Splunk Search

Community Activity

Find inconsistencies in the IDs of results Hello, I'm new to Splunk in general, and I was wondering is there was a way to highlight inconsistencies in the IDs ... by ilomax New Member in Splunk Search 09-11-2017 0 1	0	1
Unknown search command - custon python script I am trying to use an external script (python) to retrieve data from a database (sqlite3) which is to be summarized w... by apgersplunk1 Explorer in Splunk Search 09-11-2017 2 3	2	3
How Do I Make 5 Bar Graphs by Using the Output of a Chart String as Input to a Timechart String? I use the following search to show a pie chart of the top 5 IPs connecting to the network: sourcetype="conn_log" \| c... by jeremy_fade New Member in Splunk Search 09-11-2017 0 2	0	2
Trying to use lookup table instead of tagging hosts I am trying to settle on a method for grouping hosts into hostgroups for easy searching and reporting. I have heard e... by gfriedmann Communicator in Splunk Search 09-11-2017 3 3	3	3
Need a little help troubleshooting my subsearch... This search gives me a value that I can feed into the next search and I get results without an error index=fireeye s... by packet_hunter Contributor in Splunk Search 09-11-2017 0 2	0	2
Splunk search that finds when matches 2 events but does not match a third within a 5-second interval over the last 24 hours? Need to find the solution for a Splunk search that finds when Event_ID=24 and Event_ID=40 but not Event_ID=23 within ... by SystemsEnginee1 New Member in Splunk Search 09-11-2017 0 11	0	11
Regex on a Syslog parsed Windows Event I'm trying to extract the Account Name for this particular Windows Event, which is passed by a Syslog forwarder, inst... by leonheart78 Explorer in Splunk Search 09-11-2017 0 2	0	2
Creating visualization of list of ip address I have data that has multiple (and variable) ip addresses associated with each event. For example: ABCD September 1... by andrewhlui Explorer in Splunk Search 09-11-2017 0 1	0	1
Count is different for a timespan when additional time is in the span I have a search statement as follows index=test1 sourcetype=test1 \|join type=left filed [search index=test2] \| table... by kulo Engager in Splunk Search 09-11-2017 0 1	0	1
How to correlate multiple transactions as a single event? I have defined transactions to determine the cut-off times for our telecom links. We have two telecom operators per s... by erwan_raulet Explorer in Splunk Search 09-10-2017 0 3	0	3
How can I change bar chart interval to time duration? I have the following search: ...\| convert dur2sec("Call Duration") as "CDinsec" \| stats sum(CDinsec) as "totalCDsec"... by tamduong16 Contributor in Splunk Search 09-10-2017 0 4	0	4
i want to list out the values with respective request is coming from. Please help am getting the messages coming for particular claim but in that from 2 fields am getting the different values. I want... by prashanthberam Explorer in Splunk Search 09-10-2017 0 4	0	4
How can we add token based condition to search query ? below given is search query and I want to run this query only if token "$Check_Status$" is set to some value. if tok... by AKG1_old1 Builder in Splunk Search 09-10-2017 0 3	0	3
How to change the cell color of a table if SLA time is missed? Hi Team, Below my search from which i am getting the completion time of job. Below is where i need ur help. 1 - If... by harsush Path Finder in Splunk Search 09-10-2017 0 3	0	3
How to do 2 parameters rex mode=sed ? Hello Guys, It's possible 2 parameters rex mode=sed in sequence ? I can change ab for 01 and ac for 02 I try this,... by pgbr7 Explorer in Splunk Search 09-10-2017 0 5	0	5
How to access a field name using variable ? My Splunk results are returning multiple fields including fields Sunday, Monday, Tuesday .... Saturday. Now my requ... by sagrl Explorer in Splunk Search 09-10-2017 0 3	0	3
subsearch fields do not appear in the table command.. What is wrong with this search: host="*" source="BIP" NOT source="BIP98" NOT source="BIP99*" \|eval path=mvind... by smuderasi Explorer in Splunk Search 09-10-2017 0 6	0	6
How to trigger an alert if a search is still returning results after 10 minutes? Currently, we have a search that is set to trigger if it returns a single result, and then throttle for 10 minutes be... by jmpirro New Member in Splunk Search 09-10-2017 0 4	0	4
Why can't I delete my LDAP strategy? Just wanted to run this one by the Splunk community to see if anyone else has experienced this before: -Earlier this... by vanderaj2 Path Finder in Splunk Search 09-10-2017 0 5	0	5
Is there a way to highlight a table cell a certain color based on the date value? I have a table in splunk that has the following fields: Tool; End_Of_Support; The End_Of_Support field has differ... by dreschke Explorer in Splunk Search 09-09-2017 0 2	0	2
Need help forming search string to show when users create new users I have a linux box with a universal forwarder sending linux data to my Splunk enterprise. I am trying to detect when ... by jcorkey Explorer in Splunk Search 09-09-2017 0 2	0	2
Interesting Fields Missing in Search & Reporting of two different Search Heads Hi Team, We have two search heads deployed in our environment for Enterprise Security Operations team. Let me direct... by anandhalagarasa Path Finder in Splunk Search 09-09-2017 1 6	1	6
How can I pull the duration or datetime difference with the given value? I am trying to extract the time duration in tabular format of check-in and check-out value, can someone please help. ... by iqbalintouch Path Finder in Splunk Search 09-09-2017 0 2	0	2
Create a piechart where each field has a group of options for fulfillment I have data events which share the properties of index, location, drink_type, drink_available example data: 1) index=... by TommyRay106 New Member in Splunk Search 09-09-2017 0 3	0	3
How can I fix my outputcsv to a particular IP in search head clustering ? We are generating 4 reports from Splunk SHC. We want to append all the results of a search query into one particular ... by sandyIscream Communicator in Splunk Search 09-09-2017 0 2	0	2