Splunk Search

Community Activity

Is there a way to query whois by ip Hi, Is there any existing way to query whois by ip address? The domain tools app is great, but it looks like it onl... by a212830 Champion in Splunk Search 03-01-2018 0 1	0	1
How to calculate a linear regression for each field and predict the next possible number in my search query? Suppose I have this data (but in thousands, is just an example): ID class qty 1 cup 5 2 cup 6 3 cup 2 4 cup 7 5 mug ... by saenito New Member in Splunk Search 03-01-2018 0 6	0	6
How to write lookup csv file? Hi Splunk Experts, I am preparing one POC , here what I want . I have data in splunk like (empId,name,deparment) . ... by vikas_gopal Builder in Splunk Search 03-01-2018 0 1	0	1
Different results between specific date and the whole month I'm getting different results in some Nessus searches. The scans are done every 2 weeks. If I search in splunk in the... by ivan128 Explorer in Splunk Search 03-01-2018 0 2	0	2
How to ignore splunk field naming convention during extraction? Hi, In case I have a key-value format and the name of the key starting with __ or every other invalid characters, Ho... by shayhibah Path Finder in Splunk Search 03-01-2018 0 2	0	2
Regex in Whitelist, in inputs.conf regex help I'm trying to monitor log files within my application for the error & fatal logs, which can look like web-error.log ... by aa70627 Communicator in Splunk Search 03-01-2018 0 4	0	4
Workflow action contains other $variables$, how do I escape them? I am trying to make a workflow action to look up IP addresses and hostnames in Active Directory. Here's what I have ... by ktwombley Explorer in Splunk Search 03-01-2018 1 2	1	2
search of 2 words in a field not in particular order I have a field called Manager Name which come is some files managerforename,managersurname and in some managersurname... by surekhasplunk Communicator in Splunk Search 03-01-2018 0 4	0	4
Dynamic field name extration Here is the data : "app": "https", "purpose": "bypass", "direction": "outbound", "int64gapps": "0" }, { "app": "htt... by ninisimonishvil Path Finder in Splunk Search 03-01-2018 0 2	0	2
What is the regex needed to extract the field "FileImported" field format? I have the following Field named FileImported that is formatted the following way: text_text_NEEDED EXTRACTION_text ... by griffinpair Path Finder in Splunk Search 02-28-2018 0 3	0	3
How to search for events that doesn't contain "-" in the url request Hi i want to retrieve events that does not have "-" in the request url. index=con_jira [\| gentimes start=-1 \| eval s... by jkirankumar1993 New Member in Splunk Search 02-28-2018 0 2	0	2
Any suggestion about how to make alert faster which has huge size lookup. Hi I have an alert to search proxy logs. And this alert creates its results to match 3 million Proxy logs and looku... by Shuhei052492 Path Finder in Splunk Search 02-28-2018 0 4	0	4
Get user's search history Is there a way to get the user search activity excluding the searches given the dashboards Thanks N by nawazns5038 Builder in Splunk Search 02-28-2018 0 3	0	3
What regex will be needed to remove the double quotes and leave single quotes in place? This populates from a dropdown menu \| search "Application"=""T zone 10.2" OR "Application"="Nitro Run 10.1" OR "Appl... by JoshuaJohn Contributor in Splunk Search 02-28-2018 0 3	0	3
How to add spaces in between my big splunk query? I always wonder how can I break my big splunk query on the dashboard to multiple parts like by providing spaces in be... by pavanae Builder in Splunk Search 02-28-2018 0 2	0	2
How to use mvindex to display second field if present, but show first field if not present? I am looking into login logs from different Event IDs. Some events have two fields for Account_Name, while other eve... by chanthongphiob Path Finder in Splunk Search 02-28-2018 0 1	0	1
How can I manage relative time values passed from a time input and convert to epoch time? Hello, I would like to convert all possible values set in a time input to epoch time format. This means that it sho... by andrewtrobec Motivator in Splunk Search 02-28-2018 0 3	0	3
Can't use a filed for timestamp Hello, I have importing a CSV file with the field2 for the timestamp. It's working. After that I need to create a ti... by Alaza Explorer in Splunk Search 02-28-2018 0 5	0	5
How can I change delimiter on outputcsv ? I want to know how can I change the delimiter on a result file generate by outputcsv commands ? I want to use ";" as ... by macewindum Engager in Splunk Search 02-28-2018 2 5	2	5
How to check if record exists in another index? I have two tables containing ticket numbers: table 1 TicketNumber 1 2 3 table 2 TicketNumber 2 3 ... by michaelrosello Path Finder in Splunk Search 02-28-2018 0 1	0	1
How to configure level of details splunk stream provides from pcaps? Hello, Can anyone help to clarify if it is possible to configure/enhance a level of details splunk stream provides f... by AlesFrohlich Explorer in Splunk Search 02-28-2018 0 0	0	0
count duplicates with results in single value with trendline I want to count duplicates of certain fields in my data. I am using this search: ..mysearch...\| chart count(O_D) as ... by Mike6960 Path Finder in Splunk Search 02-28-2018 0 5	0	5
how to include only office hours in splunk query search? This is my query and its working fine. I want to modify this query to display only official hours data. Example: sear... by guru89044 Explorer in Splunk Search 02-28-2018 0 5	0	5
Alert on any value in any column which exceeds a threshold? I have list of IPs and a number of requests summarized in statistics tab with a following query: \| datamodel X Y sea... by chalak Path Finder in Splunk Search 02-28-2018 0 6	0	6
double condition on filtering So,it's my first question on the forum, I'm working on a dashoard already done (i'm making chages);the conditions,the... by taha13 Explorer in Splunk Search 02-28-2018 0 0	0	0