Splunk Search

Community Activity

Is there a forensic-type report that handles AD user account properties for PCI and SSAE compliance? Hello, I'm looking for a way to track total property changes within an AD user's account. As an example, per PCI an... by dhaertel Path Finder in Splunk Search 09-13-2017 0 3	0	3
Search help -- my search is inaccurately showing if hosts have been online in the past 24 hours. I have a query as follows \| inputlookup ABCD \| search Forward="Yes" \| table Region,IPHost, ip_address \| rename Re... by pavanae Builder in Splunk Search 09-13-2017 0 7	0	7
How to preserve order of json array in search results? We are on Splunk 6.2.1 We have logging raw json including 'stack_trace' as a json array like this: {"exception_clas... by rgsage Path Finder in Splunk Search 09-13-2017 1 2	1	2
How to rearrange table by values in a column So I have the following data as output statistics from a search: User Group Number Andy A ... by andrewhlui Explorer in Splunk Search 09-13-2017 0 5	0	5
Average of web requests blocked - span of 10 minutes Hi mates, I'm trying to get the most 10 IP addresses with blocked web requests during a month, but the threshold sho... by rookie507SL New Member in Splunk Search 09-13-2017 0 2	0	2
How do time based lookups apply user time zone? I have a time based lookup set up with a lookup file containing time values of full days, such as 2017-08-14 (with a ... by jeffland SplunkTrust in Splunk Search 09-13-2017 2 12	2	12
Stats values Into timechart -- I can't get timechart to work Hi, I wonder whether someone could help me please. I've put together this query: \| multisearch [ search `frontenda_... by IRHM73 Motivator in Splunk Search 09-13-2017 0 7	0	7
Trying to extract these three fields from XML using regex Hi! I can not extract three fields from xml using regex. Please tell me how it can be done <VULN number="MP-413771" ... by sphc Explorer in Splunk Search 09-13-2017 0 3	0	3
How can I rearrange the columns of my search in this specific order? I want my to rearrange the columns of my query in a particular order as shown below ,but due to dates (01-jun-2017) ,... by srikarbaswa446 New Member in Splunk Search 09-13-2017 0 2	0	2
How can I create the same fields with different values within the same event? I need to extract cveid, cvss, vulnerability number, etc.. here is my log: ...... cveid="1234" cvss= "abcd" .......... by sphc Explorer in Splunk Search 09-13-2017 0 5	0	5
Search to check whether keys are matching I have the below expression and which is a keys and i want to check whether the same keys are matching so help me in ... by DataOrg Builder in Splunk Search 09-13-2017 0 1	0	1
Change color of pie chart based on percentage automatically I want to change color of slices of pie chart based on the percentage values. slice that have highest percentage shou... by isha_rastogi Path Finder in Splunk Search 09-13-2017 0 11	0	11
Set zero value if there is nothing found in the search Hi, I'm running Splunk 6.6 and I like to set something like a "default" value in the case that there was nothing fou... by bosch_softtec Path Finder in Splunk Search 09-13-2017 0 2	0	2
Regex to extract from start until a specific character I have a test field in a CSV called description: Completed changes are not shown as complete in channels for a while ... by Sukisen1981 Champion in Splunk Search 09-13-2017 0 10	0	10
How to calculate the percentages of the field values (yes/no) in a field? Hi I have a Splunk search as follows: My search \| table host_name, last_seen_in_24hours which displays the result ... by pavanae Builder in Splunk Search 09-12-2017 0 2	0	2
How do I make fields with a replacement for an argument work inside a saved search with the map command? I'm sure there's a really easy answer, but it isn't coming to me so I'd greatly appreciate some help. If I define a ... by triest Communicator in Splunk Search 09-12-2017 0 1	0	1
'outputlookup' command: Could not write to file I'm trying to use outputlookup to generate a lookup table based on search results and I'm running into the following ... by Lowell Super Champion in Splunk Search 09-12-2017 0 7	0	7
chart over multiple fields hello splunkers, We are trying to get the chart over for multiple fields sample as below , we are not able to get it... by Jyothik New Member in Splunk Search 09-12-2017 0 13	0	13
Regex for Windows Event from Syslog agent Hi, I'm trying to get the Target Account ID from the Windows Event parsed from a syslog agent. I'm trying to capture ... by leonheart78 Explorer in Splunk Search 09-12-2017 0 3	0	3
Stats function by multiple fields I have a table of data like this Time1 Time2 Time3 Total 36.650000 16.050000 0.133333 74 44.866667 ... by byu168168 Path Finder in Splunk Search 09-12-2017 0 2	0	2
Top 10 list of failed login attempts for a specific application by user name I am trying to get a top 10 list of failed login attempts for a specific application by user name over a period of ti... by snix Communicator in Splunk Search 09-12-2017 0 9	0	9
How to Trim string at @ - need help creating rex search Hello, I cannot figure out the syntax of the rex function. I have a field called email with multiple domains: katz.r... by katzr Path Finder in Splunk Search 09-12-2017 0 8	0	8
How to create and use a form input to run searches on data from multiple sources? I would like to create a look-up tool for my incident responders. they often only have an IP and I would like to be ... by hartfoml Motivator in Splunk Search 09-12-2017 0 5	0	5
Host Regex Help Hello All, I really need to get good at regex and learn to do this myself but alas there are so many other things th... by edwardrose Contributor in Splunk Search 09-12-2017 0 5	0	5
Is the Splunk predict command useful? So, I have a graph that shows the total user logins per day for an application and I thought it would be cool to show... by kdimaria Communicator in Splunk Search 09-12-2017 0 4	0	4