Splunk Search

Community Activity

Can i input a list of ServiceNames from the a file and then get the status of those services from the data in splunk servers ? I have a list of services. I want to create a kind of a health check report for all the services. The problem is I a... by varun99 Path Finder in Splunk Search 02-15-2018 0 1	0	1
Why the renamed values doesn't show on the pie chart? Hi Guys, I am creating a pie chart with the below query. I renamed and replaced the column and field values. The dat... by auaave Communicator in Splunk Search 02-15-2018 0 4	0	4
How can I get a count of entries where one value is 0 or greater than 0? I have a Splunk Query that is returning data, similar to: ComputerName NumVulns Computer1 10 Computer... by BearMormont Path Finder in Splunk Search 02-15-2018 0 3	0	3
What is the difference between System and Search within indexes? Name Actions App Current Size ... by shawno New Member in Splunk Search 02-15-2018 0 1	0	1
Count of users Hi, We have some events in which two fields appname and UserID are listed. Which shows in each event that which user... by macadminrohit Contributor in Splunk Search 02-15-2018 0 6	0	6
How to compare results and assign values from Lookup? Hello everyone, Splunk beginner here!! Just trying to do something simple. I have a list of students being obtained ... by dhawanvarun Explorer in Splunk Search 02-15-2018 1 8	1	8
Timechart minimum values Hi, I have this data this is retrieved once per hour (more or less on the hour) for the past 7 days. readyArmed,323... by dbcase Motivator in Splunk Search 02-15-2018 0 10	0	10
Why is the table in dashboard reporting "No results found" when there are in fact results found? We have a table in a dashboard that shows "No results found." when in fact there are results for the search based on ... by simpkins1958 Contributor in Splunk Search 02-15-2018 0 6	0	6
dbxquery eval _time as column Hi all, I am trying to set the values in column insertepoch in a mysql database to be the new _time index in splunk... by zhatsispgx Path Finder in Splunk Search 02-15-2018 0 3	0	3
How to table a KV output? Hi Team, I used the below query to extract the log file. index="test" sourcetype="todayline" \| kv pairdelim="\r\n" ... by senthamilselvan Engager in Splunk Search 02-15-2018 0 2	0	2
How can I eval a new field using only partial values from existing field? Apologies if my question's title is non-descriptive. I am working through extracting an 'action' field from an existi... by SMWickman Explorer in Splunk Search 02-15-2018 0 2	0	2
How can my search query show all duplicated events by field? I'm trying to search data from our Infoblox switch port capacity source, and there are many interfaces that have an i... by EricG1793 Engager in Splunk Search 02-15-2018 0 8	0	8
How to create a search which shows machines being mined as opposed to staff visiting sites with the word "CoinHive" in them and how to get events which are actually effecting users? Good Morning Out of interest I wondered if anyone had a Splunk Search, which clearly showed machines being mined as ... by DDewarSplunk New Member in Splunk Search 02-15-2018 0 1	0	1
How can I do field extraction on a security log using regex? I need a little guidance on rex field extraction on the following "redacted" security log. Unfortunately, I don't ha... by Log_wrangler Builder in Splunk Search 02-15-2018 0 6	0	6
How to subtract two time fields? How would I go about subtracting EndTime from BeginTime? by cotyp Path Finder in Splunk Search 02-15-2018 0 9	0	9
Creating a custom date field Hi, Is there a way to create a custom date field in Splunk? Sow lets say I have multiple events, all of these event... by ebruozys Path Finder in Splunk Search 02-14-2018 0 3	0	3
How to use subsearch inside a map command search? I have a query that uses map and subsearch inside map command as below: index=myindex \| eval email="email@xyz.com" \|... by rajim Path Finder in Splunk Search 02-14-2018 0 7	0	7
How to extract a string with length, based on the value of another field? These are some sample of my logs : "07PRIVATE" or "06SAMPLE" OR "08EXAMPLES" The first two digits are the length of ... by Naren26 Path Finder in Splunk Search 02-14-2018 0 14	0	14
How to query where I can display x and y values as the top value? I have a tag which has four values i.e. a,b,x,y. But I want to display only the x and y values as the top value. I tr... by abhi04 Communicator in Splunk Search 02-14-2018 0 6	0	6
Function similar to grep I want Splunk to do the following actions. Is such a possibility possible? grep -5 "error"test.txt by oda Communicator in Splunk Search 02-14-2018 0 2	0	2
How can I use Regex to extract Windows SMB Logs? Hi Splunkers I need to extract this log below each SMB Path to make a count: LOG Example: Here are the SMB shares... by kleber_silva Engager in Splunk Search 02-14-2018 0 3	0	3
How to group different values and count the number of transactions? Hi guys, I have 2 data sources (source 1 and source 2) with different locations and transactions. How can I group th... by auaave Communicator in Splunk Search 02-14-2018 0 2	0	2
Search with like / only when more than one value Hi, I have troubles with a search. I want results ONLY when my "disconnected=" has a value besides blov6 berg Unfilt... by banzen Engager in Splunk Search 02-14-2018 0 1	0	1
Random line breaks everything earliest=-30d index=nessus OR index=nessus_workstation severity_id!=0 severity_id!=1 \| lookup nessusLookup.csv signa... by LoganRhamy New Member in Splunk Search 02-14-2018 0 8	0	8
Why is drilldown from a table into another table based on the click value, does not carry the value over from the previous table? Good morning I am trying to drilldown from a table into another table based on the click value. The new form does op... by AbelCruz Path Finder in Splunk Search 02-14-2018 0 18	0	18