Splunk Search

Community Activity

Search syntax for comparing events over 30-day timespan The purpose of the query is to identify those events that occurred after 10/14/2017 01:00:00 that had not occurred in... by sbattista09 Contributor in Splunk Search 11-07-2017 0 2	0	2
What is the most efficient way of filtering on two timestamps? Hello all, I keep facing a common theme and I wanted some input. We all know that the first filter should be on the... by andrewtrobec Motivator in Splunk Search 11-07-2017 1 1	1	1
How to combine two field values from the same field? So, I have regex a field called device, and it contains - mac - mac os - os x - windows - android Is it possible t... by limalbert Path Finder in Splunk Search 11-07-2017 0 9	0	9
Sort highest to lowest over time with timechart Hello, I'm trying to display a graph of the my Splunk applications by usage, highest to lowest within a given time p... by patrick_okeeffe Engager in Splunk Search 11-07-2017 0 3	0	3
How do I count the number of events based on the value of a field is * Hello, I am having trouble with a simple search. I have the following data: OBJECT ID,NEW STATE 1,STATE ONE 1,STATE... by maniu1609 Path Finder in Splunk Search 11-07-2017 0 2	0	2
Help with search to monitor a firewall We are trying to monitor Firewall events from' X ' Environment coming to Splunk. I took the all hosts (600 hosts) rel... by splunker969 Communicator in Splunk Search 11-07-2017 2 7	2	7
Timechart Not working after eval _time Hello, I am using timechart in my query. I want to create timechart based on time specified in file rather than _tim... by AKG1_old1 Builder in Splunk Search 11-07-2017 0 1	0	1
Rebuilding index level .data files On a healthy index, these two queries return the same value, or at least very similar, since the value is changing as... by vbumgarner Contributor in Splunk Search 11-07-2017 0 3	0	3
sum of a field depending on values of other field Hi, I have few fields in my csv file like below. Name of csv file example.csv A B ... by surekhasplunk Communicator in Splunk Search 11-07-2017 0 5	0	5
Using Rex Command to Extract Username from EventData_Xml Data Good morning. I'm trying to use rex to extract a username from a MS Windows Application Event Log. The event shows ... by SplunkLunk Path Finder in Splunk Search 11-07-2017 0 9	0	9
search on each lookup event Hi All, I have a lookup containing username,hostname and I also have an assets index storing hostname, mac, ip. Im ... by samhodgson Path Finder in Splunk Search 11-07-2017 0 7	0	7
How can I define a total amount of a Pie Chart? Hi! I need to create a pie chart where the full pie is 1000000 and the "usage" is a count number. It should look like... by gcescatto New Member in Splunk Search 11-07-2017 0 4	0	4
User last login date I have a about 250 users and I would like to to know when was the last time each of them have logged in. Is there a q... by sanju005ind Communicator in Splunk Search 11-07-2017 1 8	1	8
Struggling with getting filenames/extensions using Splunk? I'm an analyst and have the following question: Does anyone know how you would make a query which will provide filen... by MMargolis87 New Member in Splunk Search 11-07-2017 0 2	0	2
How can I invert my pie chart? I'm trying to create a pie chart in trellis view such that it shows me the number of jobs that ended in terminal or c... by pranaynanda Path Finder in Splunk Search 11-07-2017 0 14	0	14
Splunk is not able to extract fields at search time. I am facing a issue in Search time field extraction. Events are indexed in Key-Value form. My current configuration... by hbarot_splunk Splunk Employee in Splunk Search 11-07-2017 0 4	0	4
How to use wildcard inside string regex? The log contains string in this format below. name:X_device:Y_ name-U:X1_Y2_ It has a mixed pattern, and I'm wonder... by limalbert Path Finder in Splunk Search 11-06-2017 0 8	0	8
Key Value pair extraction with unique value Hi, I need to extract unique values as per below sample data Its has unique format like [ parameter : mailboxName \|... by mayank141 New Member in Splunk Search 11-06-2017 0 2	0	2
Is there a way to use VLOOKUP function in Splunk? Hello, Among all the jobs that are running on mainframe I need to bring back the ones that correspond specifically t... by vs2d New Member in Splunk Search 11-06-2017 0 3	0	3
How can I incorporate the transaction command along with startswith and endswith? So I saw someone did a query for Linux systems on failed sshd logins followed by a successful sshd login using the tr... by SplunkLunk Path Finder in Splunk Search 11-06-2017 0 9	0	9
How can I extract ALL occurrences of a field from JSON file? 23.10.2017 14:01:23.745 INFO [10.87.80.251 [1508785283744] POST /apps/globallog HTTP/1.1] InfoLoggerServiceImpl {"id"... by Sanjay71 New Member in Splunk Search 11-06-2017 0 4	0	4
Match IP address to IP range with a lookup I have an index=logs that has an ip_address field like 5.9.100.100 I want to correlate it against a csv file that has... by spark2310 Explorer in Splunk Search 11-06-2017 0 3	0	3
Help with timechart overlay? Hi, I have a search that plots CPU and max Attendees over time. It's rather convoluted, and I'm wondering if there'... by mwcooley Explorer in Splunk Search 11-06-2017 0 7	0	7
Lookup command to both filter and append new fields How do I use lookup command to filter events based on one of the fields but then just add the rest of the fields to t... by matthewb4 Path Finder in Splunk Search 11-06-2017 0 5	0	5
How can I set my count to '0' when no results are found in a table with the corresponding source? Hi Folks, I want to produce a count of events in each of my indexes. Where there isn't any data for the time range I... by RocIngersol Explorer in Splunk Search 11-06-2017 0 4	0	4