Splunk Search

Community Activity

How to Use an InputLookup File to provide authorized user list and Report back Users who are not in the inputlookup I have an input lookup file. Say 'ApprovedUsers.csv'. This contains a single field SamAccountName. I want to c... by deastman Path Finder in Splunk Search 11-22-2017 0 7	0	7
How to show the result only if it is latest than the subsearch result? Assume, I have two panels - PanelA, PanelB. I have to show the result in PanelA only if the event for train is more r... by Naren26 Path Finder in Splunk Search 11-22-2017 0 5	0	5
Why doesn't this eval statement work? Hi, I have this query index=wholesale_app buildTarget=comcast analyticType=SessionStart \|rename Properties.platfo... by dbcase Motivator in Splunk Search 11-22-2017 0 2	0	2
display result count in form panel Hi, I have a form has field inputs and a panel to display the search results in a table. Our users are complainting ... by rzhang520 Engager in Splunk Search 11-21-2017 0 6	0	6
Field regex extractions on non-raw fields from web UI I'm attempting to create a field extraction from the web UI (I'm not an admin and don't have access to "*.conf" files... by doweaver Path Finder in Splunk Search 11-21-2017 1 10	1	10
Transaction command with multiple fields I have this start event. I am using the "Phonecall" as the key in the transaction. 1. InteractionEvent on Phonecall-... by bcarnot Path Finder in Splunk Search 11-21-2017 0 4	0	4
Help in creating regex for encryption of data? Hi Splunkers, I am looking for some help in creation of regular expression to Anonymize data with a regular expressi... by nishitdarade Explorer in Splunk Search 11-21-2017 0 9	0	9
How do i search non matching values from two different indexes and display This is what I am doing extract value until the first occurrence of char & using the search string index="prod_c... by saifullakhalid Explorer in Splunk Search 11-21-2017 0 12	0	12
Trying to search a connections log, top 10 hosts sending the most traffic, doesn't seem to be working. Trying to search a connections log, top 10 hosts sending the most traffic, need some help, thanks. by howardsamuels New Member in Splunk Search 11-21-2017 0 3	0	3
How to manipulate the time formats to get the exact results in Status Hi, I have created a query to fetch the status of some jobs in a particular format. There are different scheduled jo... by varunghai Engager in Splunk Search 11-21-2017 0 2	0	2
How can I remove numbers from Y-axis? Hi! I'm having trouble removing the values 0.5, 1 and 1.5 from the Y-axis in the following dashboard: But I need i... by gcescatto New Member in Splunk Search 11-21-2017 0 1	0	1
Why is the tstats command not displaying all data from a data model? Hi I have set up a data model and I am reading in millions of data lines. The issue is some data lines are not disp... by robertlynch2020 Influencer in Splunk Search 11-21-2017 1 2	1	2
Hi, Can i use sum and list command in single query For example, Category \| CategoryGroup \|Price AAA\|Apple \|80 AAA\|Apple \|90 BBB\|Banana\|40 BBB\|Butterfruit\|90 I want to ... by deepa_purushoth Engager in Splunk Search 11-21-2017 0 6	0	6
Please help me in forming Regex. Hi All, Please help me to extract the email ids which is not between <> angle brackets. Sample event: someone@doma... by ansif Motivator in Splunk Search 11-21-2017 0 7	0	7
Finding most recent event by host We are collecting logs from McAfee and Splunk pulls information for each host every 1 Hr. The logs have two fields ho... by anuremanan88 Explorer in Splunk Search 11-21-2017 0 9	0	9
Splunk Dedup by _time and Combine Values Simultaneously I am working with Exchange 2010 data. I have the MessageID, Sender, Recipients, and _time. Depending on the event typ... by cameronwt Engager in Splunk Search 11-21-2017 0 1	0	1
position of a character in a string Hello I'm trying to do a substr to strings such as: google-public-dns-b.google.com cachewas.tdp.net.pe b.resolvers.L... by jrodriguezap Contributor in Splunk Search 11-21-2017 0 5	0	5
AVG days for selection of events In the following search I want to have the average for the events where GB_w is < 15 days \| stats earliest(A_Z) AS A... by Mike6960 Path Finder in Splunk Search 11-21-2017 0 1	0	1
setting some token based on the result of search query Hi, My requirement is to set some token based on the output of search query. my search query return one row and I wa... by AKG1_old1 Builder in Splunk Search 11-21-2017 1 3	1	3
how to retrieve memory value from GC log I have below event from GC log, 2017-11-20T23:13:13.311-0800: 205957.353: [GC (Allocation Failure) 5152315K->4647798... by sangs8788 Communicator in Splunk Search 11-21-2017 0 2	0	2
If 3 consecutive files are found > 1KB in size, send an email alert How can I get results only when 3 consecutive files exceeds 1 KB limit? I tried this with below Query however not ge... by chaitalynavare Engager in Splunk Search 11-21-2017 0 4	0	4
How do I use the latest value given to replace a field that is NULL but both event have one common value? As stated I want the latest value in "Hash Value" and "Type" column to be filled instead of being "NA" and "Unknown" ... by Kitteh Path Finder in Splunk Search 11-21-2017 0 9	0	9
Why does rex/regex return different results than field-extraction? Data: Nov 16 12:50:51 172.23.0.29 Nov 16 12:50:51 dc01 Microsoft_Windows_security_auditing.[1688]: Domain\user1: Secu... by jared_anderson Path Finder in Splunk Search 11-20-2017 0 8	0	8
Splunk enterprise 6.6.1 - existing custom apps are not opening We have few custom apps in our splunk enterprise instance which were opening to all user before. Suddenly custom apps... by mohan_ac Explorer in Splunk Search 11-20-2017 0 1	0	1
How to extract a field using regex at indexing time? Hi, I'm ingesting the data in JSON format. we have a field event.user, which is auto extracted. is there a way to ex... by kiran331 Builder in Splunk Search 11-20-2017 0 4	0	4