Splunk Search

Community Activity

Sorting timewrap output I doing a search and timecharting the results which I then stream into timewrap. My timechart contains (for instance... by jsburt New Member in Splunk Search 01-24-2018 0 5	0	5
replace special character "" with NULL in datamodel Hi, In one of my numeric field sometimes I am getting value as " ". I want to replace it with either NA or NULL i... by goyals05 Explorer in Splunk Search 01-24-2018 0 2	0	2
How do I edit my timechart search to get the expected visualization? Hi all, First off, some details. I have a script job running every 60 seconds to poll the processes in the servers a... by carrotball New Member in Splunk Search 01-24-2018 0 10	0	10
Alternative to dedup I'm sorting by time cause I want the latest time for every distinct host. Im doing this and it works. But dedup is fa... by greggz Communicator in Splunk Search 01-24-2018 0 2	0	2
convert string date(without seprater) to readable date format - 20180112 to 12/01/2018 Hi, I am using data-models. In raw data I am getting date as YYYYMMDD, I want to convert it in DD/MM/YYYY. Is ther... by goyals05 Explorer in Splunk Search 01-24-2018 0 4	0	4
How do you manage modified lookup files that ship with an app? Let's say an app ships with one or more default CSV lookup tables. You want to add additional data to these lookups ... by john_dagostino Path Finder in Splunk Search 01-23-2018 0 1	0	1
hosts not visible Hi, Configured splunk universal forwarders on windows & linux hosts through splunk deployment server, which are visi... by rajballa New Member in Splunk Search 01-23-2018 0 7	0	7
splunk _time not matching with timestamp Hi, the log has timestamp like this "time":"2018-01-22 13:43:40.0" props.conf : TIME_FORMAT = %F %T.%3N TIME_P... by nawazns5038 Builder in Splunk Search 01-23-2018 0 7	0	7
How to extract name from multiple sources using rex I am trying to extract one name from source using rex. index=source= \| rex field=source "\\\\\\\domain\\\prod\\\(... by ibob0304 Communicator in Splunk Search 01-23-2018 0 5	0	5
Subsearch for multiple sourcetypes and fieldnames I need to do a search in two different sourcetypes and use the result to do additional searches in these queries. But... by DerBastler New Member in Splunk Search 01-23-2018 0 13	0	13
Extract in Props.conf I am trying to extract a field from cisco:asa events in my props.conf. Here is the event: Jan 23 11:04:57 taaaaaaa %... by pfabrizi Path Finder in Splunk Search 01-23-2018 0 1	0	1
Show items which appear in clusters I have a log file of the following sort: vendor productId clusterId A 1 1 B 2 1 A ... by viggor Path Finder in Splunk Search 01-23-2018 0 4	0	4
Getting averages from 2 columns Hi, I have a query that looks like this index=wholesale_app counter buildTarget=* product=* Properties.index=0 buil... by dbcase Motivator in Splunk Search 01-23-2018 0 2	0	2
Cannot find log messages for -1d@d but -7d@d works I have a Splunk alert that has been sending false emails. The alert is sent when a string is absent from the applicat... by baoctac New Member in Splunk Search 01-23-2018 0 11	0	11
Where does a lookup table need to be in a distributed search environment? All, I'm having an issue where one of my indexers is complaining about a lookup table that I have setup on my search... by bruceclarke Contributor in Splunk Search 01-23-2018 0 9	0	9
How to combine two sources using common field. Hi everyone, I just start using splunk and hit a road block. Using two sources (Loaninfo and Loanapp), my end goal ... by rfernandez2010 New Member in Splunk Search 01-23-2018 0 11	0	11
How can we detect the heaviest search users during peak usage time? Our indexers were under heavy load today and some crushed. Most likely it’s due to extensive search activity. Is ther... by ddrillic Ultra Champion in Splunk Search 01-23-2018 0 6	0	6
SPL search pattern efficiency: join vs eventstats We have a Splunk app that was developed in-house to track indicators that are submitted to a blocklist. Here's a simp... by elliotproebstel Champion in Splunk Search 01-23-2018 0 1	0	1
RDP Session Daisy Chain Hello, I am trying to form a script that will parse information to detect RDP sessions that are Daisy Chained over ... by srakiec New Member in Splunk Search 01-23-2018 0 1	0	1
Trying to get the domain from multiple email recipients using rex sourcetype=mysource \| rex field=shared_with "(?P[A-Za-z0-9]+.[a-zA-Z]+)$" emails going to several different recipien... by Dallastek Explorer in Splunk Search 01-23-2018 0 7	0	7
How to add new field in existing index I have a index that have 2 fields only index="TRIAL_INDEX" fields: sample1, sample2 And i will make a new f... by jadengoho Builder in Splunk Search 01-23-2018 0 5	0	5
addtotals to calculate percentage I am trying to calculate what percentage of Operating Systems have windows 10 installed out of the total number which... by davidcraven02 Communicator in Splunk Search 01-23-2018 1 11	1	11
How to decrease the count for everr search that is true I'm trying to remove duplicates log from the search result every time the page is refreshed. eg index=main "Entered ... by santohang New Member in Splunk Search 01-23-2018 0 3	0	3
Set values to 0 when there are no search results Hi, on Splunk Enterprise 6.6.5 I have the following problem: I am using 3 saved searches in one dashboard via append... by mborn New Member in Splunk Search 01-23-2018 0 3	0	3
CSV files generated from Outputlookupand Outputcsv cant be re-used as input. I used a search query to get a value. source="nfr-output_300_1.csv" host="IHTNW754752GG-L" index="main" sourcetype=... by harishy100 New Member in Splunk Search 01-22-2018 0 1	0	1