Splunk Search

Community Activity

Regular expression and aggregate the result Assume the following records: Nov 17 19:24:51 x.x.x.x Nov 17 19:24:51 myserver (appx): 1510943091.801 520 192.168.0.... by mkrauss1 Explorer in Splunk Search 11-17-2017 0 5	0	5
Query return value if NULL event I have a query I'm working on where not all the values I feed it are in the index I am querying against. For examp... by obiwan1129 New Member in Splunk Search 11-17-2017 0 1	0	1
Table showing when a a user started an action but didn't finish it with the first and last event times Hey guys, Looking for some help with a search. When a user starts first logs into an application to on board themse... by johnansett Communicator in Splunk Search 11-17-2017 0 5	0	5
Two queries with different timeframes using join. Is there a more efficient way? Hi there. I am new to SPL and wondering how to make a particular query more efficient. In particular, I want to creat... by agdavidson New Member in Splunk Search 11-17-2017 0 1	0	1
Where do the automatic lookups reside? We have a couple of automatic lookups and I don't see them in the SH under /opt/splunk/etc/apps/<app_name>/lookups W... by ddrillic Ultra Champion in Splunk Search 11-17-2017 1 3	1	3
How to Combine search query with a lookup file with one common field Hi, i want to combine the results from my search query with a lookup table that i have uploaded. They both have 1 co... by varunghai Engager in Splunk Search 11-17-2017 0 5	0	5
hide calculated field from dashbaord Hi, I have a calculated field call Percentage which is required for other calculations but i dont want that value... by surekhasplunk Communicator in Splunk Search 11-17-2017 0 5	0	5
rex field not visible and cannot be used in eval Hi I have this query and trying to do a eval case on the rex field value returned base \| rex "#TAGRESPONSE.*RESPONSE... by maniishpawar Path Finder in Splunk Search 11-17-2017 1 7	1	7
Showing events in a raw web browser window ? literally have a very basic raw events vizualization Hi, I have a strong request from my client that wants to be to be able to view events resulting from a SPL search in... by guilmxm Influencer in Splunk Search 11-17-2017 0 2	0	2
eval case before inputlookup file search I have a dashboard table with fields like below. Area field2 filed3 UK 100 200 US 300 400 In the dri... by surekhasplunk Communicator in Splunk Search 11-17-2017 0 14	0	14
Regex Help: Parse CSV with whatever it has got rather than failing on entire line Hi We have a regex/requirement to extract col1,col2,col3,col4 everytime. But the data may not contain col3 onwards ev... by koshyk Super Champion in Splunk Search 11-17-2017 0 2	0	2
Cannot search for value in extracted field I have a field extraction that gets the message number from the raw message string .{22}\s0-9 The message string is... by jrfrost Explorer in Splunk Search 11-17-2017 1 3	1	3
Is there a way not to restart entire splunk instance after making changes in .conf files? In general after we make changes in .conf files splunk instance should restart. If we deploy splunk in production en... by krishnakanthgup New Member in Splunk Search 11-17-2017 0 3	0	3
how can i add my index to the search app to search by default? hi, I have searched high and low for the instructions but cant seem to find the settings for enabling the search he... by 5plunked Explorer in Splunk Search 11-16-2017 0 2	0	2
Merge two line charts Hi , Very new to splunk. I need to search a index with two strings example: "ABC1" "XVZ2" And create a line graphs... by super_virus New Member in Splunk Search 11-16-2017 0 2	0	2
Problem with using stats for a count, and also to pull additional data So, I am going through windows logs, and have output that works for me with something like: index=windows sourcetype... by stakor Path Finder in Splunk Search 11-16-2017 0 1	0	1
Find difference between time now and last event time I am not sure why I am not getting results with this query, any suggestions? index= ______ \| stats max(_time) as las... by JoshuaJohn Contributor in Splunk Search 11-16-2017 1 1	1	1
Site name from lookup table based on IP address Hi splunk guru's. I'm trying to find a way (using SPL only - i am not an admin) to do the following: My vulnerability... by eransh10 New Member in Splunk Search 11-16-2017 0 2	0	2
Find all greater, after 5 mins subtract different columns Hi I want to calculate/simulate a data to analysis price difference, my data set in picture, left is my data set, r... by abdulvehhaba Path Finder in Splunk Search 11-16-2017 0 6	0	6
Join events and evaluate difference price Hi I have data like this I am joined uuid over market data together like that But there is 4 times date column... by abdulvehhaba Path Finder in Splunk Search 11-16-2017 0 5	0	5
Compare firewall action to track network flow changes Hello guys, I'd like to check changes on the Checkpoint firewall logs but I haven't any result : index=xxx host=yyy... by splunkreal Influencer in Splunk Search 11-16-2017 0 1	0	1
How to properly evaluate integer list from inputlookup subsearch? I'm attempting to use a subsearch to extract a number of integers in order to transpose those integers as columns. He... by oneillryan93 New Member in Splunk Search 11-16-2017 0 1	0	1
How can I add two new fields to my logs? Hello, On my servers I used combined Apache logs, but I added two other fields at the end of the logs : SSL_PROTOCOL... by romgo75 New Member in Splunk Search 11-16-2017 0 2	0	2
Splunk search interface for non-technical users? Hi, This question may be a bit unusual. While I know SPL is already kind of "simple" enough to get a hang of for mos... by yoyu777 Explorer in Splunk Search 11-16-2017 0 4	0	4
How can I use an if or eval statement to run a custom search command Hello Splunkers - Can't figure out for the life of me how to use eval or if statement to call a custom search comma... by splunker1981 Path Finder in Splunk Search 11-16-2017 0 3	0	3