Splunk Search

Community Activity

How can I extract the 3 different certificate errors below into a single field within a Splunk query as part of a saved search? Hi, I need to extract the 3 different certificate errors below into a single field called CertErrors within a Splunk... by jacqu3sy Path Finder in Splunk Search 02-05-2018 0 2	0	2
rex mode sed remove beginning of a string I have a user field that contains first domain and then followed by user name: Domain\user.name I want to remove the ... by ecanmaster Explorer in Splunk Search 02-05-2018 0 2	0	2
Compute last two columns with dynamic table So I have a table that looks like this. What I want is to another column based on the last two column of my table wit... by michaelrosello Path Finder in Splunk Search 02-05-2018 0 3	0	3
Can you add Sparkline instead of a value in tables? Hi, I'm wondering if it is possible to add a sparkline instead of a value into a table? I am using the this query: ... by dersa Path Finder in Splunk Search 02-04-2018 0 1	0	1
Why is the date format changing in the pdf from YYYY-MM to YYYY (splunk v6.5.0) in scheduled PDF? I have a number of tables in a Splunk report that looks like this: _time Count 1 2018-01 3815 But when I want ... by HattrickNZ Motivator in Splunk Search 02-04-2018 0 6	0	6
How to get a regex setup to tell me whether a session was decrypted or not based on the proxy Palo Alto Decryption flag? Hi all; so we are decrypting traffic via Palo Alto, but we aren't using the PA app for Splunk. What I'm trying to fi... by coloradoark New Member in Splunk Search 02-04-2018 0 2	0	2
How do I ignore part of an event? 16:02:33.5336 Info {"message":"ddfsd Transfer execution ended","level":"Information","logType":"Default","timeStamp":... by wilhelmF Path Finder in Splunk Search 02-04-2018 0 3	0	3
How does Splunk handle lookups when accelerating a data model? Hi, in general terms I have a data model that is accelerated and that has a field that comes from a lookup. This loo... by gschr Path Finder in Splunk Search 02-04-2018 0 1	0	1
How to extract month from a date field and sort by this without using the _time timestamp? Hi all, I'm a bit new to Splunk - I'm trying to sort some data by month, but I'm running into some roadblocks doing s... by atammana_splunk Splunk Employee in Splunk Search 02-03-2018 0 6	0	6
simple moving average with two variables hi , i had the following data which is collected daily price of 50 itesms i.e. TIMESTAMP, CLOSE and SYMBOL ( eg. ... by himpor Engager in Splunk Search 02-03-2018 0 2	0	2
How can I calculate the date difference by two timestamp? Hi all, I want to calculate the difference between dates within two different dates, my search is as below: code 1:... by sakuraWu1 New Member in Splunk Search 02-03-2018 0 1	0	1
,Stats count result naming I have a number of saved searches - and I am appending all the counts to form a total which works fine \|savedsearch ... by TCK101 New Member in Splunk Search 02-03-2018 0 5	0	5
Every Week Stats required for the eval % output. We're having a trouble to get the evaluating stats for each week. Could anyone please help us on this.. query: ind... by phanisravan18 New Member in Splunk Search 02-02-2018 0 5	0	5
What is the meaning of the Splunk Audit.log fields? Hello, I am interested in finding the meaning of the following fields? (1) event_count (2) result_count (3) availabl... by arpit_arora Explorer in Splunk Search 02-02-2018 0 1	0	1
What are the minimum set of capabilities to log in to Splunk and search an index? I want to create a standalone user role to access a single index for search only. I do not want to inherit any exist... by the_wolverine Champion in Splunk Search 02-02-2018 1 4	1	4
Counts in stats command not working the way I expected Hi, I have this query. It "works" (well mostly). What I'm confused about is the resulting stat table index=wholes... by dbcase Motivator in Splunk Search 02-02-2018 0 2	0	2
Table command losing field names in non-Verbose searches Hi, One of my users reported a bit of an odd issue that spontaneously developed recently. He's got a very long and ... by howyagoin Contributor in Splunk Search 02-02-2018 0 4	0	4
How can we check the number of searches ran by user? How can we check the number of searches ran by user? We tried installing Search Activity app but a majority of the u... by abhijit_mhatre Path Finder in Splunk Search 02-02-2018 0 1	0	1
extracting latitude and longitude for countries from csv lookup Hi, I have a csv lookup with country names mentioned already. How can I extract & table the longitude and latitude ... by aartivig289 Engager in Splunk Search 02-02-2018 0 2	0	2
How can we exclude rows which are present in another table/lookup ? Hi, I am using one search query to extract list of data and I want to exclude those rows which are present in one ... by AKG1_old1 Builder in Splunk Search 02-02-2018 0 6	0	6
Group results by similar name into one The name for Windows 7 Enterprise is spelt incorrectly for 6 machines as "Entreprise" and I need to group both these ... by davidcraven02 Communicator in Splunk Search 02-02-2018 0 10	0	10
How can I perform a field extraction and display it as a table that contains all the values from my search? Hi Team, Please find the below log sample. I want to extract from the line "program" till the end and display as a t... by senthamilselvan Engager in Splunk Search 02-02-2018 0 3	0	3
Sort Date in header I don't know what's wrong with my code. I cannot sort the date using sort. Below is my code. I need to sort it by Da... by katrinamara Path Finder in Splunk Search 02-02-2018 0 6	0	6
reset zoom button hide when click on other chart Hi, If we zoom in on any chart and we click reset zoom button and without making it neutral i.e setting the graph to ... by splunk_ankman Explorer in Splunk Search 02-02-2018 0 2	0	2
How Can I Separate Events Using Search Query? Hi All, Good Day, I've indexed an event from scripted input but the events are not breaking every line, example logs... by dantimola Communicator in Splunk Search 02-02-2018 0 8	0	8