Splunk Search

Community Activity

multivalue field search time extraction Here is part of two raw log messages "memberOf=CN=AU-SG NAT_ClientReadyApp,OU=UniversalGroups,OU=Groups,DC=au,DC=two... by smehmood New Member in Splunk Search 11-18-2017 0 1	0	1
SPL to take a field and make it a different "word" Palo Alto has a field called “flags”. It can have several hex type entries, but what I’m interested in is whether or... by coloradoark New Member in Splunk Search 11-17-2017 0 3	0	3
Regular expression and aggregate the result Assume the following records: Nov 17 19:24:51 x.x.x.x Nov 17 19:24:51 myserver (appx): 1510943091.801 520 192.168.0.... by mkrauss1 Explorer in Splunk Search 11-17-2017 0 5	0	5
Query return value if NULL event I have a query I'm working on where not all the values I feed it are in the index I am querying against. For examp... by obiwan1129 New Member in Splunk Search 11-17-2017 0 1	0	1
Table showing when a a user started an action but didn't finish it with the first and last event times Hey guys, Looking for some help with a search. When a user starts first logs into an application to on board themse... by johnansett Communicator in Splunk Search 11-17-2017 0 5	0	5
Two queries with different timeframes using join. Is there a more efficient way? Hi there. I am new to SPL and wondering how to make a particular query more efficient. In particular, I want to creat... by agdavidson New Member in Splunk Search 11-17-2017 0 1	0	1
Where do the automatic lookups reside? We have a couple of automatic lookups and I don't see them in the SH under /opt/splunk/etc/apps/<app_name>/lookups W... by ddrillic Ultra Champion in Splunk Search 11-17-2017 1 3	1	3
How to Combine search query with a lookup file with one common field Hi, i want to combine the results from my search query with a lookup table that i have uploaded. They both have 1 co... by varunghai Engager in Splunk Search 11-17-2017 0 5	0	5
hide calculated field from dashbaord Hi, I have a calculated field call Percentage which is required for other calculations but i dont want that value... by surekhasplunk Communicator in Splunk Search 11-17-2017 0 5	0	5
rex field not visible and cannot be used in eval Hi I have this query and trying to do a eval case on the rex field value returned base \| rex "#TAGRESPONSE.*RESPONSE... by maniishpawar Path Finder in Splunk Search 11-17-2017 1 7	1	7
Showing events in a raw web browser window ? literally have a very basic raw events vizualization Hi, I have a strong request from my client that wants to be to be able to view events resulting from a SPL search in... by guilmxm Influencer in Splunk Search 11-17-2017 0 2	0	2
eval case before inputlookup file search I have a dashboard table with fields like below. Area field2 filed3 UK 100 200 US 300 400 In the dri... by surekhasplunk Communicator in Splunk Search 11-17-2017 0 14	0	14
Regex Help: Parse CSV with whatever it has got rather than failing on entire line Hi We have a regex/requirement to extract col1,col2,col3,col4 everytime. But the data may not contain col3 onwards ev... by koshyk Super Champion in Splunk Search 11-17-2017 0 2	0	2
Cannot search for value in extracted field I have a field extraction that gets the message number from the raw message string .{22}\s0-9 The message string is... by jrfrost Explorer in Splunk Search 11-17-2017 1 3	1	3
Is there a way not to restart entire splunk instance after making changes in .conf files? In general after we make changes in .conf files splunk instance should restart. If we deploy splunk in production en... by krishnakanthgup New Member in Splunk Search 11-17-2017 0 3	0	3
how can i add my index to the search app to search by default? hi, I have searched high and low for the instructions but cant seem to find the settings for enabling the search he... by 5plunked Explorer in Splunk Search 11-16-2017 0 2	0	2
Merge two line charts Hi , Very new to splunk. I need to search a index with two strings example: "ABC1" "XVZ2" And create a line graphs... by super_virus New Member in Splunk Search 11-16-2017 0 2	0	2
Problem with using stats for a count, and also to pull additional data So, I am going through windows logs, and have output that works for me with something like: index=windows sourcetype... by stakor Path Finder in Splunk Search 11-16-2017 0 1	0	1
Find difference between time now and last event time I am not sure why I am not getting results with this query, any suggestions? index= ______ \| stats max(_time) as las... by JoshuaJohn Contributor in Splunk Search 11-16-2017 1 1	1	1
Site name from lookup table based on IP address Hi splunk guru's. I'm trying to find a way (using SPL only - i am not an admin) to do the following: My vulnerability... by eransh10 New Member in Splunk Search 11-16-2017 0 2	0	2
Find all greater, after 5 mins subtract different columns Hi I want to calculate/simulate a data to analysis price difference, my data set in picture, left is my data set, r... by abdulvehhaba Path Finder in Splunk Search 11-16-2017 0 6	0	6
Join events and evaluate difference price Hi I have data like this I am joined uuid over market data together like that But there is 4 times date column... by abdulvehhaba Path Finder in Splunk Search 11-16-2017 0 5	0	5
Compare firewall action to track network flow changes Hello guys, I'd like to check changes on the Checkpoint firewall logs but I haven't any result : index=xxx host=yyy... by splunkreal Motivator in Splunk Search 11-16-2017 0 1	0	1
How to properly evaluate integer list from inputlookup subsearch? I'm attempting to use a subsearch to extract a number of integers in order to transpose those integers as columns. He... by oneillryan93 New Member in Splunk Search 11-16-2017 0 1	0	1
How can I add two new fields to my logs? Hello, On my servers I used combined Apache logs, but I added two other fields at the end of the logs : SSL_PROTOCOL... by romgo75 New Member in Splunk Search 11-16-2017 0 2	0	2