Splunk Search

Community Activity

FEATURE REQUEST: Trellis timechart with color by field Ok, I've figured this out for pie charts, but it seems I'm not able to do this for timecharts in trellis? I'd like to... by bandit Motivator in Splunk Search 11-07-2017 1 6	1	6
Custom field extraction and table output Hi Team, I have the below sample log file. I want to filter all the lines starting with "NET," and also want to crea... by senthamilselvan Engager in Splunk Search 11-07-2017 0 6	0	6
Dynamic number of timecharts of field values by another field Sorry if the description isn't clear. Essentially, I'm making a dashboard to display the trends of a project from a l... by j4adam Communicator in Splunk Search 11-07-2017 0 9	0	9
Search query using spath and mvexpand on multi-value nested JSON doesn't scale Hi Splunk Experts, I am sending events to Splunk Enterprise in the following nested JSON format: { compliance:... by sharad06 Explorer in Splunk Search 11-07-2017 0 2	0	2
inner join/append with two Where commands. I want to join two search's for an alert, I want to alert when the "difference " is above 30 AND the "Total_GB_Used "... by sbattista09 Contributor in Splunk Search 11-07-2017 0 2	0	2
Search syntax for comparing events over 30-day timespan The purpose of the query is to identify those events that occurred after 10/14/2017 01:00:00 that had not occurred in... by sbattista09 Contributor in Splunk Search 11-07-2017 0 2	0	2
What is the most efficient way of filtering on two timestamps? Hello all, I keep facing a common theme and I wanted some input. We all know that the first filter should be on the... by andrewtrobec Motivator in Splunk Search 11-07-2017 1 1	1	1
How to combine two field values from the same field? So, I have regex a field called device, and it contains - mac - mac os - os x - windows - android Is it possible t... by limalbert Path Finder in Splunk Search 11-07-2017 0 9	0	9
Sort highest to lowest over time with timechart Hello, I'm trying to display a graph of the my Splunk applications by usage, highest to lowest within a given time p... by patrick_okeeffe Engager in Splunk Search 11-07-2017 0 3	0	3
How do I count the number of events based on the value of a field is * Hello, I am having trouble with a simple search. I have the following data: OBJECT ID,NEW STATE 1,STATE ONE 1,STATE... by maniu1609 Path Finder in Splunk Search 11-07-2017 0 2	0	2
Help with search to monitor a firewall We are trying to monitor Firewall events from' X ' Environment coming to Splunk. I took the all hosts (600 hosts) rel... by splunker969 Communicator in Splunk Search 11-07-2017 2 7	2	7
Timechart Not working after eval _time Hello, I am using timechart in my query. I want to create timechart based on time specified in file rather than _tim... by AKG1_old1 Builder in Splunk Search 11-07-2017 0 1	0	1
Rebuilding index level .data files On a healthy index, these two queries return the same value, or at least very similar, since the value is changing as... by vbumgarner Contributor in Splunk Search 11-07-2017 0 3	0	3
sum of a field depending on values of other field Hi, I have few fields in my csv file like below. Name of csv file example.csv A B ... by surekhasplunk Communicator in Splunk Search 11-07-2017 0 5	0	5
Using Rex Command to Extract Username from EventData_Xml Data Good morning. I'm trying to use rex to extract a username from a MS Windows Application Event Log. The event shows ... by SplunkLunk Path Finder in Splunk Search 11-07-2017 0 9	0	9
search on each lookup event Hi All, I have a lookup containing username,hostname and I also have an assets index storing hostname, mac, ip. Im ... by samhodgson Path Finder in Splunk Search 11-07-2017 0 7	0	7
How can I define a total amount of a Pie Chart? Hi! I need to create a pie chart where the full pie is 1000000 and the "usage" is a count number. It should look like... by gcescatto New Member in Splunk Search 11-07-2017 0 4	0	4
User last login date I have a about 250 users and I would like to to know when was the last time each of them have logged in. Is there a q... by sanju005ind Communicator in Splunk Search 11-07-2017 1 8	1	8
Struggling with getting filenames/extensions using Splunk? I'm an analyst and have the following question: Does anyone know how you would make a query which will provide filen... by MMargolis87 New Member in Splunk Search 11-07-2017 0 2	0	2
How can I invert my pie chart? I'm trying to create a pie chart in trellis view such that it shows me the number of jobs that ended in terminal or c... by pranaynanda Path Finder in Splunk Search 11-07-2017 0 14	0	14
Splunk is not able to extract fields at search time. I am facing a issue in Search time field extraction. Events are indexed in Key-Value form. My current configuration... by hbarot_splunk Splunk Employee in Splunk Search 11-07-2017 0 4	0	4
How to use wildcard inside string regex? The log contains string in this format below. name:X_device:Y_ name-U:X1_Y2_ It has a mixed pattern, and I'm wonder... by limalbert Path Finder in Splunk Search 11-06-2017 0 8	0	8
Key Value pair extraction with unique value Hi, I need to extract unique values as per below sample data Its has unique format like [ parameter : mailboxName \|... by mayank141 New Member in Splunk Search 11-06-2017 0 2	0	2
Is there a way to use VLOOKUP function in Splunk? Hello, Among all the jobs that are running on mainframe I need to bring back the ones that correspond specifically t... by vs2d New Member in Splunk Search 11-06-2017 0 3	0	3
How can I incorporate the transaction command along with startswith and endswith? So I saw someone did a query for Linux systems on failed sshd logins followed by a successful sshd login using the tr... by SplunkLunk Path Finder in Splunk Search 11-06-2017 0 9	0	9