Splunk Search

Community Activity

Multiple Regex on a single file name Hello! I'm using splunk to monitor kubernetes pod log files. Which sit on the nodes, the file name is as follows: p... by bellsam New Member in Splunk Search 02-01-2018 0 4	0	4
Why are the data models intrusion and malware only working in the app search? Hi, I'm using Security enterprise but the datamodels intrusion and malware are not working but if I use the app searc... by paola92 Explorer in Splunk Search 02-01-2018 0 1	0	1
Geostats zoom-in on dashboard panel click G'day, So I have a pretty standard geostats search populating a dashboard map index="locations" (incident_type_1="F... by BenThwaites Explorer in Splunk Search 02-01-2018 1 0	1	0
how do I table common nested json keys that have uncommon parent json keys? I have the following JSON event that I'm indexing in splunk: { "plugins": { "Redirection": { ... by zhatsispgx Path Finder in Splunk Search 02-01-2018 0 0	0	0
How can I combine stats count by host into a single string to be used in an alert actions token? I have a search that looks like index=foo value=bar \| stats count by host Imagine you might get results like host... by burwell SplunkTrust in Splunk Search 02-01-2018 0 2	0	2
Why can I not search in Smart Mode or Verbose Mode in a specific sourcetype? Hi! I am trying to perform a very basic search to bring back results but the search appears to never finish when I q... by matthewssa Path Finder in Splunk Search 02-01-2018 0 2	0	2
Is there a way to remove the min outlier from the graph? I have the following chart: now I can use outliers to remove the max outliers: ... \| outlier action=remove But... by HattrickNZ Motivator in Splunk Search 02-01-2018 0 2	0	2
Why does the query only work in eval and not fieldformat? Hi, I have this query. If I change fieldformat to eval the query works but if it is left as fieldformat the query r... by dbcase Motivator in Splunk Search 02-01-2018 0 3	0	3
Adding 2 searches together sounds easy index=ABC source="ABC" ServiceName=ABC \| stats distinct_count(CorrelationId) as TotalA \| appendcols [search "T... by rob3770 Explorer in Splunk Search 02-01-2018 0 7	0	7
How can I find an IP address that only requested a specific URL? Trying to search web access logs to find instances where a specific IP only called a single URL, and no other URLs. ... by mbeauchamp Engager in Splunk Search 02-01-2018 0 3	0	3
How can I count the number of field values not present? I have a set of field values 101,102,103,104,105 Here are sample log events datetime, val=101 datetime, val=105 dat... by crisjnelson Explorer in Splunk Search 02-01-2018 0 2	0	2
How do I split one event on my Splunk instance into multiple events? I have several indexes in my Splunk Instance. One of these instances is merging some of my log events into a single e... by swinte12 New Member in Splunk Search 02-01-2018 0 2	0	2
Why is my column chart not displaying any data even though it is setup correctly? Here is my search query: index=jenkins* job_name="jenkins-representative-jobs_github_organization/math_utilities/ma... by cdgill Explorer in Splunk Search 02-01-2018 0 8	0	8
How do I return all events whether they're in Lookup table or not? I have the following search: index="foo" EventCode=* \| lookup windows_signatures.csv signature_id AS EventCode OUTPU... by jwalzerpitt Influencer in Splunk Search 02-01-2018 1 3	1	3
How do I have a single Total column without adding it to the stacked chart? I have created a nice stacked timechart that I would like to see the Totals of in the table under the chart. The add... by shargrave Engager in Splunk Search 02-01-2018 0 2	0	2
How to search multiple virtual indexes with Splunk Analytics for Hadoop? Hello, we currently have two virtual indexes with data in them retrieving data from Hadoop Distributed File System. W... by EricLloyd79 Builder in Splunk Search 02-01-2018 0 5	0	5
How can I join 2 tables to create a new table with the given conditions? So this is what I want to do, and I don't know if Splunk can do this. This is the result for Table A Table A hostA... by gts_ame_tfo_cty New Member in Splunk Search 02-01-2018 0 6	0	6
how can i exclude the results of table B from table A ? Here is my query: index="backup_script" conf_brand=ios OR conf_brand=nxos \| rex field=conf_hostname "(?P^[^.]+)" \| ... by gts_ame_tfo_cty New Member in Splunk Search 02-01-2018 0 5	0	5
How to update the lookup table before the scheduled search runs so it gives all lookup entries? I have scheduled search that periodically updates lookup table CSV file every 15 minutes. I updated this lookup with ... by Nam7Splnk Explorer in Splunk Search 02-01-2018 0 1	0	1
help with regex I have the below sample data, and I want to extract everything after the service URL till maxd=60&mind=60 into a new... by vrmandadi Builder in Splunk Search 02-01-2018 0 4	0	4
How to group the data by date and type, so each entry would count as 1, from SQL Datasource? I have a date in my SQL database that I want to group the data by that date and Type. The Year/Month/Week/Day each en... by Bbyers3 New Member in Splunk Search 02-01-2018 0 0	0	0
How to only display the top 3 hits from a values(field) command? I have web logs for my website and am trying to construct a table that shows the top visitors based on country and re... by DEAD_BEEF Builder in Splunk Search 02-01-2018 0 2	0	2
How to get statistics from few rows with the same task id? Hi, I have few rows in 1 log: 2018-01-25 13:49:40,107 INFO [com.wss.service.agent.AgentServlet] (default task-46) ... by niroren New Member in Splunk Search 02-01-2018 0 4	0	4
Merge Lines Query based on ID Hello, I would like to merge 2 lines which an ID is the unique Key. Ex Username Date ID M... by mnorindr Engager in Splunk Search 02-01-2018 1 5	1	5
How do you add dummy events to a search result? I'm currently producing a table from a search. There is some static data that needs to be added which is not in the i... by Marinus Communicator in Splunk Search 02-01-2018 7 7	7	7