Splunk Search

Community Activity

Is there a way to make use of a list of IP addresses for servers which have sensitive information in a Splunk search? Our campus is putting together a database of systems with sensitive or restricted information on them. I'd like to ex... by wrangler2x Motivator in Splunk Search 03-09-2018 0 10	0	10
Search not returning results from lookup table Hi all, Been racking my brain trying to create this search and I can't seem to get it working, so I was hoping you a... by celestekiyoko Explorer in Splunk Search 03-09-2018 0 3	0	3
Wildcard search not producing accurate results Hi I am running a wild card search as i am using an input window (with the default value as a wildcard search that w... by colinmchugo Explorer in Splunk Search 03-09-2018 0 3	0	3
How to move an index to another app? In the Settings->Indexes screen I found one of my indexes is listed as being part of a different app than the one I'm... by richgalloway SplunkTrust in Splunk Search 03-09-2018 1 7	1	7
Signaling a problem with a Splunk Web page (I know this isn't a question, but since the contact page only leads to Sales or to phone numbers, I'm using this pla... by DUThibault Contributor in Splunk Search 03-09-2018 0 2	0	2
Field Extraction If the event has field names and values both separated by pipe, how to do field extraction. Field1\|Value1\|Field2\|Val... by ReachDataScient Explorer in Splunk Search 03-09-2018 0 1	0	1
Can you pipe the output of a transaction command into a rex command? I want to pipe the output of a transaction command into a rex command to parse something out of the result. Is this p... by jbrenner Path Finder in Splunk Search 03-09-2018 0 3	0	3
Multiple Searches with BRO LOGS - Trying to correlate certificate data. In BRO 2.5.X there are about 3 or 4 log files that have SSL Certificate information: x509.log, ssl.log, conn.log an... by baegoon Explorer in Splunk Search 03-09-2018 0 0	0	0
How to run two searches and table the results? Good afternoon Guys, Second question in as many days, but this one is puzzling me and my tiny useless uneducated br... by Barty Explorer in Splunk Search 03-09-2018 0 5	0	5
tstats in macro without pipe Hello, is it normal that tstats must be without pipe \| to run in a macro? The macro is scheduled. Thanks. by splunkreal Influencer in Splunk Search 03-09-2018 0 1	0	1
How can we only see results when they are NOT found? I have a large CSV lookup table operational and working well but would like to run a search on my data that only show... by jtitus3 Explorer in Splunk Search 03-09-2018 0 2	0	2
Subsearch in eval not working I'm trying to get the eval value in subsearch and use it for further searching in the query. I guess there is issue w... by k_harini Communicator in Splunk Search 03-09-2018 0 4	0	4
Increasing the number of ad-hoc searches for the user Is it possible to increase the number of concurrent ad-hoc searches for the user, without increasing the number of sc... by kiril123 Path Finder in Splunk Search 03-09-2018 0 2	0	2
Finding the minimum and maximum value Hi All, I have 3 files in one index, Cycle 10.csv, Cycle 11.csv, and Cycle 12.csv. All of the 3 files have a "Cycl... by jvmerilla Path Finder in Splunk Search 03-09-2018 0 1	0	1
Can you display a long list using multiple columns to fit more data on the screen I have a table that has 2 narrow columns. Is there a way to get splunk to display the output in multiple columns of t... by a238574 Path Finder in Splunk Search 03-09-2018 0 1	0	1
how do I know if a search head restart did make my results incomplete? My admin team frequently needs restart our search heads while I have a long running query still running. When this h... by MonkeyK Builder in Splunk Search 03-09-2018 0 4	0	4
Transaction missing fields I have a search defining a Transaction across (2) different log files. The problem is that some fields (not all) are ... by ericrobinson Path Finder in Splunk Search 03-09-2018 1 4	1	4
Why does the map command return no results? Hi everyone, I have a use case where I need to iterate over multiple query strings and execute each of them, so I th... by bojanisch Path Finder in Splunk Search 03-09-2018 0 2	0	2
How to change the position of splunk loginform? HI! Could you help me changing the position of the splunk loginform in the top right corner of the splunk login page... by johnraven Explorer in Splunk Search 03-09-2018 0 4	0	4
Put the time a the top of a timechart Hello, How can I have a table like the picture with the time a the top, the type on the right side and a count by dat... by Alaza Explorer in Splunk Search 03-09-2018 0 5	0	5
how can I save rex to IFX? I am using rex to split an existing field,can I use the same rex in IFX ? \| rex field="External ID" "(?.*)_" I want... by vrmandadi Builder in Splunk Search 03-08-2018 0 18	0	18
Events from 2008 r2 fileshare to splunk hi All, i have a 2008 r2 server that is a file share, i have setup a universal forwarder to send logs to splunk. Tha... by Jamesfirth New Member in Splunk Search 03-08-2018 0 4	0	4
How can I run searches against the Splunk API? I want to run searches against the Splunk API. How can I do this? by Simeon Splunk Employee in Splunk Search 03-08-2018 4 7	4	7
Formatting output in table Hi all, I've a request to come out with a table with information as below. My query so far is to extract the requir... by krusovice Path Finder in Splunk Search 03-08-2018 0 3	0	3
How do I subtract two fields containing %m%d%y format time values to get the age of an event? I'm trying to create a new field that is the result of the Current Date minus the time stamp when my events were crea... by johnward4 Communicator in Splunk Search 03-08-2018 0 8	0	8