Splunk Search

Community Activity

Search to display the first instance of a particular field I have a search which extracts some values into a table including the date. For one of the fields, e.g. src_ip, I wan... by jsc7 New Member in Splunk Search 01-27-2018 0 1	0	1
Head scratcher regex Hi I have the below data and need to extract three things, 2 of which are pretty easy (method (GET or POST) and resp... by dbcase Motivator in Splunk Search 01-26-2018 0 5	0	5
How to create a transaction that startswith=(something!="(null)") endswith=(something="(null)") My goal is to create a transaction that ends with customerId being "(null)" and starts with customerId being somethin... by ib_321 New Member in Splunk Search 01-26-2018 0 6	0	6
How to filter out IPs from being indexed? I am not good at regex, so I need help filtering some IPs from being indexed. raw event looks like this: 192.168.18... by mcbradford Contributor in Splunk Search 01-26-2018 0 3	0	3
How to extract events from multi-level json? Please believe me  that I have searched for an answer until my index finger bled (pun intended, but seriously...I ha... by mgallacher Engager in Splunk Search 01-26-2018 0 1	0	1
How to get different results for strptime on different laptops? I've to run a count difference for a query over a period of time. For example. I need the difference of counts for my... by skomaravelli Engager in Splunk Search 01-26-2018 0 0	0	0
How do I use a lookup table to resolve ips to their hosts, when some ip's have hosts and some don't, but I want to show both? I am trying to make a pie chart with a breakdown of ip's that have been resolved to their hosts, if they have one, or... by ResurgoSplunkKn New Member in Splunk Search 01-26-2018 0 8	0	8
Need help with TIME_PREFIX Given a representative sample of my logs: Jan 25 14:19:20 1.1.1.1 64: Jan 25 22:19:19.281: %LINK-3-UPDOWN: xxxxxxxxx... by reswob4 Builder in Splunk Search 01-26-2018 0 6	0	6
Differentiate between environments in a search I am building our new dashboards and alerts in our Acceptance environment, later we will move the whole app to Produc... by Bob_Bard Explorer in Splunk Search 01-26-2018 0 8	0	8
How can I order events based on how they appear in a file? I have an XML file which is in this format: <?xml version="1.0"?> <EvaluateMethods xmlns:xsi="http://www.w3.org/2001... by mawomommoh Path Finder in Splunk Search 01-26-2018 0 5	0	5
What is the scope of the FILLNULL command? A co-worker has a macro that generates a new field TIME by first testing if the field value is null then converts the... by RickCurry Explorer in Splunk Search 01-26-2018 0 7	0	7
Does frozenTimePeriodInSecs work in [default]? I have a local indexes.conf file on all my indexers: [default] frozenTimePeriodInSecs = 63072000 # 2 yr... by wsanderstii Path Finder in Splunk Search 01-26-2018 1 3	1	3
Can you add a search peer with expired license? I am running in to some problems adding search peers and have a question. Does the free version of Splunk with an ex... by mhouse3 Path Finder in Splunk Search 01-26-2018 0 1	0	1
How to extract the profile from the log? INFO Decrypted user token received as header: {"phoneNumber":"888888888","firstName":"Alan ","lastName":"Mmm","emai... by yograjpatel New Member in Splunk Search 01-26-2018 0 9	0	9
Difference between the time mentioned in the splunk query and time range picker? which time does my query pulls the results? I have a query as follows _index_earliest="01/20/2018:00:00:00" _index_latest="01/21/2018:00:00:00" index="ABC"....... by pavanae Builder in Splunk Search 01-26-2018 0 1	0	1
How to get the stats in multiline for each event? Hello all, I've been trying to get some stats from JSON data that I've been receiving in Splunk. See: I think I'm ... by marina_rovira Contributor in Splunk Search 01-26-2018 0 14	0	14
How to negate Join Command Hi, I have two sets of records, let's call them V1 and V2. They both share a common field called ITEM. I basically ... by mahbs Path Finder in Splunk Search 01-26-2018 0 6	0	6
How to collect Windows event logs and field extractions without using a universal forwarder? In my situation, installing a universal forwarder is NOT an option for the remote Windows machine. I am using snare ... by hopnscotch Path Finder in Splunk Search 01-26-2018 0 5	0	5
About using "bin" command with "dedup" command Each events were outputed to sample1.csv and sample2.csv at same one-minute intervals. However, when we performed th... by yutaka1005 Builder in Splunk Search 01-25-2018 0 7	0	7
How to use streamstats to display the last current result? Hi all, I am trying to use streamstats to display an event for a particular user, their current Payment Number for ... by desslerlee Explorer in Splunk Search 01-25-2018 1 3	1	3
search with joins and append takes too long Goal is to determine, from specific vulnerabilities found in scans, the percentage that have been ‘fixed’, meaning th... by claatu Explorer in Splunk Search 01-25-2018 0 10	0	10
Index time field extraction for XML data? We have a use case where index time extractions for XML data makes a lot of sense yet I do not see an easy way go mak... by ebaileytu Communicator in Splunk Search 01-25-2018 0 5	0	5
Why are my json fields extracted twice? I have json events like : { A:"1",B:"2",C:"3"} with a sourcetype named json_app When I search the fields, I get 2... by yannK Splunk Employee in Splunk Search 01-25-2018 5 5	5	5
How can I get the subsearch to return a complete set of results? Hi everybody. I've been having this problem with a search in splunk for quite some time. I have two queries that wor... by patriciof1 New Member in Splunk Search 01-25-2018 0 1	0	1
How can I count only users who exceeded a specific number of visits to web pages? I want to find users who visited more than 1,000 urls in a month and the field name is cs_uri. I tried this: source... by rickettw New Member in Splunk Search 01-25-2018 0 9	0	9