Splunk Search

Community Activity

How can I calculate field value percentages for multiple data sets? For the purpose of this question, a given event contains the following fields: vulnerability name, data center, ip ad... by andrewgbennett3 New Member in Splunk Search 11-03-2017 0 4	0	4
Visualization of the count of users' event counts This is probably a simple answer, but I'm pretty new to splunk and my googling hasn't led me to an answer. So I'm try... by brajaram Communicator in Splunk Search 11-03-2017 0 2	0	2
Is there a way to display matching results based on an inputlook? I have a lookup file of jobs that I must report on. I need to know if the jobs ran then alert if the job didn't run. ... by cmcdole Path Finder in Splunk Search 11-03-2017 0 5	0	5
Why is external_lookup.py not working? Hi, I have a search that suddenly stopped working. It does an dns lookup using a lookup file. The errors are below... by a212830 Champion in Splunk Search 11-03-2017 0 3	0	3
How can i find a full list of Users using IP address Hi I have the below command that i think works 95% of the time. index=_internal sourcetype=splunkd_ui_access \| sta... by robertlynch2020 Influencer in Splunk Search 11-03-2017 0 2	0	2
Can anyone tell me why Splunk is throwing this error when using the foreach command? \| foreach V* [eval PAC<<MATCHSTR>>=<<FIELD>>-Voice], \| foreach PAC* [eval <<FIELD>>=if(<<FIELD>> < 0, -<<FIELD>>, 0)... by nkankur Path Finder in Splunk Search 11-03-2017 0 2	0	2
I need a way to make a lookup conditional I have two lookup tables. Both contain a set of userid's. The first lookup returns a name and department for 80% of ... by bdh5574 New Member in Splunk Search 11-02-2017 0 2	0	2
How do I return fields that do not have a corresponding value in another field? I am running the following search: index="malwarebytes" sourcetype=malwarebytes NOT threat_name=pu* \| lookup ip_cid... by jwalzerpitt Influencer in Splunk Search 11-02-2017 0 7	0	7
How can I do a sum of count for if statement? When I do a stats count by a specific column. The count for each of them work. Here is the picture: But when I act... by tamduong16 Contributor in Splunk Search 11-02-2017 0 4	0	4
Quest ChangeAuditor Hi, I am wondering if anyone have already user Splunk for Quest ChangeAuditor, I know by searching through google tha... by agonist_inhaler Explorer in Splunk Search 11-02-2017 0 3	0	3
Extract Text from logs Below is my log, CustomItemContainerGenerator.GenerateNextLocalContainer: Node is not the current one. in Xceed.Wpf.... by ppanchal Path Finder in Splunk Search 11-02-2017 0 10	0	10
Adding Python Module to Splunk Hello, I am trying to add the active_directory module to Splunk Python so I can query OU's for specific users to pas... by kholleran Communicator in Splunk Search 11-02-2017 3 6	3	6
How to subtract Field value on the basis of other rows with same ID As per the below screenshot, If User made one request then in that request we have two calls (mentioned below), Every... by Jayanthapoojary New Member in Splunk Search 11-02-2017 0 1	0	1
How to compare all time average of a field value vs average for specified time range Trying to combine in a single table the all time average of a field value (data feed start is 10/19) vs its average f... by christopheryu Communicator in Splunk Search 11-02-2017 0 4	0	4
Replace Function when used in token eval does not behave as in search I simply wish to prove that point since it wasn't quite established in the several topics I have read about this prob... by gdiogo Explorer in Splunk Search 11-02-2017 0 2	0	2
Can a transaction command retrieve results outside the select date/time range I am using a transaction command to correlated web requests and responses which arrive as different events. The sear... by jpcontrerasadit Explorer in Splunk Search 11-02-2017 0 2	0	2
How to get time difference between Oct 19 10:35:54 and 1d 0h:00m:05s or 3h:29m:09s formats? Hello, I am trying to calculate difference between Disconnected_time Duration Oct 19 10:35:54 1d 0h:... by sandeep2679 New Member in Splunk Search 11-02-2017 0 7	0	7
How can I calculate column differences when column names are unknown? My datasource is a json structure which will include the following on each record: { "metrics": [ {"name":"MetricNa... by c_wsleem New Member in Splunk Search 11-02-2017 0 3	0	3
extract string from existed field value and put that string in under new field anme Hi Splunkers, I have pre-existed field know as "source" whose values are 1> /var/tomcat/instance15/logs/catalina.... by kannu Communicator in Splunk Search 11-02-2017 0 4	0	4
How to extract timestamp from XML Hi! Find same issue but Unfortunatelly doesn't work for me. <?xml version="1.0" encoding="utf-8" ?> <DynavisionXML v... by yurykiselev Path Finder in Splunk Search 11-02-2017 0 3	0	3
How to create a custom table? Hello, I want to create a table similar to the picture below, I have tried the table command but I can't seem to mak... by jannsenagustin New Member in Splunk Search 11-02-2017 0 2	0	2
I am trying to subtract one column from another and want to do it for other columns as well by using foreach My data is like this Column1 Column2 Column3 Total I am using the below command \|foreach Column* [ eval Answer <> = ... by nkankur Path Finder in Splunk Search 11-02-2017 0 7	0	7
How to invoke a temporal lookup at a search-time? Hi there, I've got temporal lookup that is defined in transforms.conf as: [lookup_time] filename = lookup_time.csv... by iKate Builder in Splunk Search 11-02-2017 3 1	3	1
Custom Search Command Fails to Return Results Hello, I created a custom search command that queries an external service and returns a set of results using the v2 ... by caseyra Explorer in Splunk Search 11-01-2017 1 21	1	21
Regex help! Want to start after the \ and collect the user name that follows I want to start after the \ and collect the user name but the user name is in delimited format (.) field name = User... by johnward4 Communicator in Splunk Search 11-01-2017 0 8	0	8