Splunk Search

Community Activity

Extract in Props.conf I am trying to extract a field from cisco:asa events in my props.conf. Here is the event: Jan 23 11:04:57 taaaaaaa %... by pfabrizi Path Finder in Splunk Search 01-23-2018 0 1	0	1
Show items which appear in clusters I have a log file of the following sort: vendor productId clusterId A 1 1 B 2 1 A ... by viggor Path Finder in Splunk Search 01-23-2018 0 4	0	4
Getting averages from 2 columns Hi, I have a query that looks like this index=wholesale_app counter buildTarget=* product=* Properties.index=0 buil... by dbcase Motivator in Splunk Search 01-23-2018 0 2	0	2
Cannot find log messages for -1d@d but -7d@d works I have a Splunk alert that has been sending false emails. The alert is sent when a string is absent from the applicat... by baoctac New Member in Splunk Search 01-23-2018 0 11	0	11
Where does a lookup table need to be in a distributed search environment? All, I'm having an issue where one of my indexers is complaining about a lookup table that I have setup on my search... by bruceclarke Contributor in Splunk Search 01-23-2018 0 9	0	9
How to combine two sources using common field. Hi everyone, I just start using splunk and hit a road block. Using two sources (Loaninfo and Loanapp), my end goal ... by rfernandez2010 New Member in Splunk Search 01-23-2018 0 11	0	11
How can we detect the heaviest search users during peak usage time? Our indexers were under heavy load today and some crushed. Most likely it’s due to extensive search activity. Is ther... by ddrillic Ultra Champion in Splunk Search 01-23-2018 0 6	0	6
SPL search pattern efficiency: join vs eventstats We have a Splunk app that was developed in-house to track indicators that are submitted to a blocklist. Here's a simp... by elliotproebstel Champion in Splunk Search 01-23-2018 0 1	0	1
RDP Session Daisy Chain Hello, I am trying to form a script that will parse information to detect RDP sessions that are Daisy Chained over ... by srakiec New Member in Splunk Search 01-23-2018 0 1	0	1
Trying to get the domain from multiple email recipients using rex sourcetype=mysource \| rex field=shared_with "(?P[A-Za-z0-9]+.[a-zA-Z]+)$" emails going to several different recipien... by Dallastek Explorer in Splunk Search 01-23-2018 0 7	0	7
How to add new field in existing index I have a index that have 2 fields only index="TRIAL_INDEX" fields: sample1, sample2 And i will make a new f... by jadengoho Builder in Splunk Search 01-23-2018 0 5	0	5
addtotals to calculate percentage I am trying to calculate what percentage of Operating Systems have windows 10 installed out of the total number which... by davidcraven02 Communicator in Splunk Search 01-23-2018 1 11	1	11
How to decrease the count for everr search that is true I'm trying to remove duplicates log from the search result every time the page is refreshed. eg index=main "Entered ... by santohang New Member in Splunk Search 01-23-2018 0 3	0	3
Set values to 0 when there are no search results Hi, on Splunk Enterprise 6.6.5 I have the following problem: I am using 3 saved searches in one dashboard via append... by mborn New Member in Splunk Search 01-23-2018 0 3	0	3
CSV files generated from Outputlookupand Outputcsv cant be re-used as input. I used a search query to get a value. source="nfr-output_300_1.csv" host="IHTNW754752GG-L" index="main" sourcetype=... by harishy100 New Member in Splunk Search 01-22-2018 0 1	0	1
How to combine 2 csv files and perform multiple eval operations on it and produce a graph? I have 2 CSV files. Each CSV file has 2 fields "Start_Time" and "End_Time" 1. I need to find the "total time" taken i... by harishy100 New Member in Splunk Search 01-22-2018 0 1	0	1
stats count for multiple columns in query Hello All, I have query which is returning below result sets in table :Field1, Field2, Field3 are headers and ... by bawan New Member in Splunk Search 01-22-2018 0 7	0	7
How can I use lookup? How can I do this in splunk? by harishyhrk New Member in Splunk Search 01-22-2018 0 2	0	2
How to edit my subsearch to keep a variable to add to the end results? I am running 2 searches from 2 different source types. Search 1 Search for sidewinder traffic that went through att... by john_glasscock Path Finder in Splunk Search 01-22-2018 0 1	0	1
Is there an easy way to update a record in KV Store from the results of a Splunk search instead of bulk reloading a lookup table? It seems using KV store from migrating from lookups seems to be very easy. Just outputlookup to a KV store stanza. ... by clyde772 Communicator in Splunk Search 01-22-2018 1 5	1	5
lookup Compare value for 2 different Columns This is my search - \| metadata type=hosts \| table host \| lookup Device.csv Hostname as host OUTPUT Status \| where ... by raomu Explorer in Splunk Search 01-22-2018 0 2	0	2
Multiple expressions in single search I'm trying to combine multiple rex expressions in a single search, but I'm having issues with my syntax. More specif... by stlimanika New Member in Splunk Search 01-22-2018 0 5	0	5
Sub-search doesn't work in some apps/dashboards but works in others and as a separate search Been wrestling with this issue for a while now... I have a search like the below (sensitive information redacted). Th... by michael_sleep Communicator in Splunk Search 01-22-2018 0 1	0	1
Pair-wise Comparison Across Values of Different Fields Splunk newbie here. What I'm trying to do is a pair-wise comparison across all of the values of two different fields,... by ikiril01 Engager in Splunk Search 01-22-2018 0 1	0	1
Ingore last result in timechart Hello i have a search query with timechart function but i don't want to display last bucket because it shows not comp... by Ponczi1 Explorer in Splunk Search 01-22-2018 0 3	0	3