Splunk Search

Community Activity

subsearch with inputlookup \| inputlookup clusName.csv \| fields cluster ----works in a dropdown and has around 10 entries Now, I need to use ... by archananaveen Explorer in Splunk Search 10-25-2017 0 5	0	5
Extract a number before a string Completely New to regex, I have a log as below and wanted to extract the percentage i.e. "28" and then check it with ... by Vicky84 Explorer in Splunk Search 10-25-2017 0 2	0	2
How to search across three sourcetypes using stats, but without using join, append, or subsearch? I'm currently working on 3 separate data sourcetypes that have similar information Sourcetype 1 - Fields X,Y,Z Sourc... by chrisw3 Explorer in Splunk Search 10-25-2017 0 4	0	4
How can we fetch only 8 rows from a lookup? Our top user ended up with the following query - \| inputlookup WHERE [ \| makeresults count=8 \| streamstats cou... by ddrillic Ultra Champion in Splunk Search 10-25-2017 0 6	0	6
Splunk Regex - Works in regex101 but not Splunk I've got a regex that's working in Regex101's editor, but when I paste it into Splunk I get garbage or no results: Re... by JacobCarrell Explorer in Splunk Search 10-25-2017 0 3	0	3
HTTP Event Collector: automatic sourcetype detection When using the HTTP Event Collector, is automatic sourcetype detection possible? Every event at the moment appears t... by fiveturns Engager in Splunk Search 10-25-2017 1 3	1	3
Regex Performance consideration Hello All ! I ask myself what is the best approach to extract all fields of logs with regex in general. I speak here... by jeanyvesnolen Path Finder in Splunk Search 10-25-2017 0 5	0	5
Group results based on criteria Hi Peeps, source="Log.txt" resp_status=503 \| chart count by req_url If I execute the above query I will get the fol... by mcvr New Member in Splunk Search 10-25-2017 0 1	0	1
How to match fields from indexed data with CSV lookup I created a list of known malicious domain names and put that information into a CSV. I named the field "dest_hostna... by jon3484 New Member in Splunk Search 10-25-2017 0 2	0	2
What is wrong with my transforms.conf and props.conf settings? I'm getting the wrong data. Hi All: I am unable to get the metadata host field in Splunk for the value of the database field called "HOSTNAME". ... by mmohiuddin1512 Explorer in Splunk Search 10-25-2017 0 4	0	4
How do I append a column to a chart? I have the following search index=firewall policy_name="/Common/default" request_status=blocked (violations="Access... by j_partsch Explorer in Splunk Search 10-25-2017 0 2	0	2
Timechart not working for 30days and more My timechart is working perfectly for last 10 days but it is not working for time range above 15 days.Any idea to res... by nivethainspire_ Explorer in Splunk Search 10-25-2017 0 3	0	3
Get only one value on drilldown for multiple values in a cell Hi, I am trying to give cell value using drilldown as parameter to another dashboard. Below is how I have defined it:... by SirHill17 Communicator in Splunk Search 10-25-2017 0 7	0	7
How to calculate the days between earliest date and now I have the following search: ..index bla bla... \| eval eD_A=strptime(D_A, "%Y-%m-%d %H:%M:%S.%N") , eD_AV=strptime(D... by Mike6960 Path Finder in Splunk Search 10-25-2017 0 6	0	6
How to index arbitrary number of fields and do tstats operations on them? Hi, I've got these strange XML logs, where each log has (among other things) a username and an arbitrary number of h... by hettervik Builder in Splunk Search 10-24-2017 0 6	0	6
Matching an IP address from a lookup table of CIDR ranges I am trying search events where the destination IP is in a lookup table consisting of a list of CIDR ranges (and thre... by jwalzerpitt Influencer in Splunk Search 10-24-2017 0 5	0	5
Need Help With Lookup returning multiple values So I have a lookup with a date field, identified field, and a description field. There are duplicates in this lookup ... by katzr Path Finder in Splunk Search 10-24-2017 0 1	0	1
Help with if statement and complex \| search $execution$ $host$ $user$ \|eval moresearch=if(execution=index=index1,"",($authentication$) OR ($configuration$) OR ($... by deastman Path Finder in Splunk Search 10-24-2017 0 11	0	11
Lookup table to return column value I am having issues with displaying data based off the results from the lookup table. I am using this search below, w... by AbubakarShahid New Member in Splunk Search 10-24-2017 0 3	0	3
How to calculate the percentage from a dc count? I have a query as below \| metadata type=hosts \| search [\| inputlookup hosts_test.csv \| eval host=lower(my_hostname... by pavanae Builder in Splunk Search 10-24-2017 0 2	0	2
Using Standard Deviation to track SSH traffic I'm looking for a way to traffic the average ssh traffic between two IP addresses (source IP and destination IP) and ... by serwin Explorer in Splunk Search 10-24-2017 0 1	0	1
How to create a regex to extract key value pairs I have a data feed with CEF format. Splunk picks up the key value pairs except the value with the whitespaces, for i... by splunkrocks2014 Communicator in Splunk Search 10-24-2017 0 5	0	5
How to extract a field between two patterns in a search Hi, How do I get "7515-36283" between "Result:" and "/ Value" from following text: Result: 75153-6283 / Value "Res... by siddharthmis Explorer in Splunk Search 10-24-2017 0 2	0	2
How to create a new field out of values of a current field? I have a field with event IDs. Some of the IDs indicate an issue, while some of them indicate the opposite. eventid=... by jared_anderson Path Finder in Splunk Search 10-24-2017 0 5	0	5
I want to ignore particular username I want to ignore below user name. So I written following manner is it correct? ......\| where NOT (user="*$" OR user=... by N92 Path Finder in Splunk Search 10-24-2017 0 1	0	1