Splunk Search

Community Activity

Find peak time and the number of requests Hi, I want to find the peak time in a day and number of requests on that peak time. I trying to use the following b... by ricm New Member in Splunk Search 11-05-2017 0 2	0	2
I want to use wildcard in eval min command as I have large number of fields and I want a separate column with min values from each row. Like Field1 Field2 .... Min_Value 112 125 .... 112 .... eval Min_Value=min(Field*) but it is giving below e... by nkankur Path Finder in Splunk Search 11-05-2017 0 4	0	4
I want to use wildcard in eval min command as given below: \| eval MIN_VAL=min(FIELDS*) I getting below error, Error in 'eval' command: The expression is malformed. An unexpe... by nkankur Path Finder in Splunk Search 11-05-2017 0 2	0	2
lookup and field extraction take hours to reflect in Splunk 7.0.0 In Splunk 7.0 lookup and field extraction doesn't reflect immediate on splunk, it requires restart to the Splunk or i... by atulmaxonic Engager in Splunk Search 11-04-2017 0 1	0	1
How can I search and alert for recurring events? I'm trying to write a search which can detect the occurrence of an event AFTER a previous event containing the same f... by aramakrishnan New Member in Splunk Search 11-04-2017 0 2	0	2
Why do I get this error when I try to use my custom search command: "Search Factory: Unknown search command" I installed my custom search command by following this guide: http://dev.splunk.com/view/python-sdk/SP-CAAAEU2 Basic... by thisissplunk Builder in Splunk Search 11-04-2017 0 2	0	2
How do I diff two CSVs? all, I have two CSV and I want to just get the diff between then. Any idea how I tackle this? thanks, -Daniel Wi... by daniel333 Builder in Splunk Search 11-04-2017 0 2	0	2
extract a string from source and table the list for the associated hosts. I have many sources/logfiles in a host like this: /opt/ab/logs/abcd/apache/abcd-tcm.log /opt/xy/logs/xyzz/apache/xy... by sarnagar Contributor in Splunk Search 11-04-2017 0 4	0	4
How can I subtract three values from Json? Hi! I have a Json like this: {"LicenseNum":62, "Status":"Registered"} and the Status can differ from three types: Re... by gcescatto New Member in Splunk Search 11-04-2017 0 2	0	2
Error when using append and join-- Search Factory: Unknown search command 'index'. Hi , Below are the two queries for which I am trying to join the output of the both queries but I am facing an issue... by kteng2024 Path Finder in Splunk Search 11-03-2017 0 1	0	1
Field alias or batch renaming with wildcard So I have a JSON source that is creating array values but I am looking to get rid of a number of nested fields and ma... by mdsnmss SplunkTrust in Splunk Search 11-03-2017 0 3	0	3
Issue with extracting multifield values due to props.conf transform.conf settings Hi Experts, I am trying to extract something like below type=type1,type3 My Data event1.epochtime=1282182111 type... by vikas_gopal Builder in Splunk Search 11-03-2017 0 5	0	5
How can I calculate field value percentages for multiple data sets? For the purpose of this question, a given event contains the following fields: vulnerability name, data center, ip ad... by andrewgbennett3 New Member in Splunk Search 11-03-2017 0 4	0	4
Visualization of the count of users' event counts This is probably a simple answer, but I'm pretty new to splunk and my googling hasn't led me to an answer. So I'm try... by brajaram Communicator in Splunk Search 11-03-2017 0 2	0	2
Is there a way to display matching results based on an inputlook? I have a lookup file of jobs that I must report on. I need to know if the jobs ran then alert if the job didn't run. ... by cmcdole Path Finder in Splunk Search 11-03-2017 0 5	0	5
Why is external_lookup.py not working? Hi, I have a search that suddenly stopped working. It does an dns lookup using a lookup file. The errors are below... by a212830 Champion in Splunk Search 11-03-2017 0 3	0	3
How can i find a full list of Users using IP address Hi I have the below command that i think works 95% of the time. index=_internal sourcetype=splunkd_ui_access \| sta... by robertlynch2020 Influencer in Splunk Search 11-03-2017 0 2	0	2
Can anyone tell me why Splunk is throwing this error when using the foreach command? \| foreach V* [eval PAC<<MATCHSTR>>=<<FIELD>>-Voice], \| foreach PAC* [eval <<FIELD>>=if(<<FIELD>> < 0, -<<FIELD>>, 0)... by nkankur Path Finder in Splunk Search 11-03-2017 0 2	0	2
I need a way to make a lookup conditional I have two lookup tables. Both contain a set of userid's. The first lookup returns a name and department for 80% of ... by bdh5574 New Member in Splunk Search 11-02-2017 0 2	0	2
How do I return fields that do not have a corresponding value in another field? I am running the following search: index="malwarebytes" sourcetype=malwarebytes NOT threat_name=pu* \| lookup ip_cid... by jwalzerpitt Influencer in Splunk Search 11-02-2017 0 7	0	7
How can I do a sum of count for if statement? When I do a stats count by a specific column. The count for each of them work. Here is the picture: But when I act... by tamduong16 Contributor in Splunk Search 11-02-2017 0 4	0	4
Quest ChangeAuditor Hi, I am wondering if anyone have already user Splunk for Quest ChangeAuditor, I know by searching through google tha... by agonist_inhaler Explorer in Splunk Search 11-02-2017 0 3	0	3
Extract Text from logs Below is my log, CustomItemContainerGenerator.GenerateNextLocalContainer: Node is not the current one. in Xceed.Wpf.... by ppanchal Path Finder in Splunk Search 11-02-2017 0 10	0	10
Adding Python Module to Splunk Hello, I am trying to add the active_directory module to Splunk Python so I can query OU's for specific users to pas... by kholleran Communicator in Splunk Search 11-02-2017 3 6	3	6
How to subtract Field value on the basis of other rows with same ID As per the below screenshot, If User made one request then in that request we have two calls (mentioned below), Every... by Jayanthapoojary New Member in Splunk Search 11-02-2017 0 1	0	1