Splunk Search

Community Activity

xmlkv usage I have a log file entry that looks like this (this is the VERBATIM entry from the access log): 2012-08-06 13:25:02,1... by asarolkar Builder in Splunk Search 10-30-2017 0 2	0	2
Alternative to Joins I have 2 indexes say (A1 and A2) I have Fields a,b,c,d in index A1, In the index A2 I have fields b,e,f,g . I need t... by vikasreddy Explorer in Splunk Search 10-30-2017 0 5	0	5
How to improve automatic sourcetype extraction I'm building a Splunk App and I'd like my users to be able to point the import a single folder and have it accurately... by JacobCarrell Explorer in Splunk Search 10-30-2017 0 1	0	1
Field transformation on source not working Hi There, There is no content in dummy field although the regex works fine. Please could you help me with this? Ty... by archananaveen Explorer in Splunk Search 10-30-2017 0 8	0	8
Extract fields or define eventypes -- Which is better for large logs? Hi There, I have huge logs and there is not a definite pattern in the logs. Should I sit down to add each and ever... by archananaveen Explorer in Splunk Search 10-30-2017 0 7	0	7
Compare field from 2 sources and return when source1 has no match in source2 I am attempting to take IPs from 2 different sources and output a list for when Source1 has a unique IP that is not p... by axinjakson Explorer in Splunk Search 10-30-2017 1 6	1	6
How to get city or county names using latitude and longitude values in Splunk? Hi I have a CSV file with the list of latitudes and longitudes to display on the map. I want to get the count of even... by sravani27 Path Finder in Splunk Search 10-30-2017 0 5	0	5
Case with multiple matches Hello all, I am trying this search but it's not working. Only the first match count is returned. index=abc* sou... by maniishpawar Path Finder in Splunk Search 10-30-2017 0 2	0	2
Why isn't my dynamic lookup returning a value? I have been staring at this problem for eons but I'm stuck. I have two dynamic lookups. volumeCheck (external looku... by erickyi Path Finder in Splunk Search 10-30-2017 0 2	0	2
Is Splunk extracting unnecessary fields? I've noticed that my searches are taking a very long time to complete. For instance, a one-hour search for Bro IDS e... by joshua_hart1 Path Finder in Splunk Search 10-30-2017 0 8	0	8
How to read data from a lookup table and then use these values to compare and make a decision (more like a matrix table)? I have a lookup table that looks like this: Variable1---variable2---Score 0--- null ---3 0---500---2 500---100... by sh254087 Communicator in Splunk Search 10-30-2017 0 1	0	1
Is it possible to use a lookup table to populate a search where the values in the table become a series of OR statements Right now I am tasked with creating a report for a department showing who is using elevated privileges in Linux and f... by Admiral_Marith Explorer in Splunk Search 10-30-2017 0 2	0	2
How to extract event_id and STATUS? I have a single row event that populates the below values and i would like to extract eventid=389643 and STATUS=FINIS... by jayakumar89 Explorer in Splunk Search 10-30-2017 0 3	0	3
splitting and inverting How do I go from: ”metrics=[a=1,b=2,c=3]” ”metrics=[a=2,b=5,c=6]” ”metrics=[a=1,c=3,c=4]” To: “a,b,c” “1,2,3”... by jamesrender New Member in Splunk Search 10-30-2017 0 12	0	12
How can I count different types of Splunk searches Hello, I am reading the following resource from Splunk documentation and I find that there are 8 types of searches in... by arpit_arora Explorer in Splunk Search 10-30-2017 0 3	0	3
Chart over multiple variables day_receive_time="Wed, Oct 25, 2017" device_name="apple" app="mssql-db" bandwidth_consumption="161" day_receive_time... by atulitm Path Finder in Splunk Search 10-30-2017 0 8	0	8
How to remove \x22 from raw results. I'm trying to replace the "\x22" entries in my raw results with the correct quotation marks so I can read the the ful... by jurjenterpstra New Member in Splunk Search 10-30-2017 0 3	0	3
Error with timechart command Hi, I'm having a bit of trouble with this query of mine. source="xxx" host="xxx" index="xxx" sourcetype="xxx" earl... by mahbs Path Finder in Splunk Search 10-30-2017 0 8	0	8
Search mechanics understanding Short and sweet: Why does the search: bf=1 (no quotes) take so much longer to run than "bf=1" (with quotes?) ... by blurblebot Communicator in Splunk Search 10-30-2017 4 2	4	2
Count does not shown as 0 when the username is not found in the sourcetype Hi, I want to shown the Total as 0 if username in lookup table has not event log . Using the fillnull value , it does... by florencegoh New Member in Splunk Search 10-30-2017 0 8	0	8
How to join 2 rows to only be 1 row Hi, How can I turn multiple rows into a single row? For example, Name Skill1 Skill2 Skill3 Shine Oracle Shine ... by mrccasi Explorer in Splunk Search 10-30-2017 0 4	0	4
Count values from fields that may not exist Hello, How to sums values from fields that may not exists? I want to sums fields (if exists ) with this pattern: netw... by Rialf1959 Explorer in Splunk Search 10-30-2017 0 4	0	4
How can I find network traffic at consecutive time intervals? I am trying to write some beaconing reports/dashboards. I have a few of them figured out, but now I am stuck trying ... by MonkeyK Builder in Splunk Search 10-29-2017 0 1	0	1
How do I optimize my search to return results faster? So here's my workflow. I have a request from an outside source that wants me to scrub my data for certain IP addres... by tmarlette Motivator in Splunk Search 10-29-2017 0 6	0	6
Correlate logins outside of business hours with incidents and change requests Hi, I am trying to make a table that shows the logins outside of business hours, and to show besides if the user had... by jorjiana88 Path Finder in Splunk Search 10-29-2017 0 1	0	1