Splunk Search

Community Activity

Is there a way to highlight a table cell a certain color based on the date value? I have a table in splunk that has the following fields: Tool; End_Of_Support; The End_Of_Support field has differ... by dreschke Explorer in Splunk Search 09-09-2017 0 2	0	2
Need help forming search string to show when users create new users I have a linux box with a universal forwarder sending linux data to my Splunk enterprise. I am trying to detect when ... by jcorkey Explorer in Splunk Search 09-09-2017 0 2	0	2
Interesting Fields Missing in Search & Reporting of two different Search Heads Hi Team, We have two search heads deployed in our environment for Enterprise Security Operations team. Let me direct... by anandhalagarasa Path Finder in Splunk Search 09-09-2017 1 6	1	6
How can I pull the duration or datetime difference with the given value? I am trying to extract the time duration in tabular format of check-in and check-out value, can someone please help. ... by iqbalintouch Path Finder in Splunk Search 09-09-2017 0 2	0	2
Create a piechart where each field has a group of options for fulfillment I have data events which share the properties of index, location, drink_type, drink_available example data: 1) index=... by TommyRay106 New Member in Splunk Search 09-09-2017 0 3	0	3
How can I fix my outputcsv to a particular IP in search head clustering ? We are generating 4 reports from Splunk SHC. We want to append all the results of a search query into one particular ... by sandyIscream Communicator in Splunk Search 09-09-2017 0 2	0	2
Lookup Fields not updating in the Datamodel I have built an accelerated datamodel with lookup fields. There is a report that is scheduled to run everyday to popu... by poojak2579 Path Finder in Splunk Search 09-09-2017 0 9	0	9
Count events per month until a certain day Hi community, I need your help!!! It is possible to make a report that counts the number of events grouped by month... by lufermalgo Path Finder in Splunk Search 09-09-2017 0 9	0	9
Extraction regular expression I am using the extraction (regular expression) option to extract a particular field from the events. The issue I am h... by bharpur183 Explorer in Splunk Search 09-09-2017 0 12	0	12
Results are missing from this search Hi, I use the below search to get the row with max value; (index="indexa" OR index="indexb") sourcetype="sourceA" \|... by bj6192 Explorer in Splunk Search 09-09-2017 0 4	0	4
Is it possible to create a timechart from a time field in a CSV or lookup? host,value,timestamp a1,30,24-Oct-15 00:00 a1,10,24-Oct-15 01:00 a1,5,24-Oct-15 02:00 a2,3,24-Oct-15 00:00 a2,5,24-Oc... by pkeller Contributor in Splunk Search 09-09-2017 1 6	1	6
Why isn't my discard working? I'm trying to discard entries from one of my data sources and it isn't working. Why? All the following are set on the... by timbCFCA Path Finder in Splunk Search 09-09-2017 0 2	0	2
Wildcard field names for "search" or "where" I'm looking at a count of server events over time and need to find all servers where there are more than 1 event per ... by redc Builder in Splunk Search 09-08-2017 0 3	0	3
Using multiple geospatial lookups Thanks in advance for any help. I currently am using a geospatial file to show devices inside or outside of a geofen... by sigpro1911 New Member in Splunk Search 09-08-2017 0 1	0	1
Automating bundle pushes from shcluster and index cluster Simple question, has anyone been able to successfully solve this? I can surely think of a bunch of easy ways to accom... by brent_weaver Builder in Splunk Search 09-08-2017 0 5	0	5
Replace a null value after search appending Hello All, I have a search query as below: index="alpha_all_aal_event" type=twaReport\|search callId=0 userId=a... by patilsh Explorer in Splunk Search 09-08-2017 0 3	0	3
How to use auto formatting on a QWERTZ layout? Hi, how can I use the new auto formatting feature on QWERTZ layout? Thanks in advance Heinz by HeinzWaescher Motivator in Splunk Search 09-08-2017 1 6	1	6
Field Extractions from Proxy Logs Hi Team, Need your help/suggestion on what is the best way to handle below scenario. I am using field extractor scr... by newbie2tech Communicator in Splunk Search 09-08-2017 0 4	0	4
Connecting events that don't have a common field Hi guys, more like a generic question: how do you make sense of events which are not necessarily linked by a common ... by robettinger Explorer in Splunk Search 09-08-2017 0 2	0	2
Visual chart for how much free disk space is available? when i run the query in splunk search [ host=tableau sourcetype="Perfmon:Free Disk Space" ] I get the below mentione... by shakeel253 Explorer in Splunk Search 09-08-2017 0 7	0	7
Index-time field extraction issue Hello all, I'm a bit stuck with my issue. I do have this splunk infra : Sources ==> UF ==> Indexer cluster (3 + mas... by perezcla New Member in Splunk Search 09-08-2017 0 2	0	2
Inputlookup and match only whole word in field text I want to use a keyword list (inputlookup) to find a keyword (whole word only !) in the event text. Sample Event tex... by John__Doe Engager in Splunk Search 09-08-2017 0 10	0	10
Do I need to pay for a course if list price is mentioned? List Price: $1,000.00 USD Partner Cert: $0.00 USD This is what I see in my account portal regarding a particular co... by palak123 New Member in Splunk Search 09-08-2017 0 5	0	5
Is it possible to mount HOT to a ram disk for performance? All, Just day dreaming here a little as I read the indexes.conf file documentation a bit. I was thinking, assuming ... by daniel333 Builder in Splunk Search 09-08-2017 0 5	0	5
Deselect option in timeline. What 'Deselect' option in the timeline will do? Will it run the new search or not? by rahulrwt23 New Member in Splunk Search 09-07-2017 0 5	0	5