Splunk Search

Community Activity

black-out/ simple way to combine events from two sourcetypes on same Id I must have a blackout because the case does not seem to difficult but i cant get it working. I have two sourcetypes,... by Mike6960 Path Finder in Splunk Search 01-10-2018 0 20	0	20
If statment is not returning value with evaluate a "tag" value Hi, i'am trying to evaluate a tag value like this: eval X=if(tag="NY",_time,"1") I have trying everything and stuck i... by steinroardahl Observer in Splunk Search 01-09-2018 0 5	0	5
Virustotal Checker: How to set the VT API key? Hello! How to set the VT API key for the Virustotal Checker app? by borshoff Explorer in Splunk Search 01-09-2018 1 6	1	6
How to create a lookup matching non-exact words ? I have the below type of event and I want to add a category field to it using lookups time Transaction Business n... by damode Motivator in Splunk Search 01-09-2018 0 6	0	6
Join 2 events with same "source" I want to join the nmap scanning results. The common field is the source "nmapscan_1.gnmap" while other scans will ha... by henryyiu2degree Engager in Splunk Search 01-09-2018 0 7	0	7
Field Extractions in Search Head GUI Hi Team, I have an event which is getting segregated with pipe (\|) symbol and i want to separate those events with a... by anandhalagarasa Path Finder in Splunk Search 01-09-2018 0 16	0	16
Time Input to Form Not Working Maybe I've been overthinking this, but for the life of me I cannot get my Time Input to my form working! I'm using th... by jroes014 New Member in Splunk Search 01-09-2018 0 2	0	2
Count items satisfying a condition I have a event created each time a user does an action in my system (e.g. login, open_page, close_page). I need to do... by feridamana Engager in Splunk Search 01-09-2018 0 2	0	2
port sweep 1 source to multiple destination to more than 4 dest_ports This is the query which is for port sweep------- 1source->dest_ips>800->1dest_port \| tstats summariesonly dc(All_Traf... by rahul_acc_splun New Member in Splunk Search 01-09-2018 0 1	0	1
Multiple/Nested IF statement My logic for my field "Action" is below, but because there is different else conditions I cannot write an eval do ach... by davidcraven02 Communicator in Splunk Search 01-09-2018 1 2	1	2
Count a field value for one field, but not for another in Stats Hello All, I am running a report that uses multiple stats commands to achieve the final output, in this report I hav... by raby1996 Path Finder in Splunk Search 01-09-2018 0 1	0	1
Field extraction showing up for different sourcetype Hello. I used the Splunk field extractor to get a field from sourcetype=sourcetype_a For some reason, when I search s... by xxkenta Explorer in Splunk Search 01-09-2018 0 3	0	3
Why is KV_MODE=xml not working in my distributed environment? Hi, i'm using a distributed splunk setup (search head with several indexers) with version 6.1.3. I'm having problems... by HansWurscht Path Finder in Splunk Search 01-09-2018 1 4	1	4
How to restrict User access to search from dashboard? I have a dashboard which uses internal index and I made it available for role "user". I couldn't get the dashboard ru... by googs524 Explorer in Splunk Search 01-09-2018 0 4	0	4
Security Key in server.conf what is the diff between the security key in the clustering stanza and the key in the general stanza in server.conf ?... by nawazns5038 Builder in Splunk Search 01-09-2018 0 1	0	1
Regex Help Hi, Struggling yet again with another regex. The sample string looks like the following: .........,"errorCode":"500... by brajaram Communicator in Splunk Search 01-09-2018 0 3	0	3
Can we find the events which are not matched by Lookup table? I have a lookup table with which I am categorizing the Error Messages received from a particulat Sourcetype "error". ... by maria2691 Path Finder in Splunk Search 01-09-2018 0 2	0	2
How to make search faster Hello, below is my search . Since i am using join , search is slow . Can i please know if there is a way to increas... by kteng2024 Path Finder in Splunk Search 01-09-2018 0 3	0	3
How to count success/fail event and group them by another field Hello everyone! My data have this form I'm trying to make table in splunk, that will aggregate data to next format... by someguy73 Explorer in Splunk Search 01-09-2018 0 4	0	4
Stacked100 with Bar total value Ciao, i'd like to apply some enhancements to a stacked100 barchart i created. In particular I'd like to modify this... by CarmineCalo Path Finder in Splunk Search 01-09-2018 0 2	0	2
How to extract the last string order a table around it ? 40.118.209.1 0x735870x1 GG46989 [21/Dec/2014:00:00:00 -0500] "GET /rest/jphutenxporter/1.0/outputformatconfig/outputf... by zacksoft Contributor in Splunk Search 01-08-2018 0 5	0	5
query to grab the metadata of the host entered by the user Hello, Can someone please help me to build a query that will display hostname , IP address , last reported by the f... by kteng2024 Path Finder in Splunk Search 01-08-2018 0 3	0	3
How to display respective entries from two different logs based on a common extracted field value? Hi All, I have two different sources of log and want to display respective entries from each source based on a extra... by amiivas Engager in Splunk Search 01-08-2018 0 5	0	5
what is meaning of communication protocols in spunk what is meaning of communication protocols in spunk by maheshsat Explorer in Splunk Search 01-08-2018 0 3	0	3
How to count daily events with specific time? Hi guys, I need to count number of events daily starting from 9 am to 12 midnight. Currently I have "earliest=@d+9h ... by auaave Communicator in Splunk Search 01-08-2018 0 10	0	10