Splunk Search

Community Activity

How to do 2 parameters rex mode=sed ? Hello Guys, It's possible 2 parameters rex mode=sed in sequence ? I can change ab for 01 and ac for 02 I try this,... by pgbr7 Explorer in Splunk Search 09-10-2017 0 5	0	5
How to access a field name using variable ? My Splunk results are returning multiple fields including fields Sunday, Monday, Tuesday .... Saturday. Now my requ... by sagrl Explorer in Splunk Search 09-10-2017 0 3	0	3
subsearch fields do not appear in the table command.. What is wrong with this search: host="*" source="BIP" NOT source="BIP98" NOT source="BIP99*" \|eval path=mvind... by smuderasi Explorer in Splunk Search 09-10-2017 0 6	0	6
How to trigger an alert if a search is still returning results after 10 minutes? Currently, we have a search that is set to trigger if it returns a single result, and then throttle for 10 minutes be... by jmpirro New Member in Splunk Search 09-10-2017 0 4	0	4
Why can't I delete my LDAP strategy? Just wanted to run this one by the Splunk community to see if anyone else has experienced this before: -Earlier this... by vanderaj2 Path Finder in Splunk Search 09-10-2017 0 5	0	5
Is there a way to highlight a table cell a certain color based on the date value? I have a table in splunk that has the following fields: Tool; End_Of_Support; The End_Of_Support field has differ... by dreschke Explorer in Splunk Search 09-09-2017 0 2	0	2
Need help forming search string to show when users create new users I have a linux box with a universal forwarder sending linux data to my Splunk enterprise. I am trying to detect when ... by jcorkey Explorer in Splunk Search 09-09-2017 0 2	0	2
Interesting Fields Missing in Search & Reporting of two different Search Heads Hi Team, We have two search heads deployed in our environment for Enterprise Security Operations team. Let me direct... by anandhalagarasa Path Finder in Splunk Search 09-09-2017 1 6	1	6
How can I pull the duration or datetime difference with the given value? I am trying to extract the time duration in tabular format of check-in and check-out value, can someone please help. ... by iqbalintouch Path Finder in Splunk Search 09-09-2017 0 2	0	2
Create a piechart where each field has a group of options for fulfillment I have data events which share the properties of index, location, drink_type, drink_available example data: 1) index=... by TommyRay106 New Member in Splunk Search 09-09-2017 0 3	0	3
How can I fix my outputcsv to a particular IP in search head clustering ? We are generating 4 reports from Splunk SHC. We want to append all the results of a search query into one particular ... by sandyIscream Communicator in Splunk Search 09-09-2017 0 2	0	2
Lookup Fields not updating in the Datamodel I have built an accelerated datamodel with lookup fields. There is a report that is scheduled to run everyday to popu... by poojak2579 Path Finder in Splunk Search 09-09-2017 0 9	0	9
Count events per month until a certain day Hi community, I need your help!!! It is possible to make a report that counts the number of events grouped by month... by lufermalgo Path Finder in Splunk Search 09-09-2017 0 9	0	9
Extraction regular expression I am using the extraction (regular expression) option to extract a particular field from the events. The issue I am h... by bharpur183 Explorer in Splunk Search 09-09-2017 0 12	0	12
Results are missing from this search Hi, I use the below search to get the row with max value; (index="indexa" OR index="indexb") sourcetype="sourceA" \|... by bj6192 Explorer in Splunk Search 09-09-2017 0 4	0	4
Is it possible to create a timechart from a time field in a CSV or lookup? host,value,timestamp a1,30,24-Oct-15 00:00 a1,10,24-Oct-15 01:00 a1,5,24-Oct-15 02:00 a2,3,24-Oct-15 00:00 a2,5,24-Oc... by pkeller Contributor in Splunk Search 09-09-2017 1 6	1	6
Why isn't my discard working? I'm trying to discard entries from one of my data sources and it isn't working. Why? All the following are set on the... by timbCFCA Path Finder in Splunk Search 09-09-2017 0 2	0	2
Wildcard field names for "search" or "where" I'm looking at a count of server events over time and need to find all servers where there are more than 1 event per ... by redc Builder in Splunk Search 09-08-2017 0 3	0	3
Using multiple geospatial lookups Thanks in advance for any help. I currently am using a geospatial file to show devices inside or outside of a geofen... by sigpro1911 New Member in Splunk Search 09-08-2017 0 1	0	1
Automating bundle pushes from shcluster and index cluster Simple question, has anyone been able to successfully solve this? I can surely think of a bunch of easy ways to accom... by brent_weaver Builder in Splunk Search 09-08-2017 0 5	0	5
Replace a null value after search appending Hello All, I have a search query as below: index="alpha_all_aal_event" type=twaReport\|search callId=0 userId=a... by patilsh Explorer in Splunk Search 09-08-2017 0 3	0	3
How to use auto formatting on a QWERTZ layout? Hi, how can I use the new auto formatting feature on QWERTZ layout? Thanks in advance Heinz by HeinzWaescher Motivator in Splunk Search 09-08-2017 1 6	1	6
Field Extractions from Proxy Logs Hi Team, Need your help/suggestion on what is the best way to handle below scenario. I am using field extractor scr... by newbie2tech Communicator in Splunk Search 09-08-2017 0 4	0	4
Connecting events that don't have a common field Hi guys, more like a generic question: how do you make sense of events which are not necessarily linked by a common ... by robettinger Explorer in Splunk Search 09-08-2017 0 2	0	2
Visual chart for how much free disk space is available? when i run the query in splunk search [ host=tableau sourcetype="Perfmon:Free Disk Space" ] I get the below mentione... by shakeel253 Explorer in Splunk Search 09-08-2017 0 7	0	7