Splunk Search

Community Activity

Why is the stats count showing higher count for date_ then other fields? I have a report that provides a summary of key activity by IP. I wanted to cross check that information against the ... by Gawker Path Finder in Splunk Search 03-16-2018 0 2	0	2
problem with join i am trying to join 2 indexes and ClientName. i find some rows are not joining on ClientName. but if i explicitly me... by jiaqya Builder in Splunk Search 03-16-2018 0 6	0	6
Regex Help Hi, I need a regex to extract at search time the values after ACTION[*] and up to the next character, regardless of ... by jacqu3sy Path Finder in Splunk Search 03-16-2018 0 4	0	4
How do I combine two unrelated inputlookups in the same search? Say I have one lookup which has various fields like host, source and other stuff. And another lookup which has fields... by timmag Explorer in Splunk Search 03-16-2018 0 5	0	5
Need to benchmark IOPS reliably Hi, Can someone recommend a linux utility to reliably benchmark IOPS on local, NFS and iSCSI volumes? I need someth... by ivog Engager in Splunk Search 03-15-2018 1 2	1	2
How to use transaction command with message and as argument? How to use message name as argument for transaction command? I have logs relate to a particular message ID for one so... by abhi04 Communicator in Splunk Search 03-15-2018 0 4	0	4
high cpu over xtime alert I want to create an alert when the cpu is at 50% or higher for greater than 5 mins. I thought this would work, but i... by mcbradfordwcb Engager in Splunk Search 03-15-2018 0 1	0	1
Return values of field that dc is ran on instead of just the count Hello all, I have the following search: index="vpn_gateway" eventtype="vpn-authall" \| stats dc(vpnuid) by vpnc... by trc29 Engager in Splunk Search 03-15-2018 0 1	0	1
Why are several JSON fields getting extracted more than once at search-time? At search-time, several fields get extracted more than once, even if they only exist once in the event. I know I can ... by mathiask Communicator in Splunk Search 03-15-2018 0 6	0	6
combining stats question, can I do this as one search instead of appending 2? BASE_SEARCH \| rex field=dest_host "^(?<hostname>([a-z0-9\.\-]*\.)?(?<Domain>[a-z0-9\-]{2,}(?=\.[a-z\.]{3,})\.(?<tld>... by bkirk Path Finder in Splunk Search 03-15-2018 0 3	0	3
Timechart with no data gives "No results found" I want to show the number of bad errors each minute over an hour time period to show as an embedded report. I am usi... by burwell SplunkTrust in Splunk Search 03-15-2018 1 13	1	13
Matching String in line of texts in splunk Hi, I am quite new to splunk platform. Can you please help me out here with my requirement: I have to write a logic... by rakeshyv0807 Explorer in Splunk Search 03-15-2018 0 5	0	5
Match values under 2 different fields Need help. Appreciate in advance. I have 2 lookup csv. I need to match each value under "numberX" field against the ... by linwqg New Member in Splunk Search 03-15-2018 0 12	0	12
SPL to find users NOT in ldapsearch subsearch results Looking for how to query for users that are logging in via Remote Desktop which are not in a certain OU in Active Dir... by jgbricker Contributor in Splunk Search 03-15-2018 0 4	0	4
How to display multiple field ips using geostats Hi, I have three fields which outputs Ip addresses. is there a way to display all these three field IP addresses on ... by rakeshyv0807 Explorer in Splunk Search 03-15-2018 0 3	0	3
how to make raw data in visual format? i have raw data with time stamp..ID..target page. i want this to be visualized. how can i do? by logloganathan Motivator in Splunk Search 03-15-2018 0 1	0	1
Timechart last month to prior month comparison with trend Hi, I am trying to compare the number of events from last month to the prior month. So January and February and disp... by timm747747 Path Finder in Splunk Search 03-15-2018 1 2	1	2
How to inputlookup a csv file which contains only the hostnames and get the field values of A,b and C? I have a lookup file which contains a list of hostnames under the field Host like below Host abd addf fdfs Now how... by pavanae Builder in Splunk Search 03-15-2018 1 3	1	3
Map/Join Search query with lookup, when field in null Hello, I am trying to Join/map Search query result with lookup table. I am close to perfect query, Just not be able... by AKG1_old1 Builder in Splunk Search 03-15-2018 1 8	1	8
what is use of diff command Hi , I tried understanding diff command from spunk.doc unable to understand,could you please let me know use of diff ... by maheshsat Explorer in Splunk Search 03-15-2018 1 2	1	2
Why am I getting "Error in '\| metadata' " when trying to get the earliest event in a particular index? I am attempting to determine the earliest event in a particular index by executing the following search over All Time... by _smp_ Builder in Splunk Search 03-15-2018 0 4	0	4
Issue combining 2 sourcetypes into 1 table I am using the following search: index=nessus sourcetype="nessus:plugin" OR sourcetype="nessus:scan" each time I pi... by cc3658 Explorer in Splunk Search 03-15-2018 0 5	0	5
Match events in search by fields Hello I have a serach that gives me back two types of events. event A with field r_code and some other fields while e... by Ponczi1 Explorer in Splunk Search 03-15-2018 0 3	0	3
How to analysis the occurrence of an ERROR on a give field with some other field? I have a log, and in theis log I have a field that I have called Informative. This Informative can assume the followi... by brober27 New Member in Splunk Search 03-15-2018 0 3	0	3
Specific Alert Hi, I would like to Know if it is possible ! I want to send an email on the adress mail content on my log . For exa... by geantver0000 Engager in Splunk Search 03-15-2018 0 1	0	1