Splunk Search

Community Activity

Combine mvexpand and stats(sum) in one command Hi Ninjas I struggle with query including several "challenges". I got proxy events like: time="10-27-17 10:00:00" ... by claudio_manig Communicator in Splunk Search 10-27-2017 0 5	0	5
Event separation is not working properly? Event separation is not working properly ? Merged log: [10/27/17 0:58:53:702 EDT] 0000013b TimerLog 1 com.ibm.... by karthi2809 Builder in Splunk Search 10-27-2017 0 1	0	1
How to do error handling for wrong search query in HTML view HI , I have a html dashboard which update a d3 graph on text input change , This text input is added to my search qu... by jsharma123 Explorer in Splunk Search 10-27-2017 0 4	0	4
Splunk throttling issues to overcome false positive alerts in correlation search Hi Splunkers, We do have a correlation rule for distinct malware infected on a system ( two ore more different malw... by renjujacob88 Path Finder in Splunk Search 10-26-2017 0 2	0	2
What are options for streaming data out of Splunk to make it available to be consumed by downstream applications? There are many options for capturing data (text files, tcp/udp, etc) however, what are the possibilities for getting ... by logmar5 Explorer in Splunk Search 10-26-2017 1 3	1	3
Filter field from certain events through a regex transform Hello i need filter fields but only on certain events. Sample events: 1508735029.189 d = a enm_val = 25440 event =... by bagaeva Engager in Splunk Search 10-26-2017 0 2	0	2
How to use return command in subsearch to return a multivalued field? I am trying to use return command to output a multivalued field from subsearch to main search. My search looks like b... by kabiraj Path Finder in Splunk Search 10-26-2017 0 6	0	6
How can I sort time inside list(time)? So, I regex time from my splunk logs in form of (HH:MM:SS), and I am trying to build the report like index: somethi... by limalbert Path Finder in Splunk Search 10-26-2017 0 4	0	4
Regex to pull a filename out of a process field path I want a regular expression to pull a file name out of a path that is the process field. The path could be any direct... by jared_anderson Path Finder in Splunk Search 10-26-2017 0 4	0	4
External source for external lookup Hi, I'm trying to create an external lookup but I'm getting very confused. What are the external sources that I can... by jvmerilla Path Finder in Splunk Search 10-26-2017 0 1	0	1
Extract the CVE value From IPS Event How can I extract only CVE value XXXXDxxxre xxxrability (CVE-201x-00xx) (severity = Low) I am writin... by rashid47010 Communicator in Splunk Search 10-26-2017 0 3	0	3
Only able to extract the first value of a comma separated list for a given field. I have data in the following format: GenericHostName1=vm1,vm2,vm3,vm4; GenericHostName2=vm5,vm6,vm7; When I search... by morenodelgad1 Explorer in Splunk Search 10-26-2017 0 7	0	7
Another time/date/string query Hi All, I am recently new to SPLUNK and trying to identify a way of doing some time differences. I have done an ex... by willadams Contributor in Splunk Search 10-26-2017 0 1	0	1
timechart avg(bytes) by... not working with predict I tried various combinations but failed index="flowintegrator" src_port=21 \|eval thisUser=src_ip + "="+ dest_ip \| ti... by erickyi Path Finder in Splunk Search 10-25-2017 0 6	0	6
subsearch with inputlookup \| inputlookup clusName.csv \| fields cluster ----works in a dropdown and has around 10 entries Now, I need to use ... by archananaveen Explorer in Splunk Search 10-25-2017 0 5	0	5
Extract a number before a string Completely New to regex, I have a log as below and wanted to extract the percentage i.e. "28" and then check it with ... by Vicky84 Explorer in Splunk Search 10-25-2017 0 2	0	2
How to search across three sourcetypes using stats, but without using join, append, or subsearch? I'm currently working on 3 separate data sourcetypes that have similar information Sourcetype 1 - Fields X,Y,Z Sourc... by chrisw3 Explorer in Splunk Search 10-25-2017 0 4	0	4
How can we fetch only 8 rows from a lookup? Our top user ended up with the following query - \| inputlookup WHERE [ \| makeresults count=8 \| streamstats cou... by ddrillic Ultra Champion in Splunk Search 10-25-2017 0 6	0	6
Splunk Regex - Works in regex101 but not Splunk I've got a regex that's working in Regex101's editor, but when I paste it into Splunk I get garbage or no results: Re... by JacobCarrell Explorer in Splunk Search 10-25-2017 0 3	0	3
HTTP Event Collector: automatic sourcetype detection When using the HTTP Event Collector, is automatic sourcetype detection possible? Every event at the moment appears t... by fiveturns Engager in Splunk Search 10-25-2017 1 3	1	3
Regex Performance consideration Hello All ! I ask myself what is the best approach to extract all fields of logs with regex in general. I speak here... by jeanyvesnolen Path Finder in Splunk Search 10-25-2017 0 5	0	5
Group results based on criteria Hi Peeps, source="Log.txt" resp_status=503 \| chart count by req_url If I execute the above query I will get the fol... by mcvr New Member in Splunk Search 10-25-2017 0 1	0	1
How to match fields from indexed data with CSV lookup I created a list of known malicious domain names and put that information into a CSV. I named the field "dest_hostna... by jon3484 New Member in Splunk Search 10-25-2017 0 2	0	2
What is wrong with my transforms.conf and props.conf settings? I'm getting the wrong data. Hi All: I am unable to get the metadata host field in Splunk for the value of the database field called "HOSTNAME". ... by mmohiuddin1512 Explorer in Splunk Search 10-25-2017 0 4	0	4
How do I append a column to a chart? I have the following search index=firewall policy_name="/Common/default" request_status=blocked (violations="Access... by j_partsch Explorer in Splunk Search 10-25-2017 0 2	0	2