Splunk Search

Community Activity

Search if a field is in the results of a subsearch I have a search that starts out like this; index=my_index field1=abc field2=def ( field3=aaa OR field... by OldManEd Builder in Splunk Search 03-21-2018 0 5	0	5
Regex to extract email domain name I have two regexes below which are pulling the domain name of the email sender (from). i.e linkedin.com, amazones.com... by davidcraven02 Communicator in Splunk Search 03-21-2018 0 5	0	5
Colud not use strptime to prase the timestamp pipe Hi , I am not able to parse the below log format using timeformat -props.conf It is giving me a warning unable to pa... by smdasim Explorer in Splunk Search 03-21-2018 0 3	0	3
Can't use eval function on fields extracted from json log using spath I have extracted fields from a json log using spath, I want to add double quotes to the tabled results using ... \| e... by myobmatt New Member in Splunk Search 03-21-2018 0 5	0	5
How to chart field values by another field _time? Hi, I am running this query: index=servers sourcetype=json Name=* Version=* Id=* \| dedup _raw \|fillnull bdy.ex.Msg ... by macadminrohit Contributor in Splunk Search 03-21-2018 0 2	0	2
Manual Input Form Hi all, Well a long night and day of reading about every post on forms and manual input to no avail. I'm looking f... by gabarrygowin Path Finder in Splunk Search 03-21-2018 0 4	0	4
Where to place common python libraries I have multiple alert actions in Python. I am trying to have the modalert helper for each action to load a common li... by eddieparra New Member in Splunk Search 03-21-2018 0 11	0	11
How can I eliminate similar results? I have a query that is returning similar, but not exact results. In the example results below, I want to get rid of '... by donrtowery New Member in Splunk Search 03-21-2018 0 3	0	3
Search Multiple Sourcetypes using different fields - return all rawevent information for all sourcetypes I need help figuring out the best way to get the information I want in one query. I have indexA with sourcetypeA, so... by jeurich New Member in Splunk Search 03-21-2018 0 2	0	2
Working with boolean operations like an arithmetic operation. Hello Everyone, I've just done a Splunk query that it required a lot of conditionals and I just wanted to use boolean... by jrballesteros05 Communicator in Splunk Search 03-21-2018 0 8	0	8
Conditional count using tstats Is it possible to do a conditional count using tstats? I want to count specific event_type: (count if(event_type = 'x... by eranday New Member in Splunk Search 03-21-2018 0 5	0	5
Is it possible to do a conditional count using tstats? Is it possible to do a conditional count using tstats? I'm trying use the following which is the syntax that I would ... by cramasta Builder in Splunk Search 03-21-2018 2 4	2	4
How to configure the input for ADFS Based on what I've found I configured the following inputs.conf in a test tier as follows: [WinEventLog://AD FS/Admin... by MikeBertelsen Communicator in Splunk Search 03-21-2018 0 5	0	5
Check to compare value with csv contents I'm trying to build a pass/fail check to see if a machine already exists in a csv, as I have a dashboard with a text ... by davidcraven02 Communicator in Splunk Search 03-21-2018 0 4	0	4
How to filter search results by lookup tables based on matching the fields and arithmatic conditions I want to filter my search results based on lookup table. But the road block here is that I want not only to match fe... by isamrat Explorer in Splunk Search 03-21-2018 0 1	0	1
Timechart returns no data in smart mode, but does return data in Verbose mode I have a problem with a query, that I'm trying to use on a dashboard. It works weird: sometimes it returns expected r... by sergevic Explorer in Splunk Search 03-21-2018 1 16	1	16
How to get at two fields from a subsearch that has a subsearch? I am working with a search like this: dovecot [ search DHCPACK [ search host="airport*" "Associated with sta... by lisa_1 Explorer in Splunk Search 03-21-2018 4 4	4	4
how can I get an aggregation like max() for multiple happenings over a diffenrent periods? My results are in the following table: happening time_duration Aufnahme zaehler_anzahl 1 ... by GDude New Member in Splunk Search 03-21-2018 0 0	0	0
How to extract below field from logs ? Hello, I need to create a dashboard which shows error messages & its count over the time. i have a logfile like belo... by Dinesh_Raja Path Finder in Splunk Search 03-21-2018 0 8	0	8
How to create a dashboard which shows Error messages in X axis with the time span & Error Count in Y axis ? Hello All, I have to create a real time dashboard which give insight on the different type of errors and how many su... by Dinesh_Raja Path Finder in Splunk Search 03-21-2018 0 2	0	2
How to extract fields from events where the field location isn't constant and keeps changing? I want to write a query or rex under field extraction, to extract each value following a string and stopping at coma,... by VI371887 Path Finder in Splunk Search 03-20-2018 0 4	0	4
Extracting one field into multiple fields I have some data that looks similar to the following: { Name: Record1 Tags: [ { Key: Tag1 Value:... by BearMormont Path Finder in Splunk Search 03-20-2018 0 1	0	1
help with [Table values of Search 1] in Search 2 -- subsearch I have a requirement where i got to see if the results of a Search1 with Index1 are available in search2 with Index2.... by suryaavinash Explorer in Splunk Search 03-20-2018 0 2	0	2
Modify a wildcard based lookup to include real values to use in Lookup command? Can you improve this? I am trying to use a wildcard based lookup table as part of a query that will get all non-wildcard based values so th... by MonkeyK Builder in Splunk Search 03-20-2018 0 0	0	0
top 10 vendors having high total volume and high failure Hi All, My requirement was we needed to analyse issues with vendors who are failing to perform and for this, I need... by arjitgoswami Explorer in Splunk Search 03-20-2018 0 4	0	4