Splunk Search

Community Activity

How to group uri strings inside a case statement based on a substring portion of a uri I have three types of uris stored in a field called uri. The uris are as follows: First type: /a/b/c/1/d /a/b/c/2/d ... by gokadroid Motivator in Splunk Search 11-09-2017 0 4	0	4
Get last login time based upon a list of accounts in a CSV lookup file I have a list of accounts that I wish to monitor in a csv file, say accounts.csv. The file looks like: userid,name,d... by pfhendr Explorer in Splunk Search 11-09-2017 0 2	0	2
Display rows not older than 1 day based in a date column Thanks in advance. We are trying to display the rows where the column is not older than 1 day and this has to be don... by rsokolova Path Finder in Splunk Search 11-09-2017 0 1	0	1
Splunk Search & Reporting app returns "500 internal server error", only for one user. I'm running Splunk Enterprise v 6.6.1 on Windows 2008 R2 (not by choice). Without making any configuration changes (... by LCM_BRogerson Path Finder in Splunk Search 11-09-2017 1 10	1	10
Avoiding a double-lookup for an efficient search A user is only allowed to log in from one of their AllowedPlatform: userAllowedPlatform.csv \| User \| Allowed... by 98123722 Explorer in Splunk Search 11-09-2017 0 2	0	2
Strange behavior of an eval "call" OR "exception1" OR "exception2" OR "exception3" \| eval calls = if(like(message, "%call%"), 1, 0) \| eva... by rbochen New Member in Splunk Search 11-09-2017 0 2	0	2
Command 'search' can't compare two floating numbers I am writing a saved search to trigger and alert when a difference between values is higher than a threshold. A simp... by thenhaque Explorer in Splunk Search 11-09-2017 0 5	0	5
How can I extract additional fields from this source? eg: source = shuttle(Oct1-3).zip:./shuttle/5720/LOG/shuttle_log.20171002 ,shuttle_3.zip:./shuttle_3/5720/LOG/shuttle_... by vinisha29 New Member in Splunk Search 11-09-2017 0 1	0	1
How do I get the event associated to a fired_alert? I run this search: index=_audit action=fired_alert I get back this which looks like properties of the alert. Audit... by pfabrizi Path Finder in Splunk Search 11-09-2017 0 2	0	2
Lookups excluding answers if multiple same lines are found I have a lookup that end users can update. However they might make a mistake and put in the same data twice. The issu... by robertlynch2020 Influencer in Splunk Search 11-09-2017 0 2	0	2
Dataset regexed field to uppercase Hello. I have a dataset with a regular expression where i extract the hostname of the computer to a hostname variabl... by christoffertoft Communicator in Splunk Search 11-08-2017 0 4	0	4
Exclusive Right Join option in splunk I am trying to list the events from the subsearch which are not found in the main search. For example the subsearch ... by kiril123 Path Finder in Splunk Search 11-08-2017 0 5	0	5
Help extracting a value from this log? Hi, can someone help me to exact "536 MiliSeconds" from below is log 6>2017-11-02T05:55:12Z d065d14b-3bcd-481c-512a-... by rajgowd1 Communicator in Splunk Search 11-08-2017 0 3	0	3
Problem using set diff together with mvexpand I'm trying to compare multi-value fields from multiple events and display the diff between the two sets. For example... by kenliu Explorer in Splunk Search 11-08-2017 0 2	0	2
How do I delimit multivalue fields? Dear All, We have a scenario, where For each Application_ID, Application_Name is having multi-value and delimited. ... by anil_ec21 Explorer in Splunk Search 11-08-2017 1 4	1	4
How do you compare sets of field values from two searches? I'm basically trying to identify whether some of my hosts are not doing something successfully as it should be in a d... by cinchnetops Explorer in Splunk Search 11-08-2017 0 3	0	3
Single value with trend for duration? I have been searching about this for the last couple of days. I don't think Splunk have this feature but I just want ... by tamduong16 Contributor in Splunk Search 11-08-2017 1 4	1	4
When I search for top public IP addresses results include my LAN subnet Hi mates, I'm figuring out the reason, why I'm looking LAN addresses as source IP if my search is clearly filtering ... by rookie507SL New Member in Splunk Search 11-08-2017 0 3	0	3
Rex command to extract multiple values from base query I have below text and i need to extract "Successfully Sent" FTP Ipaddress and store number. I could extract first po... by k_harini Communicator in Splunk Search 11-08-2017 0 2	0	2
How to split multivalue fields after lookup? Hello after a search like this: index=myindex\|lookup mycsv.csv host_ip I have the following output: I would lik... by skiourus New Member in Splunk Search 11-08-2017 0 4	0	4
Can I join a data model with a lookup using a wildcard character (*)? Hi I have an issues where I am joining a Data-model with a lookup table and its working very well. We are looking to... by robertlynch2020 Influencer in Splunk Search 11-08-2017 0 2	0	2
Search for a pattern in a lookup CSV file which is received from first search from another lookup CSV file I have two lookup csv files. file1.csv and file2.csv 1st query results me with field1 which has a pattern match in ... by surekhasplunk Communicator in Splunk Search 11-08-2017 0 2	0	2
How to combine Fw: and Fwd in email Subjects Let's say I had used a search like: index=mail RecipientUserDomain=user@domain.com \| stats count by Subject \| sort-c... by smurfy_91 New Member in Splunk Search 11-08-2017 0 2	0	2
Can you remove a unit of measurement from a field value? I'm trying to calculate man hours, but my field format is "12 Mins" not simply "12". How can I either calculate this ... by mbond81 Engager in Splunk Search 11-08-2017 0 4	0	4
Option to extract one specific field from different patterns in one go ? For the same sourcetype, I have a lot many different patterns from which I want to extract one specific field. Is the... by pari04home New Member in Splunk Search 11-07-2017 0 3	0	3