Splunk Search

Community Activity

Issue combining 2 sourcetypes into 1 table I am using the following search: index=nessus sourcetype="nessus:plugin" OR sourcetype="nessus:scan" each time I pi... by cc3658 Explorer in Splunk Search 03-15-2018 0 5	0	5
Match events in search by fields Hello I have a serach that gives me back two types of events. event A with field r_code and some other fields while e... by Ponczi1 Explorer in Splunk Search 03-15-2018 0 3	0	3
How to analysis the occurrence of an ERROR on a give field with some other field? I have a log, and in theis log I have a field that I have called Informative. This Informative can assume the followi... by brober27 New Member in Splunk Search 03-15-2018 0 3	0	3
Specific Alert Hi, I would like to Know if it is possible ! I want to send an email on the adress mail content on my log . For exa... by geantver0000 Engager in Splunk Search 03-15-2018 0 1	0	1
Sorting Multi value Field Hi , I have to sort 2 multivalue fields and need to compare. Please provide me some example. Thanks Sathish R by rsathish47 Contributor in Splunk Search 03-15-2018 0 2	0	2
sort on second field of mvzipped field Hi, I have a multivalue field with the name of user and the monthly expenses and another column of time. e.g: column... by splunkdivya Explorer in Splunk Search 03-15-2018 0 3	0	3
How to Black out my splunk alert for particular period ? How to Black out my splunk alert for particular period? There are two different scenarios firest alert: 1)16:30 ET ... by karthi2809 Builder in Splunk Search 03-15-2018 0 5	0	5
Average of the total count Hello all, How can I get the average of the output as below? Calculation is 40 + 20 + 50 / 3 = 36.6 REQUEST ... by krusovice Path Finder in Splunk Search 03-15-2018 0 5	0	5
How to remove "Other" option from Time Range Picker I have "Other" as a drop-down option in my Time Range Picker. I have separate times.conf file for my application in ... by tkadale Path Finder in Splunk Search 03-15-2018 2 5	2	5
How to match two lookups in Splunk? I have fields ComponentName, CNC in lookup A and fields ComponentName, ENDPOINT in lookup B. The output should have f... by joachimroshan New Member in Splunk Search 03-14-2018 0 2	0	2
Group my data per week Hi All, I am currently having trouble in grouping my data per week. My search is currently configured to be in a rel... by NicoloPunzalan2 Engager in Splunk Search 03-14-2018 0 2	0	2
Read data between in log file based on date Hi, I have a log file and want to read everyday data only. File Format is like sometextsometext Friday, March 9, 2... by axs21 New Member in Splunk Search 03-14-2018 0 6	0	6
Query doesn't work under CURL call (but is fine under user interface) Hi; I have a query that ends as follows \| stats count(eval(HttpStatus LIKE "2__")) AS success count(eval(HttpStatus... by h0riz0nhk New Member in Splunk Search 03-14-2018 0 4	0	4
Removing the "not found" results from a pie chart in csv format Hello All, I have csv data like this ip address, Ports Open 192.168.1.1, 80 192.168.1.2, 81 192.168.1.3, none 192... by anirudhduggal Engager in Splunk Search 03-14-2018 0 5	0	5
combine 2 queries and subtract the results I have the below queries, would like to run together and subtract the count results. Any help appreciated. \|host=S... by bgleich New Member in Splunk Search 03-14-2018 0 3	0	3
Count number of field value per source and show as table I have a field named "router" that has multiple values and have three sources. I would like to count the router value... by christopheryu Communicator in Splunk Search 03-14-2018 0 5	0	5
Search for Error only in the latest log file coming from different hosts My original search Query returns results- index="ver_logs" "ERORR detected" \| rex field=source "VerLogs\\\(?.*?)\_... by nmohammed Builder in Splunk Search 03-14-2018 0 11	0	11
How to extract fields from xml in a lookup table? I have a lookup table where one of the field columns is xml format. I'm trying to extract fields from the xml entries... by matstap Communicator in Splunk Search 03-14-2018 0 4	0	4
How to search Events on Hosts in Inputlookup File? I have a CSV that I've created via ldapsearch, that contains a single column with 'cn' and then a list of servers. I... by Kendo213 Communicator in Splunk Search 03-14-2018 0 10	0	10
Error in Eval in Search Command. Please help. \| makeresults \| eval ipaddress=192.168.1.1 \| lookup AM ipaddress OUTPUT hostname \| table ipaddress,hostname This wor... by ReachDataScient Explorer in Splunk Search 03-14-2018 0 7	0	7
Correlation Events and Discard Events Hello, I need your help to correlation some transactions by a number of reference and responses Input and Output bu... by Carolina Engager in Splunk Search 03-14-2018 0 1	0	1
Remove the query string from a Url field Need to exclude the query parameters from a URL field. For e.g. the field contains http://www.google.com/india?searc... by gassershaun Engager in Splunk Search 03-14-2018 0 4	0	4
Why isn't my query working after adding timechart? Greetings All - I have a query that gives me the data I need. However when I tried to add a timechart function to b... by ZigZaggin Explorer in Splunk Search 03-14-2018 0 18	0	18
How to find users that had only errors for certain event? We have log entries in format like this: LogLevel=info username=some1 eventID=update So in case of error the LogL... by dsnytkine Engager in Splunk Search 03-14-2018 0 7	0	7
latest date Hello , So my question today is: for my earliest time i have "-1w@w1",so my research start from the last monday.The ... by taha13 Explorer in Splunk Search 03-14-2018 0 7	0	7