Splunk Search

Community Activity

How can I extract SOAP envelope from raw data using rex I would like to use a rex so I can pull the SOAP Envelope out of raw text and then send it to xmlprettyprint. Can any... by msmit205 New Member in Splunk Search 12-05-2017 0 3	0	3
Populating Timechart Single Values with Dashboard Base Search I have a dashboard with a base search, three Single Values use the base search, but will only populate using stats, I... by jasonhallDFIR New Member in Splunk Search 12-05-2017 0 2	0	2
Group results by rows and columns I need some help grouping and transposing some data. The search below gives me the data but now I want to group it a... by kent_farries Path Finder in Splunk Search 12-05-2017 0 4	0	4
Transaction duration with no results found, would like the dashboard panel to reflect 0 Hi, I have this query index=wholesale_app buildTarget=blah product=product1 analyticType=checkpoint \|transactio... by dbcase Motivator in Splunk Search 12-05-2017 0 4	0	4
Calculating percentiles and including "missing" data I have a set of events that look something like the following: Machine: A, File: Foo, SizeMB: 10 Machine: A, File: ... by doweaver Path Finder in Splunk Search 12-05-2017 0 17	0	17
Predict values by end of current month Hi, I am trying to predict earnings by end of month (our KPI) based on historical data. I tried this event=Payment \| ... by rvencu Path Finder in Splunk Search 12-05-2017 0 9	0	9
if count of rows equal to 3 show only head 1 else show all rows How to write a simple query at the end of my search query to populate table of my dashboard saying : If count of rows... by surekhasplunk Communicator in Splunk Search 12-05-2017 0 3	0	3
Sum if formula for daily, hourly, and monthly rates I have some financial data in three separate fields for daily, hourly & monthly rates. The monthly field always take... by jackreeves Explorer in Splunk Search 12-05-2017 0 5	0	5
[Search] Avg failed logins by user per day sourcetype=linux_secure \|rex "\w{3}\s\d{1,2}\s\d{2}:\d{2}:\d{2}\s\S+\s(?<session>gdm-\w+)\S:\s"\| search session=gdm-p... by test_qweqwe Builder in Splunk Search 12-05-2017 0 1	0	1
Using the results from one search as a field to use in another search Hello all, I am trying to combine two different searches to correlate with one another. The first search is: Event... by DeanDeleon0 Path Finder in Splunk Search 12-05-2017 0 11	0	11
sort first 5 rows alphabetically then get total count then next 6 rows alphabetically and get the total i have 11 rows as output of my search query.Which looks like below Example field1 field2 co 10 im... by surekhasplunk Communicator in Splunk Search 12-05-2017 0 10	0	10
Regex crash course? Can anyone recommend a good regex crash course article so I can learn how to write my (simple) whitelists and blackli... by Joffer Path Finder in Splunk Search 12-05-2017 1 9	1	9
Creating a SubHeading in Splunk Hi, How do I go about creating a subheading in splunk. My table is in the following format: Date1 ... by mahbs Path Finder in Splunk Search 12-05-2017 0 6	0	6
Search query to get amount of compressed data hitting in the Indexer. Hello, Is there any serach query that return amount of compressed data hitting to the indexer before it get uncompre... by ansif Motivator in Splunk Search 12-05-2017 2 3	2	3
Help! How to create a drilldown table. Hi All, Could you help me on creating a drilldown table that will list all the ticket number based on the value of t... by NicoloPunzalan2 Engager in Splunk Search 12-05-2017 0 1	0	1
How to send events in JSON format to NullQueue? Hello, We are puling JSON data from cloud, can I trim out the events with EventId=5156 and 5158 from the events with... by kiran331 Builder in Splunk Search 12-04-2017 0 5	0	5
Issue when joining results of large tstats queries over time. Hello everyone, I am currently struggling with Splunk limitations when it comes to joining two queries handling very... by moystard New Member in Splunk Search 12-04-2017 0 5	0	5
Multi-Site Cluster: What would I configure for replication and search factor with 1 peer at each site? Hi all, Am planning a multi-site (2 datacenters) installation of Splunk Enterprise v6.1.3. It will include Enterpris... by Splunker Communicator in Splunk Search 12-04-2017 1 5	1	5
Manipulating eval and stats to get desired results Hi guys, I'm trying to search our Qualys vulnerability data to the average cvss score for all vulnerabilities with ... by Robbie1194 Communicator in Splunk Search 12-04-2017 0 2	0	2
Automatic lookup and metrics index Hello, I configured an automatic lookup table to be active on a metrics index via Splunk Web (I do not have access r... by jwillaime Explorer in Splunk Search 12-04-2017 0 3	0	3
Can multiple IF statements be used I am creating a report off of logs files. In this report I am looking to list out the number of times particular act... by agreer New Member in Splunk Search 12-04-2017 0 1	0	1
Field-extraction on a JSON message with multiple delimiters? I have this: {"date": null, "facility": -1, "host": null, "level": -1, "message": "2017-11-13T03:45:00+0000 monStats... by jayakumar89 Explorer in Splunk Search 12-04-2017 0 2	0	2
How do you use a AND statement in a IF statement? I am looking through log files and building a report that will give a list of usage based off those logs. Currently ... by agreer New Member in Splunk Search 12-04-2017 0 12	0	12
Excluding a field name from fields command exclusions The fields - command expects a list of field names to exclude, and one can use wildcards in that list. But what I nee... by DUThibault Contributor in Splunk Search 12-04-2017 0 14	0	14
Can you clarify Vulnerability report SPL-144192? Vulnerability report SPL-144192 seems to have contradicting data in it. It begins by talking about being vulnerable t... by chriswilkes33 Explorer in Splunk Search 12-04-2017 2 4	2	4