Splunk Search

Community Activity

Regex Performance consideration Hello All ! I ask myself what is the best approach to extract all fields of logs with regex in general. I speak here... by jeanyvesnolen Path Finder in Splunk Search 10-25-2017 0 5	0	5
Group results based on criteria Hi Peeps, source="Log.txt" resp_status=503 \| chart count by req_url If I execute the above query I will get the fol... by mcvr New Member in Splunk Search 10-25-2017 0 1	0	1
How to match fields from indexed data with CSV lookup I created a list of known malicious domain names and put that information into a CSV. I named the field "dest_hostna... by jon3484 New Member in Splunk Search 10-25-2017 0 2	0	2
What is wrong with my transforms.conf and props.conf settings? I'm getting the wrong data. Hi All: I am unable to get the metadata host field in Splunk for the value of the database field called "HOSTNAME". ... by mmohiuddin1512 Explorer in Splunk Search 10-25-2017 0 4	0	4
How do I append a column to a chart? I have the following search index=firewall policy_name="/Common/default" request_status=blocked (violations="Access... by j_partsch Explorer in Splunk Search 10-25-2017 0 2	0	2
Timechart not working for 30days and more My timechart is working perfectly for last 10 days but it is not working for time range above 15 days.Any idea to res... by nivethainspire_ Explorer in Splunk Search 10-25-2017 0 3	0	3
Get only one value on drilldown for multiple values in a cell Hi, I am trying to give cell value using drilldown as parameter to another dashboard. Below is how I have defined it:... by SirHill17 Communicator in Splunk Search 10-25-2017 0 7	0	7
How to calculate the days between earliest date and now I have the following search: ..index bla bla... \| eval eD_A=strptime(D_A, "%Y-%m-%d %H:%M:%S.%N") , eD_AV=strptime(D... by Mike6960 Path Finder in Splunk Search 10-25-2017 0 6	0	6
How to index arbitrary number of fields and do tstats operations on them? Hi, I've got these strange XML logs, where each log has (among other things) a username and an arbitrary number of h... by hettervik Builder in Splunk Search 10-24-2017 0 6	0	6
Matching an IP address from a lookup table of CIDR ranges I am trying search events where the destination IP is in a lookup table consisting of a list of CIDR ranges (and thre... by jwalzerpitt Influencer in Splunk Search 10-24-2017 0 5	0	5
Need Help With Lookup returning multiple values So I have a lookup with a date field, identified field, and a description field. There are duplicates in this lookup ... by katzr Path Finder in Splunk Search 10-24-2017 0 1	0	1
Help with if statement and complex \| search $execution$ $host$ $user$ \|eval moresearch=if(execution=index=index1,"",($authentication$) OR ($configuration$) OR ($... by deastman Path Finder in Splunk Search 10-24-2017 0 11	0	11
Lookup table to return column value I am having issues with displaying data based off the results from the lookup table. I am using this search below, w... by AbubakarShahid New Member in Splunk Search 10-24-2017 0 3	0	3
How to calculate the percentage from a dc count? I have a query as below \| metadata type=hosts \| search [\| inputlookup hosts_test.csv \| eval host=lower(my_hostname... by pavanae Builder in Splunk Search 10-24-2017 0 2	0	2
Using Standard Deviation to track SSH traffic I'm looking for a way to traffic the average ssh traffic between two IP addresses (source IP and destination IP) and ... by serwin Explorer in Splunk Search 10-24-2017 0 1	0	1
How to create a regex to extract key value pairs I have a data feed with CEF format. Splunk picks up the key value pairs except the value with the whitespaces, for i... by splunkrocks2014 Communicator in Splunk Search 10-24-2017 0 5	0	5
How to extract a field between two patterns in a search Hi, How do I get "7515-36283" between "Result:" and "/ Value" from following text: Result: 75153-6283 / Value "Res... by siddharthmis Explorer in Splunk Search 10-24-2017 0 2	0	2
How to create a new field out of values of a current field? I have a field with event IDs. Some of the IDs indicate an issue, while some of them indicate the opposite. eventid=... by jared_anderson Path Finder in Splunk Search 10-24-2017 0 5	0	5
I want to ignore particular username I want to ignore below user name. So I written following manner is it correct? ......\| where NOT (user="*$" OR user=... by N92 Path Finder in Splunk Search 10-24-2017 0 1	0	1
Find users based on a lookup list showing users that have and have not logged in I have list of lookup list yyyy which I want to shown the latest login based on max login time and also user that did... by florencegoh New Member in Splunk Search 10-24-2017 0 7	0	7
Can you combine fields from multiple search in one table? Hi I'm trying to combine fields in multiple search result in one output table as overall result, for example: Sear... by nieivan New Member in Splunk Search 10-24-2017 0 2	0	2
Is there a search or REST command to stop running searches forcefully? Hi I want identify the long running searches who are running more than 5 min and stop them. I'm able to find the l... by splunk_worker Path Finder in Splunk Search 10-23-2017 1 4	1	4
How can I extract string between highlighted fields with regex? Error: Update failed. First exception on row 0 with id abcd; first error: INVALID_EMAIL_ADDRESS, Email: invalid ema... by vik123ash Explorer in Splunk Search 10-23-2017 0 3	0	3
Subsearch to sum two fields by a common field Thanks in advance, Having a hard time trying to put 3 searches together to sum both search counts by PO. Please see ... by rsokolova Path Finder in Splunk Search 10-23-2017 0 3	0	3
how to find the number of hosts that never reported to splunk from a lookup with the existing query? I have a query as follows to display the list of hosts which are seen in last 24 hours and hosts which are not seen i... by pavanae Builder in Splunk Search 10-23-2017 0 14	0	14