Splunk Search

Community Activity

Search Alias Hi I'm new on Splunk It's possible to give an alias to a search? I'm trying to do something like this: index=Obs1 A... by gmg1956 New Member in Splunk Search 10-18-2017 0 3	0	3
how to calculate endtransactiontime - starttransactiontime when starttransactiontime is in one event and endtransactiontime is in another event Hi !! I want to calculate TransactionEndTime-TransactionStartTime, where TransactionStartTime is in CaptureLocation=R... by smilingajay New Member in Splunk Search 10-18-2017 0 1	0	1
What is the best way to determine if a UFW is running without CLI access? Hi, I'm looking for options to validate that a UFW is running on servers, without actually logging into the server (... by a212830 Champion in Splunk Search 10-18-2017 0 3	0	3
Inconsequent field extraction behavior: works when eval'ed but not when used directly? I have defined a field extraction that seems to properly extract fields: EXTRACT-KVSAxis = KV(?:Blade)*(?<KVSAxis>[X... by jmartens Path Finder in Splunk Search 10-18-2017 0 9	0	9
Is there a function that concatenates result lines of strings? Hi everyone! I would like to format a result into a string and I don't even know where to start and if there even is... by koljalauterbach New Member in Splunk Search 10-18-2017 0 2	0	2
inputlookup error "line endings" I’m trying to troubleshoot my use of “inputlookup”. First I verify the following search works: index=ca cert_RN=”R... by mikefoti Communicator in Splunk Search 10-18-2017 0 6	0	6
How to update a chart drilldown with a token that updates dynamically? Hi I am updating a chart drilldown with a token, from "undefined" to "all" to "undefined". <option name="chartin... by robertlynch2020 Influencer in Splunk Search 10-18-2017 0 8	0	8
Why are my access_logs inconsistent? My access_logs files are not being pulled constantly. There are large gaps between the pulling of logs. The logs ar... by zadenaji Explorer in Splunk Search 10-18-2017 0 5	0	5
Is it possible to search for certain events within raw data? Would it be possible to search for certain events within the raw data? For example, I need to find events with C:\Win... by ecanmaster Explorer in Splunk Search 10-18-2017 0 6	0	6
How to sort source based on its earliest event indexing? I am in the log sources provisioning phase. I examine the "data summary" frequently to see the change in number of ... by devd25 Explorer in Splunk Search 10-17-2017 0 3	0	3
How does the Splunk internal search functionality work? Hello, Splunkers. I have been looking for information about how work internally the splunk searchs. Are they be tran... by nsanchezfernand Path Finder in Splunk Search 10-17-2017 0 8	0	8
How to write a search to find users that are actually connected with VPN from Cisco logs? Hi, I am creating a search to find the users that are actually connected with VPN. In the Cisco logs, I can only see... by fahrenheit New Member in Splunk Search 10-17-2017 0 8	0	8
How to adjust the time zone for an logs coming into splunk ? Hi All, Currently we are facing an issue time stamp for a firewall logs. We could see the logs are coming into splunk... by Hemnaath Motivator in Splunk Search 10-17-2017 0 26	0	26
Re-indexing multiple files using btprobe So we have lots of files -- one is created every day. We want to re-index this data. We have removed the data from th... by tc641 New Member in Splunk Search 10-17-2017 0 1	0	1
Help me with search for my use case I need to setup a alert if my count is zero on that day. my query is index= abc \| timechart span=1d count and I am ... by sravankaripe Communicator in Splunk Search 10-17-2017 0 2	0	2
Regex question Hi! if I can make groups from <VULN number ... to ... </VULN> with regex? <VULN number="MP-412750" severity="5... by sphc Explorer in Splunk Search 10-17-2017 0 7	0	7
The percentage of Read / Write utilization to get to 800 IOPS? I am trying to figure out the drive configuration to meet the recommended 800 IOPS noted in the Splunk documentation ... by maverick Splunk Employee in Splunk Search 10-17-2017 4 5	4	5
Only show logs where field value has a decimal place Hi all, I'm trying to run a search that only finds specific events in a log which have field X equal to a number wit... by bcarr12 Path Finder in Splunk Search 10-17-2017 0 2	0	2
Using lookup tables to create separate alerts for prod and nonprod hosts Hello Splunk community, My team is tasked with creating alerts for standard server monitoring metrics (CPU, memory, ... by danbutterman Explorer in Splunk Search 10-17-2017 0 2	0	2
How do you find the avg time of transactions where the duration is longer than normal? Hi! I'm trying to get the avg time of transactions where the duration is longer than normal. I can successfully do wh... by WarpedMonkey Engager in Splunk Search 10-17-2017 0 2	0	2
inputlookup \|append [search] vs search \| append [\|inputlookup] I am getting different results for the following two queries and I cannot understand why (index=windows) EventCode I... by MonkeyK Builder in Splunk Search 10-17-2017 0 8	0	8
Sort hosts by number of services hit per host For the query : host=aeperf01api02 Level="INFO" \| stats count by AppDomain I have following output Web ... by JyotiP Path Finder in Splunk Search 10-17-2017 0 2	0	2
Comparing counts of previous hour with the counts from the same day and hour of the previous 3 weeks Looking for a little help comparing a count of the past hour with the count from the same hour from the 3 previous we... by tfernalld New Member in Splunk Search 10-16-2017 0 11	0	11
what range of udp/tcp ports can be used for various log sources ? I have 3 different log sources sending logs to Splunk from a number of hosts on on udp 514. Breakdown : WLC (5-6 ho... by damode Motivator in Splunk Search 10-16-2017 0 5	0	5
Why is my transaction search counting events that are not immediately after each other? I am having an issue with search using transaction starts/endswith. The information I am pulling counts transactions ... by christopheryu Communicator in Splunk Search 10-16-2017 1 6	1	6