Splunk Search

Community Activity

How to use conditional regex in transforms.conf to capture the hostname based on field criteria? Here's a sample Log: Mar 2 09:27:24 Blue_Firewall 1,2018/03/02 09:27:24,00546543517,THREAT,url,1,2018/03/02 09:27:1... by arizviherjavec Explorer in Splunk Search 03-05-2018 0 1	0	1
How to use ldapsearch to pull the members from groups I have list of the domains and groups, how to use ldapsearch to pull the sAMAccountName name and AccountIsDisabled as... by splunkrocks2014 Communicator in Splunk Search 03-05-2018 0 1	0	1
change search based on the event's field's value Hi, I have a very big data set, and I want to return different fields from it, based on a value of another field (2 ... by matansocher Contributor in Splunk Search 03-05-2018 1 4	1	4
round in addcoltotals i use addcoltotals to the sum of colum and get the result 4.51235743409 how do i rounding of the result by vumanhtai Path Finder in Splunk Search 03-05-2018 0 3	0	3
Splunk filter Hi, I would like to create an application on splunk that would allow me to display an array of particular events but... by Hakima Engager in Splunk Search 03-05-2018 0 3	0	3
How to make a rex field extraction permanent for a field extraction from source? Hi Splunkers, I need to extract the name of the computer generating the log from the file name. I found a way to do ... by mlb19 Explorer in Splunk Search 03-05-2018 0 3	0	3
how can i trim until a specific character? Hello, I got a field that has a format and a value like this "S01-3101" and sometimes a value like this "S01-301" i... by ygdrassil Engager in Splunk Search 03-04-2018 0 3	0	3
How to fill null values by a String when using a timechart This is the query is used: index=perfmon* sourcetype=Perfmon:CPU counter="% Processor Time" \| eval status=if(Value!=... by Kirantcs Path Finder in Splunk Search 03-04-2018 1 11	1	11
How to calculate the difference between two timestamps to get the duration of a video call? Hi guys, im a beginner in Splunk and my issue is that I have Cisco logs and I need to find out the conference durat... by murat89 New Member in Splunk Search 03-04-2018 0 5	0	5
Using relative time with where command I'm able to find all the previous day's events by hard coding in date ranges as such: where mytime > "2018-03-01" AN... by orion44 Communicator in Splunk Search 03-04-2018 0 2	0	2
Use Splunk for a Static Value Lookup I have a data store that information is far faster and more reach to get to with Splunk and I am trying to figure out... by JeffBothel Explorer in Splunk Search 03-04-2018 0 1	0	1
Streamstats delta between values on grouped data incorrect I have data that is extracted from log events by multiple neighbor pairs. I would like to extract deltas on an integ... by peiffer Path Finder in Splunk Search 03-03-2018 0 2	0	2
accum command for field I have field called test, what would be out if use assume command command: -- \| accum test as test2 ( It wi... by maheshsat Explorer in Splunk Search 03-03-2018 0 2	0	2
Why are my search heads looking for index _blocksignature after upgrading to 6.3.0? After upgrading my lab to 6.3.0 the search heads are reporting this error when no index is explicitly supplied in the... by dflodstrom Builder in Splunk Search 03-02-2018 2 7	2	7
How to split Data in one column to multiple columns? hi, I had the data in the following format location product price location1 Product1 price... by himpor Engager in Splunk Search 03-02-2018 0 3	0	3
How to set the event time to the time from summary index? Hi. I have a query to generate the events with timestamp, "_time", from the original events and ingested to a summar... by splunkrocks2014 Communicator in Splunk Search 03-02-2018 0 11	0	11
How can I easily search multiple values for one field? I use the following search for proxy logs index=proxy src="10.10.10.10" \| table _time,src, action, dest, status \| ded... by ssgtballard New Member in Splunk Search 03-02-2018 0 1	0	1
Why does the Timechart command with eval result returns empty visualization? Hello, I have the following search that calculates a risk value with eval index=thing sourcetype=thing name=thing ea... by ivan128 Explorer in Splunk Search 03-02-2018 0 8	0	8
How to evaluate if a field is null or not null from JSON structured data? My data is structured into a JSON with a field inside a block that is as follows { "SomeField":"Value", "service... by brajaram Communicator in Splunk Search 03-02-2018 0 2	0	2
Can you add a NOT condition in monitor path (inputs.conf)? I have 3 types of log file names, ones that simply end with .log.2018 (eg: dc1-sms.log.2018), others end with -error.... by ionicabalaurul New Member in Splunk Search 03-02-2018 0 8	0	8
How to search for a range of IP addresses (example: 10.10.10.32 through 10.10.10.96)? Does anyone know the criteria to search for a range of IP address under the following conditions. I want to narrow ... by kmulcahy Engager in Splunk Search 03-02-2018 1 7	1	7
Hello every one, while I am searching on splunk , I am getting the following error. Search process did not exit cleanly, exit_code=255, description="exited with code 255". Please look in search.log for this peer in the Job Inspector for more info. Our environment is having 3 Sh and 4 indexers . I am getting following error very frequently. I followed suggestions... by jsuryaprakash Path Finder in Splunk Search 03-02-2018 0 1	0	1
How to search specific lines in splunk log file? I have 100 lines content log files where I want to show only between 32-80 lines in searching without regex condition... by saibal6 Path Finder in Splunk Search 03-02-2018 0 1	0	1
Table ES Suppressions including start time and end time I'm looking to create a dashboard of existing suppression's, and those that have recently expired or will expire in t... by jacqu3sy Path Finder in Splunk Search 03-02-2018 0 2	0	2
Regex help: Colon space and comma as key-value pair I'm trying to figure out better way of doing regex for a data like below Protocol: TCP, SrcIP: 1.2.3.4, OriginalClie... by koshyk Super Champion in Splunk Search 03-02-2018 0 4	0	4