Splunk Search

Community Activity

	Add a column with a count of unique IP's to a chart Hi@all, i'm new a splunk and been trying to figure out this for a while now. But for me it is not possible to add a ... by markus007 Engager in Splunk Search 03-14-2018 0 6	0	6
	lookup file csv i have a search in splunk search dest_ip=10.10.20.3 OR dest_ip=10.2.3.5 OR dest_ip=10.6.7.4 OR dest_ip=10.0.4.6 . I ... by vumanhtai Path Finder in Splunk Search 03-14-2018 0 1	0	1
	need to show completion percentage with the following query the following produces all of the other stats except completion percentage sourcetype=access_combined \| transaction ... by bluemarvel Path Finder in Splunk Search 03-14-2018 0 3	0	3
	DNS Names in Events Hi there, We are migrating from Kiwi syslog and one of the things Kiwi can do is show hostnames instead of IP addres... by FraserC1 Path Finder in Splunk Search 03-14-2018 0 4	0	4
	"outputlookup" vs "action.populate_lookup"? I'm trying to figure out some discrepancies between the outputlookup search command and the action.populate_lookup sa... by Lowell Super Champion in Splunk Search 03-14-2018 0 4	0	4
	How to count from raw lines? I have a lot of RAW data with this format: date_time,serverA,down date_time,serverB,down date_time,serverA,down date_... by ndiphe13 Engager in Splunk Search 03-13-2018 0 3	0	3
	How to build a table from two index sources with a common id I am completely new to splunk so correct me if i am wrong i have 2 sources of data which contains status codes for th... by nottheboss Engager in Splunk Search 03-13-2018 0 1	0	1
	Extract multiple file names from email attachments Trying to extract all email attachments file names. I am no good with Rex/Regex, so I used the automatic extraction i... by biers04 Explorer in Splunk Search 03-13-2018 0 5	0	5
	Upgrade from 6.5.2 to 7.0.2 - Process Just wondering if there is a staged upgrade process for going from 6.5.2 to 7.0.2. Do we have to go to 6.6.0 first ... by dtfinfrastructu New Member in Splunk Search 03-13-2018 0 1	0	1
	How to find queued jobs from audit.log? Hello, is there a way I can find if a particular job was queued by looking at the audit logs? I never see the status ... by arpit_arora Explorer in Splunk Search 03-13-2018 0 3	0	3
	count of values per event Hi All , i have an event as below Date first seen Duration Proto Src IP Addr:Port Dst IP Addr:Port Packets Bytes Fl... by suryaavinash Explorer in Splunk Search 03-13-2018 0 12	0	12
	How do I remove specific characters from a string? For example, I have a string "agreementinquiry-web-2.0.3". My result should only have "agreementinquiry". by joachimroshan New Member in Splunk Search 03-13-2018 0 1	0	1
	Counting an event and then averaging it over a month Hello I'm very new to Splunk and have so far been consuming data as .csv files in order to test things out. I have ... by scornell2 Engager in Splunk Search 03-13-2018 0 3	0	3
	How to count a pattern in one cell Hi I have the following data written to one field. When i run source_SERVICES_count=mvcount(source_SERVICES) i ... by robertlynch2020 Influencer in Splunk Search 03-13-2018 0 2	0	2
	How to write the regex to extract a field with optional end anchors? I haven't a clue why I cannot find this particular issue. I would think it would come up all the time. I want to ext... by Cuyose Builder in Splunk Search 03-13-2018 0 5	0	5
	Using search result(s) in a second, separate search Hi All, I am looking to create a dashboard to support ongoing investigations. This dashboard will have many panels ... by MikeElliott Communicator in Splunk Search 03-13-2018 0 4	0	4
	How to exclude duplicate field values from different fields Hi All, I am writing a search string for Windows, which should return events where a privileged user (Source_User) h... by MikeElliott Communicator in Splunk Search 03-13-2018 0 11	0	11
	Discrepancy between raw search and accelerated data model search I have a customer who has tasked me with coming up with a strategy for monitoring that the output of data model searc... by responsys_cm Builder in Splunk Search 03-13-2018 0 3	0	3
	How do I independantly scale x-axis in charts in Trellis? Hello Splunk Community, I'm trying to display multiple charts of data with Trellis. Example: Chart 1 will have a x-ax... by rormond New Member in Splunk Search 03-13-2018 0 4	0	4
	Add a custom field at index time based on sourcetype or index name Hi everyone. I've been going back and forth through the docs and other answers posted here, but nothing definitive i... by DEAD_BEEF Builder in Splunk Search 03-13-2018 0 7	0	7
	Transform a field into a multi-value field Hi, I have an auto extracted field with comma separated values. DesiredAccess = Read Data; List Directory; Read Att... by ikulcsar Communicator in Splunk Search 03-13-2018 0 4	0	4
	How do I edit my search to remove specific substrings from URI values in my results? ri_domain=HTTPS://xxxxxxx.com ".jsp" \| top limit=10 uri Under the statistics tab, I get different URIs with coun... by manjunathin New Member in Splunk Search 03-13-2018 0 4	0	4
	I am using subsearch and trying to pass ID from sub to the main and trying to calculate minimum of time by ID using tstats. My normal query is working fine. Normal index query : searchA[search search B\|stats count by _time,BusinessIdentifier\|return BusinessIdentifier]\|stat... by payal23 Path Finder in Splunk Search 03-13-2018 0 2	0	2
	rex expression does not works as expected I have a following splunk log 2018-03-13T06:28:23.543266+00:00 Commissions.development.loan*** 103a9[[APP/PROC/WEB/0... by karthi25 Path Finder in Splunk Search 03-13-2018 0 3	0	3
	How to use String fields in chart?? I want to use the string Fields in the chart. Please help me on this. EX: Date Duration Volume 01-... by Rajkumarkbm Engager in Splunk Search 03-13-2018 0 2	0	2