Splunk Search

Community Activity

How do time based lookups apply user time zone? I have a time based lookup set up with a lookup file containing time values of full days, such as 2017-08-14 (with a ... by jeffland SplunkTrust in Splunk Search 09-13-2017 2 12	2	12
Stats values Into timechart -- I can't get timechart to work Hi, I wonder whether someone could help me please. I've put together this query: \| multisearch [ search `frontenda_... by IRHM73 Motivator in Splunk Search 09-13-2017 0 7	0	7
Trying to extract these three fields from XML using regex Hi! I can not extract three fields from xml using regex. Please tell me how it can be done <VULN number="MP-413771" ... by sphc Explorer in Splunk Search 09-13-2017 0 3	0	3
How can I rearrange the columns of my search in this specific order? I want my to rearrange the columns of my query in a particular order as shown below ,but due to dates (01-jun-2017) ,... by srikarbaswa446 New Member in Splunk Search 09-13-2017 0 2	0	2
How can I create the same fields with different values within the same event? I need to extract cveid, cvss, vulnerability number, etc.. here is my log: ...... cveid="1234" cvss= "abcd" .......... by sphc Explorer in Splunk Search 09-13-2017 0 5	0	5
Search to check whether keys are matching I have the below expression and which is a keys and i want to check whether the same keys are matching so help me in ... by DataOrg Builder in Splunk Search 09-13-2017 0 1	0	1
Change color of pie chart based on percentage automatically I want to change color of slices of pie chart based on the percentage values. slice that have highest percentage shou... by isha_rastogi Path Finder in Splunk Search 09-13-2017 0 11	0	11
Set zero value if there is nothing found in the search Hi, I'm running Splunk 6.6 and I like to set something like a "default" value in the case that there was nothing fou... by bosch_softtec Path Finder in Splunk Search 09-13-2017 0 2	0	2
Regex to extract from start until a specific character I have a test field in a CSV called description: Completed changes are not shown as complete in channels for a while ... by Sukisen1981 Champion in Splunk Search 09-13-2017 0 10	0	10
How to calculate the percentages of the field values (yes/no) in a field? Hi I have a Splunk search as follows: My search \| table host_name, last_seen_in_24hours which displays the result ... by pavanae Builder in Splunk Search 09-12-2017 0 2	0	2
How do I make fields with a replacement for an argument work inside a saved search with the map command? I'm sure there's a really easy answer, but it isn't coming to me so I'd greatly appreciate some help. If I define a ... by triest Communicator in Splunk Search 09-12-2017 0 1	0	1
'outputlookup' command: Could not write to file I'm trying to use outputlookup to generate a lookup table based on search results and I'm running into the following ... by Lowell Super Champion in Splunk Search 09-12-2017 0 7	0	7
chart over multiple fields hello splunkers, We are trying to get the chart over for multiple fields sample as below , we are not able to get it... by Jyothik New Member in Splunk Search 09-12-2017 0 13	0	13
Regex for Windows Event from Syslog agent Hi, I'm trying to get the Target Account ID from the Windows Event parsed from a syslog agent. I'm trying to capture ... by leonheart78 Explorer in Splunk Search 09-12-2017 0 3	0	3
Stats function by multiple fields I have a table of data like this Time1 Time2 Time3 Total 36.650000 16.050000 0.133333 74 44.866667 ... by byu168168 Path Finder in Splunk Search 09-12-2017 0 2	0	2
Top 10 list of failed login attempts for a specific application by user name I am trying to get a top 10 list of failed login attempts for a specific application by user name over a period of ti... by snix Communicator in Splunk Search 09-12-2017 0 9	0	9
How to Trim string at @ - need help creating rex search Hello, I cannot figure out the syntax of the rex function. I have a field called email with multiple domains: katz.r... by katzr Path Finder in Splunk Search 09-12-2017 0 8	0	8
How to create and use a form input to run searches on data from multiple sources? I would like to create a look-up tool for my incident responders. they often only have an IP and I would like to be ... by hartfoml Motivator in Splunk Search 09-12-2017 0 5	0	5
Host Regex Help Hello All, I really need to get good at regex and learn to do this myself but alas there are so many other things th... by edwardrose Contributor in Splunk Search 09-12-2017 0 5	0	5
Is the Splunk predict command useful? So, I have a graph that shows the total user logins per day for an application and I thought it would be cool to show... by kdimaria Communicator in Splunk Search 09-12-2017 0 4	0	4
Visualize JSON array of array Hi guys, I would like to convert the following event into a table: { Id: 1505207351 Start: 1505207651 ... by faustf Communicator in Splunk Search 09-12-2017 0 5	0	5
Where command -- How can I use this on a search without affecting the base search? I want to compare two identical searches but one looking for just count and the other using count \| where the average... by sepkarimpour Path Finder in Splunk Search 09-12-2017 0 6	0	6
Save number to a value from .log file Hello all. I'm totally new to splunk. And I'm totally desperate now. I have .log file in which i have to search for s... by davidlajda Engager in Splunk Search 09-12-2017 0 8	0	8
How to prevent injection from field in a dashboard? I create a simple dashboard and put a text field (token: field1) and a panel with shows result search query. <form> ... by takaakinakajima Path Finder in Splunk Search 09-12-2017 1 8	1	8
Multisearch alert to go off only from one side + sourcetype count optimisation I've tried to set up an alert to go off whenever the number of hosts from one search is not the same for another sear... by sepkarimpour Path Finder in Splunk Search 09-12-2017 0 3	0	3