Splunk Search

Community Activity

About issues between 6.5.x ver splunk and 6.3.x ver splunk. I want to know whether existing a problem between Splunk server of 6.3 series and Splunk server of 6.5 series(especia... by yutaka1005 Builder in Splunk Search 07-27-2017 0 2	0	2
Not counting events in between event pairs My search is index=safes TransactionCode=DOPN OR TransactionCode=PWPL Details="opened" OR Details="AC" \| transact... by ellenbytech Explorer in Splunk Search 07-27-2017 0 6	0	6
Update a Datamodel Field from a look up I have a DataModel field like below, there are many unique entries NICKNAME mx smcrisk_engine mxtraderepository_engi... by robertlynch2020 Influencer in Splunk Search 07-27-2017 0 1	0	1
Why does the convert command not work in my search? by hjaramillo New Member in Splunk Search 07-27-2017 0 8	0	8
split based on lookup Hello, I have a set of windows events (4656 and 4663) which contain fullpathnames. I also have a list of 'critical'... by coenvandijk Observer in Splunk Search 07-27-2017 0 2	0	2
Need help forming my search query for linux_secure sourcetype I am receiving the /var/log/secure logs from my linux forwarder I am trying to create a search string that can detect... by jcorkey Explorer in Splunk Search 07-27-2017 0 1	0	1
Lookup most recent login before event Hi all, I have created a table that will show all FireEye events logged that contain a certain MAC address. This is t... by EliBildman Engager in Splunk Search 07-27-2017 0 1	0	1
What are the list of Splunk commands? I would like to have a list with (all) commands, their description, possible options and what ever is interesting abo... by Belog New Member in Splunk Search 07-27-2017 0 1	0	1
Creating an If statement in Search with max() function inside Here's what I have below. I'm trying to do unit conversion and the unit trails in the string (ex. 127 KiB). Any ideas... by aracer Engager in Splunk Search 07-27-2017 0 9	0	9
Converting time in Time token to limit results till a particular date I need to create a panel in dashboard which gives me list of activities till 23rd July 2017. Now, I don't want the st... by pushpender07 Explorer in Splunk Search 07-27-2017 0 8	0	8
How to comparing 2 date fields and create a third with the difference Event_Reported_Time Comment_Date Diff 7/21/2016 7/22/2016 1 7/24/2016 ... by ajdyer2000 Path Finder in Splunk Search 07-27-2017 0 2	0	2
I need help with my search query I have the follow search query: sourcetype=linux_secure source="/var/log/*" "su: (" \| eval Date=strftime(_time, "%Y... by jcorkey Explorer in Splunk Search 07-27-2017 0 7	0	7
logs are missing from specific period in splunk For example , i have a sourcetype=abc and data in splunk started missing for this sourcetype from past week . Can i p... by kteng2024 Path Finder in Splunk Search 07-27-2017 0 1	0	1
How to remove a field from a visualization, but not remove it from search results? I have search results like this: Host---------------Description------------ EventSize 127.0.0.1----------Prod DB----... by ronekarleone Explorer in Splunk Search 07-27-2017 0 10	0	10
Change field to arbitrary value following a regex match using props.conf and transforms.com I have two firewall devices that log their activities in different formats. I'm trying to create CIM compliant logs. ... by mjmayer Explorer in Splunk Search 07-27-2017 0 3	0	3
How can we run searches based on token value? I have two different searches and i want to run those searches based on the token. if any value is set for that toke... by goyals05 Explorer in Splunk Search 07-27-2017 2 3	2	3
How to use regex to extract field? HI How to extract the field with space using regex? name: T11345DDF ERROR T11345SSDF Volume C values: 123455-253355... by kiran331 Builder in Splunk Search 07-27-2017 0 3	0	3
Repetive queries of LARGE indexes We have an environment that indexes approximately 600GB / day. I have been tasked with creating queries that correl... by tlmayes Contributor in Splunk Search 07-27-2017 0 3	0	3
What is historical data? While researching exchanging licenses between servers I came across "Historical Data." What is historical Data? by obiloki New Member in Splunk Search 07-27-2017 0 1	0	1
Can a lookup be used for renaming a field name? Trying to figure out if can rename field names using lookup and CSV file. Something like this: index=main d_name="*"... by simpkins1958 Contributor in Splunk Search 07-27-2017 0 6	0	6
Lookup in the Index Time Hi, I have a file coming from the source ( UF ) in which I am getting two fields ( IP and PORT ) , Now I have a loo... by abhayneilam Contributor in Splunk Search 07-27-2017 0 3	0	3
Two multivalue fields needed Hi - I need to extract two multivalue fields from each event. Let's say the strings are "AAA-" and "BBB-". Each strin... by wkassel New Member in Splunk Search 07-27-2017 0 3	0	3
How to replace values without using a join I am using a join, but is there a better way to replace values? I have the following table. (NICKNAME + Human_Name_N... by robertlynch2020 Influencer in Splunk Search 07-27-2017 0 4	0	4
Searching events within a time range from csv file My search operation consists of two parts Part 1: This job runs every 6 hours and keeps appending to the results obt... by tareddy Explorer in Splunk Search 07-27-2017 0 4	0	4
Why am I getting an eval command error "The arguments to the match function are invalid"? I would like to create a new panel in my Dashboard and I am using the following search string: index=$index$ eventId... by Taner Engager in Splunk Search 07-27-2017 0 5	0	5