Splunk Search

Community Activity

What is wrong with my transforms.conf and props.conf settings? I'm getting the wrong data. Hi All: I am unable to get the metadata host field in Splunk for the value of the database field called "HOSTNAME". ... by mmohiuddin1512 Explorer in Splunk Search 10-25-2017 0 4	0	4
How do I append a column to a chart? I have the following search index=firewall policy_name="/Common/default" request_status=blocked (violations="Access... by j_partsch Explorer in Splunk Search 10-25-2017 0 2	0	2
Timechart not working for 30days and more My timechart is working perfectly for last 10 days but it is not working for time range above 15 days.Any idea to res... by nivethainspire_ Explorer in Splunk Search 10-25-2017 0 3	0	3
Get only one value on drilldown for multiple values in a cell Hi, I am trying to give cell value using drilldown as parameter to another dashboard. Below is how I have defined it:... by SirHill17 Communicator in Splunk Search 10-25-2017 0 7	0	7
How to calculate the days between earliest date and now I have the following search: ..index bla bla... \| eval eD_A=strptime(D_A, "%Y-%m-%d %H:%M:%S.%N") , eD_AV=strptime(D... by Mike6960 Path Finder in Splunk Search 10-25-2017 0 6	0	6
How to index arbitrary number of fields and do tstats operations on them? Hi, I've got these strange XML logs, where each log has (among other things) a username and an arbitrary number of h... by hettervik Builder in Splunk Search 10-24-2017 0 6	0	6
Matching an IP address from a lookup table of CIDR ranges I am trying search events where the destination IP is in a lookup table consisting of a list of CIDR ranges (and thre... by jwalzerpitt Influencer in Splunk Search 10-24-2017 0 5	0	5
Need Help With Lookup returning multiple values So I have a lookup with a date field, identified field, and a description field. There are duplicates in this lookup ... by katzr Path Finder in Splunk Search 10-24-2017 0 1	0	1
Help with if statement and complex \| search $execution$ $host$ $user$ \|eval moresearch=if(execution=index=index1,"",($authentication$) OR ($configuration$) OR ($... by deastman Path Finder in Splunk Search 10-24-2017 0 11	0	11
Lookup table to return column value I am having issues with displaying data based off the results from the lookup table. I am using this search below, w... by AbubakarShahid New Member in Splunk Search 10-24-2017 0 3	0	3
How to calculate the percentage from a dc count? I have a query as below \| metadata type=hosts \| search [\| inputlookup hosts_test.csv \| eval host=lower(my_hostname... by pavanae Builder in Splunk Search 10-24-2017 0 2	0	2
Using Standard Deviation to track SSH traffic I'm looking for a way to traffic the average ssh traffic between two IP addresses (source IP and destination IP) and ... by serwin Explorer in Splunk Search 10-24-2017 0 1	0	1
How to create a regex to extract key value pairs I have a data feed with CEF format. Splunk picks up the key value pairs except the value with the whitespaces, for i... by splunkrocks2014 Communicator in Splunk Search 10-24-2017 0 5	0	5
How to extract a field between two patterns in a search Hi, How do I get "7515-36283" between "Result:" and "/ Value" from following text: Result: 75153-6283 / Value "Res... by siddharthmis Explorer in Splunk Search 10-24-2017 0 2	0	2
How to create a new field out of values of a current field? I have a field with event IDs. Some of the IDs indicate an issue, while some of them indicate the opposite. eventid=... by jared_anderson Path Finder in Splunk Search 10-24-2017 0 5	0	5
I want to ignore particular username I want to ignore below user name. So I written following manner is it correct? ......\| where NOT (user="*$" OR user=... by N92 Path Finder in Splunk Search 10-24-2017 0 1	0	1
Find users based on a lookup list showing users that have and have not logged in I have list of lookup list yyyy which I want to shown the latest login based on max login time and also user that did... by florencegoh New Member in Splunk Search 10-24-2017 0 7	0	7
Can you combine fields from multiple search in one table? Hi I'm trying to combine fields in multiple search result in one output table as overall result, for example: Sear... by nieivan New Member in Splunk Search 10-24-2017 0 2	0	2
Is there a search or REST command to stop running searches forcefully? Hi I want identify the long running searches who are running more than 5 min and stop them. I'm able to find the l... by splunk_worker Path Finder in Splunk Search 10-23-2017 1 4	1	4
How can I extract string between highlighted fields with regex? Error: Update failed. First exception on row 0 with id abcd; first error: INVALID_EMAIL_ADDRESS, Email: invalid ema... by vik123ash Explorer in Splunk Search 10-23-2017 0 3	0	3
Subsearch to sum two fields by a common field Thanks in advance, Having a hard time trying to put 3 searches together to sum both search counts by PO. Please see ... by rsokolova Path Finder in Splunk Search 10-23-2017 0 3	0	3
how to find the number of hosts that never reported to splunk from a lookup with the existing query? I have a query as follows to display the list of hosts which are seen in last 24 hours and hosts which are not seen i... by pavanae Builder in Splunk Search 10-23-2017 0 14	0	14
Chart based on # of events I want to create charts based on number of results. I have tried "172.20.3.6 (199.0.8.62 OR 199.0.8.57) StoresOutBo... by jared_anderson Path Finder in Splunk Search 10-23-2017 0 2	0	2
How to filter list of hosts from 2 lookup tables? I have a lookup search as follows \|inputlookup hostnames.csv Which displays the results as follows my_hostname... by pavanae Builder in Splunk Search 10-23-2017 0 5	0	5
Are there any CSS libraries for designing charts in Splunk? Hi All, Is there an easier way in designing the charts? What i've found is using css but building one from scratch... by ejespiritu Explorer in Splunk Search 10-23-2017 0 8	0	8