Splunk Search

Community Activity

What is the scope of the FILLNULL command? A co-worker has a macro that generates a new field TIME by first testing if the field value is null then converts the... by RickCurry Explorer in Splunk Search 01-26-2018 0 7	0	7
Does frozenTimePeriodInSecs work in [default]? I have a local indexes.conf file on all my indexers: [default] frozenTimePeriodInSecs = 63072000 # 2 yr... by wsanderstii Path Finder in Splunk Search 01-26-2018 1 3	1	3
Can you add a search peer with expired license? I am running in to some problems adding search peers and have a question. Does the free version of Splunk with an ex... by mhouse3 Path Finder in Splunk Search 01-26-2018 0 1	0	1
How to extract the profile from the log? INFO Decrypted user token received as header: {"phoneNumber":"888888888","firstName":"Alan ","lastName":"Mmm","emai... by yograjpatel New Member in Splunk Search 01-26-2018 0 9	0	9
Difference between the time mentioned in the splunk query and time range picker? which time does my query pulls the results? I have a query as follows _index_earliest="01/20/2018:00:00:00" _index_latest="01/21/2018:00:00:00" index="ABC"....... by pavanae Builder in Splunk Search 01-26-2018 0 1	0	1
How to get the stats in multiline for each event? Hello all, I've been trying to get some stats from JSON data that I've been receiving in Splunk. See: I think I'm ... by marina_rovira Contributor in Splunk Search 01-26-2018 0 14	0	14
How to negate Join Command Hi, I have two sets of records, let's call them V1 and V2. They both share a common field called ITEM. I basically ... by mahbs Path Finder in Splunk Search 01-26-2018 0 6	0	6
How to collect Windows event logs and field extractions without using a universal forwarder? In my situation, installing a universal forwarder is NOT an option for the remote Windows machine. I am using snare ... by hopnscotch Path Finder in Splunk Search 01-26-2018 0 5	0	5
About using "bin" command with "dedup" command Each events were outputed to sample1.csv and sample2.csv at same one-minute intervals. However, when we performed th... by yutaka1005 Builder in Splunk Search 01-25-2018 0 7	0	7
How to use streamstats to display the last current result? Hi all, I am trying to use streamstats to display an event for a particular user, their current Payment Number for ... by desslerlee Explorer in Splunk Search 01-25-2018 1 3	1	3
search with joins and append takes too long Goal is to determine, from specific vulnerabilities found in scans, the percentage that have been ‘fixed’, meaning th... by claatu Explorer in Splunk Search 01-25-2018 0 10	0	10
Index time field extraction for XML data? We have a use case where index time extractions for XML data makes a lot of sense yet I do not see an easy way go mak... by ebaileytu Communicator in Splunk Search 01-25-2018 0 5	0	5
Why are my json fields extracted twice? I have json events like : { A:"1",B:"2",C:"3"} with a sourcetype named json_app When I search the fields, I get 2... by yannK Splunk Employee in Splunk Search 01-25-2018 5 5	5	5
How can I get the subsearch to return a complete set of results? Hi everybody. I've been having this problem with a search in splunk for quite some time. I have two queries that wor... by patriciof1 New Member in Splunk Search 01-25-2018 0 1	0	1
How can I count only users who exceeded a specific number of visits to web pages? I want to find users who visited more than 1,000 urls in a month and the field name is cs_uri. I tried this: source... by rickettw New Member in Splunk Search 01-25-2018 0 9	0	9
Line break or merge? Hi all, How would I go about merging multiple values on multiple lines so all values are captured? Currenlty, I am ... by rmsit Communicator in Splunk Search 01-25-2018 0 5	0	5
Search Macro Hi All, i kind of already have this working but wondering what else can be done with this?what other approaches i ca... by carlyleadmin Contributor in Splunk Search 01-25-2018 0 5	0	5
comparing values returned by two separate searches with a threshold I have a search which looks for VA scanning activity from firewalls threat logs, I am attempting to have an alert tri... by akhan92394 Explorer in Splunk Search 01-25-2018 0 4	0	4
Searching using timechart is too slow I have a index naming is "IDS" . It's has 4 sourcetypes. The event of the index is very large. an average of 1.3 mil... by xsstest Communicator in Splunk Search 01-25-2018 0 1	0	1
count entries used in two sources I've two sources with a Name-Town-Phone list. Now I like to count the entries mentioned in both sources. For example:... by LH_SPLUNK Explorer in Splunk Search 01-25-2018 0 8	0	8
Lookup could not display field value that is null I have a field called "ipexist" in the dataset that have two values; empty(Which is defaulted as null in Splunk) and ... by LeeZeeYuen New Member in Splunk Search 01-25-2018 0 39	0	39
How to view percentage row to table? Hi, I've read through transpose command to try suit into the statistics I would want to view but it doesn't seems to... by SplunkNewbie18 New Member in Splunk Search 01-25-2018 0 2	0	2
Excluding a specific URL in Regex Hi, I read through forums on how to extract URLs using regex. But couldn't find those on how to exclude them. For e... by SplunkNewbie18 New Member in Splunk Search 01-24-2018 0 4	0	4
Extract value for host field from log file path using the parameter host_regex in inputs.conf Hi, I am new to Splunk and Regex. I have a folder : D:\SplunkForwarderCache\TimeSyncLogs\Linux. This folder contains... by neltonk Path Finder in Splunk Search 01-24-2018 0 3	0	3
Changing the Ulimits for openfiles How can we change the ulimits of Splunk to the desired value ? I have edited the /etc/security/limits.conf file and ... by nawazns5038 Builder in Splunk Search 01-24-2018 1 15	1	15