Splunk Search

Community Activity

Grouping by two fields, want to get distinct count of values in second field Hi, I wrote the following Splunk query which returns a list of distinct USER_AGENTs for each SESSION_ID: index=abc ... by jbrenner Path Finder in Splunk Search 10-05-2017 0 2	0	2
join and compare the values in 2 different field which values are same from different in my search contcxtid and sourceSession has the same vales but indexing in to different places how could i compare ... by svemurilv Path Finder in Splunk Search 10-05-2017 0 2	0	2
What can be done when an indexer doesn't join the cluster? We have a cluster of four nodes and one of them just crashed. We brought it up, but it hasn't joined the cluster. Rol... by ddrillic Ultra Champion in Splunk Search 10-05-2017 0 2	0	2
Regex to filter security events does'nt work, need help Hi Guys, We have UFs on our DCs and 2 indexers and on both indexers, to drop the unwanted text from events I tried... by hrithiktej Communicator in Splunk Search 10-05-2017 0 4	0	4
How to list my splunk admin users list and last login details. I have a about 250 Admin users and I would like to to know when was the last time each of them have logged in. Is the... by RASHO123 New Member in Splunk Search 10-05-2017 0 1	0	1
What is best approach to implement kv store to replace using lookups? HI! I have two search heads in cluster and multiple lookups in Splunk but currently started facing issues of replica... by MousumiChowdhur Contributor in Splunk Search 10-05-2017 7 3	7	3
Data Summary is not showing all host. When I am on the Search Head and I go to data summary under Search and Reporting, it only shows 2 host but they come ... by andsmith2 Explorer in Splunk Search 10-05-2017 0 3	0	3
Getting count per day for a specific splunk query I run index=hydra bu=dmg env="prod-*" ERROR everyday and record the count. I lost the statistics I had kept and would... by manish41711 Engager in Splunk Search 10-05-2017 0 3	0	3
How to quickly count total events in an index? Besides running "index=foo *" is there a way to quickly check the total number of events indexed in an index? by muebel SplunkTrust in Splunk Search 10-05-2017 3 4	3	4
Help rebuilding subsearch that keeps timing out So here's my issue. We are creating a chart that shows each user and which desktops they use. The desktops are div... by kmaron Motivator in Splunk Search 10-05-2017 0 4	0	4
Stacked bar chart for specific columns I have four fields, baseline, lvl1,lvl2,lv3. I have to compare baseline vs (lvl1+lvl2+lvl3) to see if sum of lvl1,lvl... by prafulljha New Member in Splunk Search 10-05-2017 0 13	0	13
Delayed log ingestion Hi Splunk, Having a problem with one of our ingestion in splunk. The logs are delayed and cant seem to find the caus... by cymondcuba New Member in Splunk Search 10-05-2017 0 1	0	1
Problem with tokens and earliest/latest Hi everyone! So, I have this search: index=XXXXX sourcetype=XXXXX earliest="$time_token.earliest$" latest="$time_to... by tsomod Path Finder in Splunk Search 10-05-2017 0 6	0	6
Equivalent of '$' of bash in splunk Query: search...\| eval earliest=relative_time(strptime("01-February 2017","%d-%B %Y"),"+0mon"), latest=relative_time... by rishavvaidya Explorer in Splunk Search 10-05-2017 0 3	0	3
Issue with regex This is the event : 02OCT2017_16:46:47.212 130880:140149567481600 INFO event.py:177 root event = {"hopTrace": {"hops... by bharpur183 Explorer in Splunk Search 10-04-2017 0 33	0	33
How can I sort by date? Example time format is: Sat Oct 07 2017 07:30:00 GMT-0400 (EDT) I have a search from which I get the below result one of the columns in the statistics table : Sat Oct 07 2017 07:30... by bharpur183 Explorer in Splunk Search 10-04-2017 0 8	0	8
How does Splunk parse german Umlauts? Hi everyone, I've been confronted with the problem, that the case insensitive search command search, differentiates... by bojanisch Path Finder in Splunk Search 10-04-2017 0 1	0	1
Timecahart of unique web users including results by unique IP address or unique user name Hello everyone. I'm trying to get a time chart of unique users from my IIS logs. Our apps are both authenticated and ... by mcollins42 New Member in Splunk Search 10-04-2017 0 12	0	12
How can I correlate results from two separate searches? I have syslog formatted events that correlate together based on one value, and a search that will pull a single line ... by jmillpps New Member in Splunk Search 10-04-2017 0 1	0	1
How can I create a table of my search results with a count of each matching dest_ip value? I have this search of events: eventtype=cisco-firewall src_ip="*" (dest_ip="192.168.1.2" OR dest_ip="192.168.2.2" OR... by bayman Path Finder in Splunk Search 10-04-2017 0 1	0	1
Redrawing chart changes y axis maximum I have a table which drills down to change a chart: <row> <panel> <table> <title>Exchanges</titl... by madkins23 New Member in Splunk Search 10-04-2017 0 2	0	2
Help with writing a join command that joins a security breach to the previous login This is the requirement. I need to join two events based on a common field “User”. The Event with EventType “Security... by anuremanan88 Explorer in Splunk Search 10-04-2017 0 20	0	20
summing two event counts by source so, I am trying to parse out syslog stats data, trying to get a velocity of the events to figure out which log source... by umplebyj Explorer in Splunk Search 10-04-2017 0 2	0	2
Use values from two panels in a third panel Hi, I have 3 single value panels. The first one generates total number of unique logins index=cox host="cox*" /res... by dbcase Motivator in Splunk Search 10-04-2017 1 2	1	2
How to make my search more efficient? Help to remove joins My search is running pretty slow and I am looking to edit/remove the joins to make it run faster. It looks pretty mes... by katzr Path Finder in Splunk Search 10-04-2017 0 5	0	5