Splunk Search

Community Activity

How do I optimize my search to return results faster? So here's my workflow. I have a request from an outside source that wants me to scrub my data for certain IP addres... by tmarlette Motivator in Splunk Search 10-29-2017 0 6	0	6
Correlate logins outside of business hours with incidents and change requests Hi, I am trying to make a table that shows the logins outside of business hours, and to show besides if the user had... by jorjiana88 Path Finder in Splunk Search 10-29-2017 0 1	0	1
How to use chart command to get data over 3 variables day_receive_time="Wed, Oct 25, 2017" device_name="apple" app="mssql-db" bandwidth_consumption="161" day_receive_time... by atulitm Path Finder in Splunk Search 10-28-2017 0 3	0	3
Textbox Validation Issue I am trying to validate the testbox to accept only numeric not any other character. How to do that? Thanks in Advance... by vivek_manoj Explorer in Splunk Search 10-28-2017 0 10	0	10
How to run multiple splunk 6.2 instances on Windows? How to run multiple splunk 6.2 instances on Windows? by cdo_splunk Splunk Employee in Splunk Search 10-28-2017 2 6	2	6
How to extract field names from Arris_log? I need help extracting alert numbers from these different raw logs. I need help extracting alert numbers from these different raw logs. I have tried using Field extractor and not having... by avishek08 New Member in Splunk Search 10-27-2017 0 3	0	3
How to delete fields that I created in sourcetypes? Hi, I created a source type. Then I created new fields using delimiters. I would like to delete those fields but I c... by Mat93 New Member in Splunk Search 10-27-2017 0 4	0	4
Can I match indexed data to a CSV with a lookup? I have an index called weblogs and a csv lookup called socialmedia that contains 3 columns called URL TYPE and NAME.... by bgill0123 Loves-to-Learn in Splunk Search 10-27-2017 0 1	0	1
Using rex to extract a string from an inner starting delimiter to a unique ending delimiter So I have events that have the following consistent layout: {value=1, key=a}, {value=2, key=b}, {value=3, key=c}, {v... by jimm Explorer in Splunk Search 10-27-2017 0 3	0	3
Search for multiple strings and put into one line chart. I have a search that currently has 3 search terms... host="s2a*" "Command Aborted" OR "Internal queue full" OR "Abor... by mdavis43 Path Finder in Splunk Search 10-27-2017 0 4	0	4
Compare two fields (IP addresss) from 2 different vendor firewalls Hi mates, I'm figuring out how I can show a table with matching IP addresses from 2 different vendor firewalls. So ... by rookie507SL New Member in Splunk Search 10-27-2017 0 6	0	6
How to sum correctly? Hello All, I am having an issue using the stats sum command. This is currently my search: source="Jan_Sept_FinanceS... by tonahoyos Explorer in Splunk Search 10-27-2017 0 6	0	6
Count all values in mv field, based on other value from mv field Hello, I need to: Count all values from mv field: blkio_stats.io_serviced_recursive{}.value where blkio_stats.io_ser... by Rialf1959 Explorer in Splunk Search 10-27-2017 0 1	0	1
find string between two given strings in splunk How i can get the string between two given strings. Log has entires like 22:09: DT : 2178we352njsdfh48734 : EF and... by suruthyshree New Member in Splunk Search 10-27-2017 0 2	0	2
Search only for full match letter case Hello all, I have a next case. In one of my index i have a data on Russian language, and if i want start search some... by templier Communicator in Splunk Search 10-27-2017 0 5	0	5
Extract Part of Field Hi, I wonder whether someone could help me please. I'm trying to extract a particular value from a field which is "f... by IRHM73 Motivator in Splunk Search 10-27-2017 0 5	0	5
How to use rex to remove "domain\' from a username? I have a field that looks like this: UserName=domain\joe_user I want it to look like this: UserName=joe_user Ho... by pil321 Communicator in Splunk Search 10-27-2017 0 3	0	3
How to extract data from Microsoft Event Code 4656 (Failed Object Access) ? I'm reviewing Microsoft Event Code 4656 (Failed Object Access) but when I try to audit Accesses or Access Reasons, Sp... by jbala1 Engager in Splunk Search 10-27-2017 0 2	0	2
How to sum the count of three users? Hi, in my scenario i have a lot of users for example: user1, user2, user3... and i want to count their logins to a s... by reschal Explorer in Splunk Search 10-27-2017 0 3	0	3
Combine mvexpand and stats(sum) in one command Hi Ninjas I struggle with query including several "challenges". I got proxy events like: time="10-27-17 10:00:00" ... by claudio_manig Communicator in Splunk Search 10-27-2017 0 5	0	5
Event separation is not working properly? Event separation is not working properly ? Merged log: [10/27/17 0:58:53:702 EDT] 0000013b TimerLog 1 com.ibm.... by karthi2809 Builder in Splunk Search 10-27-2017 0 1	0	1
How to do error handling for wrong search query in HTML view HI , I have a html dashboard which update a d3 graph on text input change , This text input is added to my search qu... by jsharma123 Explorer in Splunk Search 10-27-2017 0 4	0	4
Splunk throttling issues to overcome false positive alerts in correlation search Hi Splunkers, We do have a correlation rule for distinct malware infected on a system ( two ore more different malw... by renjujacob88 Path Finder in Splunk Search 10-26-2017 0 2	0	2
What are options for streaming data out of Splunk to make it available to be consumed by downstream applications? There are many options for capturing data (text files, tcp/udp, etc) however, what are the possibilities for getting ... by logmar5 Explorer in Splunk Search 10-26-2017 1 3	1	3
Filter field from certain events through a regex transform Hello i need filter fields but only on certain events. Sample events: 1508735029.189 d = a enm_val = 25440 event =... by bagaeva Engager in Splunk Search 10-26-2017 0 2	0	2