Splunk Search

Community Activity

ports for communication at indexer ,heavy forwarder Hi There, Can i please know the ports to be opened for heavy forwarder , indexer , universal forwarder ? by kteng2024 Path Finder in Splunk Search 07-31-2017 0 3	0	3
serverclass.conf whitelist regex issue: \w{3}SALTSIP\d{1,2} Hello, Does anybody see something wrong with this regex ? \w{3}SALTSIP\d{1,2} When testing against my host lis... by sylbaea Communicator in Splunk Search 07-31-2017 0 2	0	2
Tracking a transaction where the ID changes part way through I'm attempting to track a mule transaction where the correlation ID changes part way through the request, I would nor... by Lgo Explorer in Splunk Search 07-31-2017 0 2	0	2
Need help correlating different events to meet an ultimate condition I have these three different searches: A search to display when users create a new user account A search to display ... by jcorkey Explorer in Splunk Search 07-31-2017 0 2	0	2
How append will act if the first search return nothing? I want to search for a phone number among multiple indexes and I use append to combined the result together but what ... by bagir32 Explorer in Splunk Search 07-31-2017 0 7	0	7
How to Filter on Null Values? Hello, I am trying to filter on null values for the field called Device. None of the following searches below work- c... by katzr Path Finder in Splunk Search 07-31-2017 1 3	1	3
How to predict a 4th value based on 1,2,3 values in splunk machine learning tool kit i have been asked to give the 4th value as well to predict 4th value. In my case I don't have the 4th value. How to predict a 4th value based on 1,2,3 values in splunk machine learning tool kit i have been asked to give the 4t... by nsriram New Member in Splunk Search 07-31-2017 0 1	0	1
How to edit my search that looks over the last 7 days but displays each day? I have been asked by Legal to get login logoff time for colleagues with in certain time frames usually very specific ... by Sarmbrister Path Finder in Splunk Search 07-31-2017 0 4	0	4
Search with input lookup Hi Team, Need Help on run search checking server live or not using lookup boxdata box_env box_live_state box_locat... by harsush Path Finder in Splunk Search 07-31-2017 0 9	0	9
How do you create 2 variables Y axis column chart? Hello, I want create a column chart with 2 y-axis variables (AP and FP). I want AP to be the number of bars on the X ... by nyasharashad59 Explorer in Splunk Search 07-31-2017 0 4	0	4
How do I extract the second from _time? How do I find whether the time stamp of an event covers a specific second within a day? So, we need to identify all t... by ddrillic Ultra Champion in Splunk Search 07-31-2017 0 5	0	5
evaluate values from two different lookups I have a lookup file assignment_schedule containing below sample data assignment_group task_order schedule ... by bic Explorer in Splunk Search 07-31-2017 0 4	0	4
Joining with two unrelated tables I have two tables The first table has a list of Categories. The Second table has a list of Offices. Such as Categ... by aelliott Motivator in Splunk Search 07-31-2017 0 2	0	2
How to compare two field values and return a new field with a percent match between the two? I would like to compare two field values and return a new field with a percent match between the two. Current search... by grannnt New Member in Splunk Search 07-31-2017 0 2	0	2
Date Conversion Hi, How to convert this SQL statement to SPL pls select DateDiff(day, ga.Initial_L1_Decision_Date, Close_date) as [... by raghu0463 Explorer in Splunk Search 07-31-2017 0 4	0	4
How to find a specific user in an Active Directory lookup using ldapsearch command? I have the following ldapsearch \| ldapsearch domain="PROD" search="(&(objectClass=group)(cn=DSMS Operations))" \| ta... by pfabrizi Path Finder in Splunk Search 07-31-2017 0 6	0	6
Necessary to order db query by rising column? Is it necessary to include an ORDER BY $rising_column$ in my database tail query? This can be very expensive on a lar... by Jason Motivator in Splunk Search 07-31-2017 2 14	2	14
How to exclude the Windows events with Splunk process before indexing? Hi, I see a lot of events in Windows logs with Process splunk-regmon, powershell etc. Is there a way to exclude the ... by kiran331 Builder in Splunk Search 07-31-2017 0 6	0	6
Timeseries data - average age of user Hi all - I have a dataset that tracks server access. Every time a server makes a request an event is generated. A ve... by himynamesdave Contributor in Splunk Search 07-31-2017 0 4	0	4
Top command based on lookup result The following search will give the count of attacks by attacker_IP and destination branch. index=waf Name=block \| ... by bugnet Path Finder in Splunk Search 07-31-2017 0 3	0	3
ticket count every open months how can i count "several" tickets as "OPEN" every month including when it was created(create_date, mmddyyyy) to the m... by jonathan_yan5 Explorer in Splunk Search 07-30-2017 0 5	0	5
How to rename multiple field names with certain criteria How do I replace the MB in each field name with GB ?? _time XXX-XX-MB XXX-XXX-MB XXXXXXMB_XX_XXX 1 2017-07-30... by HattrickNZ Motivator in Splunk Search 07-30-2017 1 1	1	1
Return last event appear time HI Everyone I have a query will return me a table shows top users that has logon fail detail as below query sourcet... by samlinsongguo Communicator in Splunk Search 07-30-2017 0 5	0	5
How can I change human to epoch time \| gentimes start=-1 \| eval YourDate="3:21:34 AM 12/8/2014" \| table YourDate \| eval epoch1=strptime(YourDate,"%H:%M:... by nagarjuna280 Communicator in Splunk Search 07-30-2017 0 1	0	1
any way to replicate search artifacts and index between 2 all-in-on Splunk instance without cluter I have 2 separated all-in-one Splunk boxes running on the different sites for DR purpose. Is there any way to replic... by danielwan Explorer in Splunk Search 07-30-2017 0 4	0	4