourcetype for all sourcetype I am trying to change the sourcetype of all events that are not from sourcetype starting with xyz. I am using follow... by ss026381 Communicator in Splunk Search 03-21-2018 0 7	0	7
Search all the login events from a location Need to run a report where the user is supposed to work remotely for 110 days in any given 365 days. The 365 days is ... by jarapally Explorer in Splunk Search 03-21-2018 0 8	0	8
Tracking of particular field I have two fields from them I want to track particular one field with starting of this & ending of that value. For th... by N92 Path Finder in Splunk Search 03-21-2018 0 3	0	3
Can Splunk perform multiple searches using a single request and return the results separately? I am querying Splunk REST API and wish to send multiple queries in a single POST request. Is it possible to get separ... by mj8909 New Member in Splunk Search 03-21-2018 0 2	0	2
Search if a field is in the results of a subsearch I have a search that starts out like this; index=my_index field1=abc field2=def ( field3=aaa OR field... by OldManEd Builder in Splunk Search 03-21-2018 0 5	0	5
Regex to extract email domain name I have two regexes below which are pulling the domain name of the email sender (from). i.e linkedin.com, amazones.com... by davidcraven02 Communicator in Splunk Search 03-21-2018 0 5	0	5
Colud not use strptime to prase the timestamp pipe Hi , I am not able to parse the below log format using timeformat -props.conf It is giving me a warning unable to pa... by smdasim Explorer in Splunk Search 03-21-2018 0 3	0	3
Can't use eval function on fields extracted from json log using spath I have extracted fields from a json log using spath, I want to add double quotes to the tabled results using ... \| e... by myobmatt New Member in Splunk Search 03-21-2018 0 5	0	5
How to chart field values by another field _time? Hi, I am running this query: index=servers sourcetype=json Name=* Version=* Id=* \| dedup _raw \|fillnull bdy.ex.Msg ... by macadminrohit Contributor in Splunk Search 03-21-2018 0 2	0	2
Manual Input Form Hi all, Well a long night and day of reading about every post on forms and manual input to no avail. I'm looking f... by gabarrygowin Path Finder in Splunk Search 03-21-2018 0 4	0	4
Where to place common python libraries I have multiple alert actions in Python. I am trying to have the modalert helper for each action to load a common li... by eddieparra New Member in Splunk Search 03-21-2018 0 11	0	11
How can I eliminate similar results? I have a query that is returning similar, but not exact results. In the example results below, I want to get rid of '... by donrtowery New Member in Splunk Search 03-21-2018 0 3	0	3
Search Multiple Sourcetypes using different fields - return all rawevent information for all sourcetypes I need help figuring out the best way to get the information I want in one query. I have indexA with sourcetypeA, so... by jeurich New Member in Splunk Search 03-21-2018 0 2	0	2
Working with boolean operations like an arithmetic operation. Hello Everyone, I've just done a Splunk query that it required a lot of conditionals and I just wanted to use boolean... by jrballesteros05 Communicator in Splunk Search 03-21-2018 0 8	0	8
Conditional count using tstats Is it possible to do a conditional count using tstats? I want to count specific event_type: (count if(event_type = 'x... by eranday New Member in Splunk Search 03-21-2018 0 5	0	5
Is it possible to do a conditional count using tstats? Is it possible to do a conditional count using tstats? I'm trying use the following which is the syntax that I would ... by cramasta Builder in Splunk Search 03-21-2018 2 4	2	4
How to configure the input for ADFS Based on what I've found I configured the following inputs.conf in a test tier as follows: [WinEventLog://AD FS/Admin... by MikeBertelsen Communicator in Splunk Search 03-21-2018 0 5	0	5