Splunk Search

Community Activity

tstats and inputlookup case sensitive problem We had problem this week with logs indexed with lower or upper case hostnames. We run this query in a scheduled macro... by splunkreal Motivator in Splunk Search 03-12-2018 0 4	0	4
How to get tstats results non-case sensitive? Hello, how to get tstats results non-case sensitive? \| tstats latest(_time) as latest,earliest(_time) as earliest W... by splunkreal Motivator in Splunk Search 03-12-2018 1 2	1	2
How to use EVAL Concatenation within TSTATS? Want to improve the TSTAT for the "Substantial Increase In Port Activity" correlation search. \| tstats allow_old_su... by donaldwayne1975 Path Finder in Splunk Search 03-12-2018 0 1	0	1
Rex Error help: How to extract a certain part of a string? Hi, I want to extract a certain part of a string, for instance: Input \\domain.org\teams\team1\bla\bla\bla \\domai... by bomran Explorer in Splunk Search 03-12-2018 0 4	0	4
Use field as _time for Timechart and timepicker I'm trying to chart some phishing logs over time which contain 3 time values: _time - The time when an analyst proces... by Kieffer87 Communicator in Splunk Search 03-12-2018 1 2	1	2
How to use Eval in Props.conf? I am using EVAL in my props.conf to create a multi-value field. EVAL-test = split(test,",") test = this,that,xyz ... by pfabrizi Path Finder in Splunk Search 03-12-2018 0 1	0	1
How to invoke SPL from a field? Hi all, I' searching for a possibility to invoke SPL from a field. Background: I want to dynamically display tables ... by schose Builder in Splunk Search 03-12-2018 0 3	0	3
Calculation of percentage based on the results from 3 different searches with a common value I have calculated % from 3 different searches and i am getting the result perfectly fine. source="log-ura" "Flag Fi... by klchandrakanth Explorer in Splunk Search 03-12-2018 0 4	0	4
TRANSFORMING TABLE I have data as given below in table format A B C D E F 517 2498 186 1000 250 ... by nkankur Path Finder in Splunk Search 03-12-2018 0 5	0	5
Can a report cloned as inline search(no external dependencies) in dashboard refresh from data source? Is it a static clone or it can be updated constantly? Also, how do i allow changed in the original pivot to be updated directly in the inline search? by valerie_tan Path Finder in Splunk Search 03-12-2018 0 17	0	17
What is an inline Search, How to create one, Impact of using it, Any Splunk documentation for inline search. What is an inline Search, How to create one, Impact of using it, Any Splunk documentation for inline search. by gagandeep_arora Path Finder in Splunk Search 03-12-2018 0 4	0	4
Pass parent search field value to a subsearch Hi, I want to know if there is a way to pass parent search field value as source/input for sub-search for a differen... by Dakxh Explorer in Splunk Search 03-11-2018 0 4	0	4
Choropleth Map error to draw polygon from KML files Hi, I'm trying to draw a polygon on choropleth map using custom kml file in Splunk (6.5.1), but the polygon not shown... by maratus2013 New Member in Splunk Search 03-11-2018 0 0	0	0
eval if command with returned value = all from dropdown list Hello all, I'm forming the eval query based on the value extracted from dropdown token. \| eval city=if((_raw LIKE ... by krusovice Path Finder in Splunk Search 03-11-2018 0 12	0	12
Refining Threat Activity Search So I am trying to refine my Threat Activity Detected Search to only show "Allowed" connections rather than any blocke... by mtaylor78 Engager in Splunk Search 03-11-2018 2 1	2	1
Anyone interested in doing a session during splunkconf18 with AWS SA? Total shot in a dark, but i figured this is good way to build some friendships. I'm Solutions Architect with AWS Part... by tmak Explorer in Splunk Search 03-11-2018 0 2	0	2
eval shown in my email? How do i get this search to send the following eval shown in my email? I am getting email now but no result found sho... by dave0970 Engager in Splunk Search 03-11-2018 0 11	0	11
Is it possible to have SPLUNK reporting every computer usage on the network and how? I would like to be able to run a report showing the computer usage of every client on my network. Is there a way I ca... by tweedyloebus New Member in Splunk Search 03-11-2018 0 5	0	5
Custom command with splunklib not working I want to write custom search command with one argument(option). Below is the code that I've written, but I'm not get... by VatsalJagani SplunkTrust in Splunk Search 03-11-2018 0 1	0	1
How would I find characters displayed in a XSS probe and how would I use splunk to decode the URL? As stated above. Looking for indication of XSS probe and associated characters. I know this could be URL encoded and ... by tmalcom New Member in Splunk Search 03-10-2018 0 1	0	1
Group by field and sum by previously summed column? I am attempting to create sub tables from a main table, progressively removing columns and grouping rows. I have cre... by rkassabov Path Finder in Splunk Search 03-10-2018 0 1	0	1
Better way of getting the series of events and all the field values Right now i am using the transaction command to get a sequence of events based on a common field value. The resulting... by macadminrohit Contributor in Splunk Search 03-10-2018 0 2	0	2
How to get the real time status of a job? I am trying to get the current status of a job that is running now from the logs. Suppose there are job events like ... by loveforsplunk Explorer in Splunk Search 03-10-2018 0 2	0	2
Group records by two fields Hi, I have the data like below: TransactionID1 TransactionID2 aaaaaaaaaaaa aaaaaaaaaaaa aaaaaaaaaaaa bbbbbbb... by varun99 Path Finder in Splunk Search 03-10-2018 0 2	0	2
Calculate diff in timings of down and up consecutive events and show if more than 10 days Example Logs(ignore time format as it is as expected by splunk : 1 jan neibhor is up 10 jan jan neibhor is down 20 ja... by atulitm Path Finder in Splunk Search 03-10-2018 0 8	0	8