Splunk Search

Community Activity

External source for external lookup Hi, I'm trying to create an external lookup but I'm getting very confused. What are the external sources that I can... by jvmerilla Path Finder in Splunk Search 10-26-2017 0 1	0	1
Extract the CVE value From IPS Event How can I extract only CVE value XXXXDxxxre xxxrability (CVE-201x-00xx) (severity = Low) I am writin... by rashid47010 Communicator in Splunk Search 10-26-2017 0 3	0	3
Only able to extract the first value of a comma separated list for a given field. I have data in the following format: GenericHostName1=vm1,vm2,vm3,vm4; GenericHostName2=vm5,vm6,vm7; When I search... by morenodelgad1 Explorer in Splunk Search 10-26-2017 0 7	0	7
Another time/date/string query Hi All, I am recently new to SPLUNK and trying to identify a way of doing some time differences. I have done an ex... by willadams Contributor in Splunk Search 10-26-2017 0 1	0	1
timechart avg(bytes) by... not working with predict I tried various combinations but failed index="flowintegrator" src_port=21 \|eval thisUser=src_ip + "="+ dest_ip \| ti... by erickyi Path Finder in Splunk Search 10-25-2017 0 6	0	6
subsearch with inputlookup \| inputlookup clusName.csv \| fields cluster ----works in a dropdown and has around 10 entries Now, I need to use ... by archananaveen Explorer in Splunk Search 10-25-2017 0 5	0	5
Extract a number before a string Completely New to regex, I have a log as below and wanted to extract the percentage i.e. "28" and then check it with ... by Vicky84 Explorer in Splunk Search 10-25-2017 0 2	0	2
How to search across three sourcetypes using stats, but without using join, append, or subsearch? I'm currently working on 3 separate data sourcetypes that have similar information Sourcetype 1 - Fields X,Y,Z Sourc... by chrisw3 Explorer in Splunk Search 10-25-2017 0 4	0	4
How can we fetch only 8 rows from a lookup? Our top user ended up with the following query - \| inputlookup WHERE [ \| makeresults count=8 \| streamstats cou... by ddrillic Ultra Champion in Splunk Search 10-25-2017 0 6	0	6
Splunk Regex - Works in regex101 but not Splunk I've got a regex that's working in Regex101's editor, but when I paste it into Splunk I get garbage or no results: Re... by JacobCarrell Explorer in Splunk Search 10-25-2017 0 3	0	3
HTTP Event Collector: automatic sourcetype detection When using the HTTP Event Collector, is automatic sourcetype detection possible? Every event at the moment appears t... by fiveturns Engager in Splunk Search 10-25-2017 1 3	1	3
Regex Performance consideration Hello All ! I ask myself what is the best approach to extract all fields of logs with regex in general. I speak here... by jeanyvesnolen Path Finder in Splunk Search 10-25-2017 0 5	0	5
Group results based on criteria Hi Peeps, source="Log.txt" resp_status=503 \| chart count by req_url If I execute the above query I will get the fol... by mcvr New Member in Splunk Search 10-25-2017 0 1	0	1
How to match fields from indexed data with CSV lookup I created a list of known malicious domain names and put that information into a CSV. I named the field "dest_hostna... by jon3484 New Member in Splunk Search 10-25-2017 0 2	0	2
What is wrong with my transforms.conf and props.conf settings? I'm getting the wrong data. Hi All: I am unable to get the metadata host field in Splunk for the value of the database field called "HOSTNAME". ... by mmohiuddin1512 Explorer in Splunk Search 10-25-2017 0 4	0	4
How do I append a column to a chart? I have the following search index=firewall policy_name="/Common/default" request_status=blocked (violations="Access... by j_partsch Explorer in Splunk Search 10-25-2017 0 2	0	2
Timechart not working for 30days and more My timechart is working perfectly for last 10 days but it is not working for time range above 15 days.Any idea to res... by nivethainspire_ Explorer in Splunk Search 10-25-2017 0 3	0	3
Get only one value on drilldown for multiple values in a cell Hi, I am trying to give cell value using drilldown as parameter to another dashboard. Below is how I have defined it:... by SirHill17 Communicator in Splunk Search 10-25-2017 0 7	0	7
How to calculate the days between earliest date and now I have the following search: ..index bla bla... \| eval eD_A=strptime(D_A, "%Y-%m-%d %H:%M:%S.%N") , eD_AV=strptime(D... by Mike6960 Path Finder in Splunk Search 10-25-2017 0 6	0	6
How to index arbitrary number of fields and do tstats operations on them? Hi, I've got these strange XML logs, where each log has (among other things) a username and an arbitrary number of h... by hettervik Builder in Splunk Search 10-24-2017 0 6	0	6
Matching an IP address from a lookup table of CIDR ranges I am trying search events where the destination IP is in a lookup table consisting of a list of CIDR ranges (and thre... by jwalzerpitt Influencer in Splunk Search 10-24-2017 0 5	0	5
Need Help With Lookup returning multiple values So I have a lookup with a date field, identified field, and a description field. There are duplicates in this lookup ... by katzr Path Finder in Splunk Search 10-24-2017 0 1	0	1
Help with if statement and complex \| search $execution$ $host$ $user$ \|eval moresearch=if(execution=index=index1,"",($authentication$) OR ($configuration$) OR ($... by deastman Path Finder in Splunk Search 10-24-2017 0 11	0	11
Lookup table to return column value I am having issues with displaying data based off the results from the lookup table. I am using this search below, w... by AbubakarShahid New Member in Splunk Search 10-24-2017 0 3	0	3
How to calculate the percentage from a dc count? I have a query as below \| metadata type=hosts \| search [\| inputlookup hosts_test.csv \| eval host=lower(my_hostname... by pavanae Builder in Splunk Search 10-24-2017 0 2	0	2