Splunk Search

Community Activity

search string query Hi I can use the search string to get the statistics output index=data sourcetype="data1" host=HOSTA \| stats count ... by francly Explorer in Splunk Search 09-28-2017 0 8	0	8
Can I use dedup to remove a duplicate value in my report and to show only the last log? Other options? hi i have one problem in making report. in my report result i have repeated name how can I avoid to not show the rep... by khanlarloo Explorer in Splunk Search 09-27-2017 0 3	0	3
Create a table with _time and a custom fields I'm lost. I'm trying to capture the _time and UserName (custom field) from a search and use the _time to find events... by dsmithson8812 Engager in Splunk Search 09-27-2017 0 14	0	14
Extracting multiple values from a Field I have a field in Windows Backup Events named VolumesInfo Sample: <VolumeInfoItem Name="System" OriginalAccessPath="... by nabeel652 Builder in Splunk Search 09-27-2017 0 3	0	3
Help with writing this search to detect users accessing unauthorized devices? Hello, I am trying to create a correlation search that will detect users accessing devices for which they aren't aut... by alaking Explorer in Splunk Search 09-27-2017 0 1	0	1
Help extracting a field from raw data and generating a count For a simple query - index=app_au ms.ab=true I have a raw output of - {"dtm":"2017-09-27 10:44:42.389 PDT", "log... by vik78 New Member in Splunk Search 09-27-2017 0 1	0	1
Parse field from JSON logs and build a stats table with data Hi all, Very close with the offerings in other JSON/SPATH posts but just not getting it done. We have a JSON format... by gabarrygowin Path Finder in Splunk Search 09-27-2017 0 2	0	2
Splunk lookup using csv-keys as input and csv-values as output I have event data as follows: a,b,",1,2,3,",c,d And I have lookup table as follows key, value 1, one 2, ... by bhupalbobbadi Path Finder in Splunk Search 09-27-2017 0 2	0	2
missing users.ini file I have been getting a message that says that a file has been improperly modified or missing. The result of the integr... by molinarf Communicator in Splunk Search 09-27-2017 0 1	0	1
Can I perform stats count on a substring using regex? I have log events such as activity:http://xyz/rest/876 http://xyz/rest/223 http://xyz/rest/263 http://xyz/rest/4534 h... by chetan1974 Engager in Splunk Search 09-27-2017 0 1	0	1
Is it possible to use a column from a .csv lookup file as a column in the results? So, I tried https://answers.splunk.com/answers/480296/how-to-add-an-additional-column-in-my-results-from.html?utm_sou... by chambern New Member in Splunk Search 09-27-2017 0 2	0	2
How do we find the first non-zero packet loss event? example dated newest to oldest : { "ip_address": "255.255.255.255","loss_pct": 0, "device_id": "ABC"} { "ip_address"... by mk197m New Member in Splunk Search 09-27-2017 0 2	0	2
Are function names case-sensitive? The following query did not return any results: ... \| stats count(EVAL(error_code=2000)) ... I had to use lower-ca... by pm771 Communicator in Splunk Search 09-27-2017 1 5	1	5
Merge two tables from two different sources i have a requirement to merge two tables table 1 appname \| source app1 \| src1 app2 \| ... by krrish0930 New Member in Splunk Search 09-27-2017 0 6	0	6
Custom Trigger Condition for alert if not specific destination IP I am attempting to create a custom trigger condition for the alert below that will only trigger if the dest_ip does n... by jrosecbt New Member in Splunk Search 09-27-2017 0 3	0	3
List of users accessing activesync index=exchange sourcetype=uag trunk="activesync2010" user="" returns a list of active sync users in the las... by jennjoe1 Explorer in Splunk Search 09-27-2017 0 2	0	2
Common Field in Two Different Indexes I have two indexes that I can successfully join via stats. However, both indexes have a common field named "STATUS".... by ryanprayacn Explorer in Splunk Search 09-27-2017 0 2	0	2
Can I use regex to remove a pipe character from a string? Hi All, I am having a problem with my search output. One of the results contains a pipe ( \| ) - E.g. bad_domain\|www... by MikeElliott Communicator in Splunk Search 09-27-2017 0 2	0	2
How can I reverse the x and y axes? current I have this search: ......\|\|addcoltotals \| table *_August_R \| reverse \| head 1 1_Ausgust_R,2_Ausgust_R,3_A... by kennethyeung New Member in Splunk Search 09-26-2017 0 2	0	2
How to calculate with multiple values in a table? I have few results which look like below in a table: ID Ask Bid 1 \| 4 \| 3 2 \| 5 ... by dailv1808 Path Finder in Splunk Search 09-26-2017 0 24	0	24
How do I edit my rex field=UEI mode=sed syntax to 'district' my sample URIs? As of now I am using: rex field=URI mode=sed "s/=[^?]+/=xxx/g" But its not working /v1/mb/members/15d628b4-0d113-0... by karthi2809 Builder in Splunk Search 09-26-2017 0 3	0	3
How can I run a search if a field contains the "\|" character? Hello, I need to count the event log line contains AAA\|Y\|42 but "\|" is the pipeline command so that I got error as... by hsu88888 Explorer in Splunk Search 09-26-2017 0 6	0	6
Why is my stats by command so slow and how can I speed it up for longer time intervals? I'm working on some statistics related queries. I'm trying to get the security id, date and count of hosts connected ... by timbCFCA Path Finder in Splunk Search 09-26-2017 1 6	1	6
Contingency Total Rows Hi I wonder whether someone may be able to help me please. Using an adapted solution from @woodcock I'm using the qu... by IRHM73 Motivator in Splunk Search 09-26-2017 0 6	0	6
How can I index the subjects of posts on a forum that is updated constantly without indexing duplicates? Hello! Here is what I'm trying to do: Index a particular section of a web page. This particular section is a foru... by agoktas Communicator in Splunk Search 09-26-2017 0 1	0	1