Splunk Search

Community Activity

Relative pattern matching I am trying to do relative searches over multiple sources. I want to be able search source1 in source2 or vice versa ... by pmehta77 New Member in Splunk Search 12-28-2017 0 3	0	3
Hello, I need to build a alert that fires on the presents of the two Windows Event codes I.E. EventCode=4663 and EventCode=4776, any suggestions In order for the alert to work, both Eventcodes have to be activated. query \| search EventCode=4663 OR EventCode=47... by bluemarvel Path Finder in Splunk Search 12-28-2017 0 4	0	4
Untangle Firewall logs not parsed properly into Key/Value pair Hi there, I have configured Untangle firewall in below mentined fashion. Configured syslogs port 514 to... by hariskhan218 Engager in Splunk Search 12-28-2017 1 3	1	3
Setting up query running time I am having a dashboard which comprises of several panels. It serves the monitoring of set of jobs. Jobs cycle star... by Kwip Contributor in Splunk Search 12-28-2017 0 7	0	7
Can I get an external script to run on events while they are being calculated? Hello all, I'm not sure I know how to phrase this question properly, but I will try my best. I'm currently trying t... by andrewtrobec Motivator in Splunk Search 12-28-2017 0 2	0	2
bucket from relative time good day! when solving the problem of obtaining statistics, they encountered a problem. It is necessary to calculate ... by yav2810 Explorer in Splunk Search 12-28-2017 0 3	0	3
Regulare expression Hi Team, I tried learning regular expression from regex101.com but unable to get all answer.Do we have any video or ... by maheshsat Explorer in Splunk Search 12-28-2017 0 2	0	2
chart with multiple scales? Can Splunk show (and if so, how?) different scales for each line in a line graph while auto-computing the correct sca... by Justin_Grant Contributor in Splunk Search 12-28-2017 2 7	2	7
Checkbox usage in splunk dashboard Hi All, I am using 5 checkboxes and when i select any of the checkbox then only corresponding chart will be visible,... by bharathkumarnec Contributor in Splunk Search 12-28-2017 0 3	0	3
Multiselect returns no rows in every condition Dear support, I tried to build a multi-select control and use it in a search, but I have "Search is waiting for inpu... by altink Builder in Splunk Search 12-28-2017 0 12	0	12
Need idea about searching with condition This is the algorithm of the search that I am looking for, If the stats count of (Host=A AND B, banana) > 0, Then ... by zacksoft Contributor in Splunk Search 12-28-2017 0 5	0	5
Get data from table from javascript Hello! I had a simple XML app in SPLUNK. I need to get all data from rendered table ( or before rendering ), like ra... by creemer Explorer in Splunk Search 12-28-2017 0 3	0	3
Can I perform If-Then-Else logic within a search? Can I use if else for multiple search? Like this: index=* \| eval result=if(field<=178000, [ search index=notable \| r... by johnny_goya Explorer in Splunk Search 12-27-2017 0 12	0	12
'stats' command: limit for values of field 'xxx' reached. Some values may have been truncated or ignored. Hello, I am using the stats command with the list() function. Unfortunately, for some groupings the list size exceed... by jamesvz84 Communicator in Splunk Search 12-27-2017 6 9	6	9
How to filter date based on the future data? Hi - I have a Session_Start_Date field that needed to be filter. The condition is that, for example, the data upload... by mrccasi Explorer in Splunk Search 12-27-2017 0 9	0	9
Look up CPU data from another search Edit: Now thinking about it, I probably could combine the two queries, in wmi.conf, into one. However, let's assume t... by tmontney Builder in Splunk Search 12-27-2017 0 1	0	1
how to add a field like "host, source, sourcetype"? hi,everyone when i use sdk for python,I found that function:submit can only use "host , source, sourcetype". i want t... by facefaces New Member in Splunk Search 12-27-2017 0 1	0	1
Create new field for incoming logs Hi I have some issue with creating field for my logs. I have logs which contain number. I wan extract this number as... by swdowiarz Path Finder in Splunk Search 12-27-2017 0 11	0	11
tstats results different from eventcount Can anyone provide an explanation on why these two searches produce different results? I am trying to set up an alert... by marian_coman Explorer in Splunk Search 12-27-2017 0 2	0	2
How to arrange column sequentially by month? I'm having a trouble arranging my columns per month. I want it to the be arranged like this: \|Sept-15-2017\| \|Sept-3... by patricianaguit Explorer in Splunk Search 12-27-2017 0 6	0	6
I would like to make custom_fields a table column. We have imported Json data with the following custom_fields. {<!-- --> "id": 100, "custom_fields": [{<!-- --> ... by TAmemiya Explorer in Splunk Search 12-27-2017 0 3	0	3
How do I modify my search to get the stats count by a field in lookup? I have a lookup file "hosts.csv" as below with multiple fields category my_hostname .. ... ... A ... by pavanae Builder in Splunk Search 12-26-2017 0 3	0	3
Compare data in different souretypes with no common field I am having below situation I am having 2 different sourcetypes "logs" and "range". logs contains log events which... by kashifqau Explorer in Splunk Search 12-26-2017 0 7	0	7
Why is my _indextime earlier than my event time? I have a number of events, received from bluecoat proxies, in which the _indextime field is earlier than the _time fi... by philcovell New Member in Splunk Search 12-26-2017 0 3	0	3
How can I use regex to match only certain parts of a field string value? I am using a CSV lookup table (MyCSVTable) which contains a list of 10 digit numbers (examples: 2345678900, 213456789... by waeleljarrah Explorer in Splunk Search 12-26-2017 0 6	0	6