Splunk Search

Community Activity

Is there an inverse to the IN Command? Hi Everyone, I recently found the IN command IP IN (10.72.168., 10.94.102., 10.80.134.*) I was curious if th... by swright95 New Member in Splunk Search 07-20-2017 0 3	0	3
Conditional Search items I'm trying to create a conditional which will search using one of two search terms based on an IF statement. A simpl... by danataylor Engager in Splunk Search 07-20-2017 0 4	0	4
How to draw a Chart with Duration field in HH:MM:SS format. I have duration field in seconds. I can draw graph using that field. However, I want graph using duration field in HH... by nandanthakkar New Member in Splunk Search 07-20-2017 0 7	0	7
How to keep Distinct fields correlated after merging with Stats command? Quick explanation of my Data format: Sourcetype "A" Field_ID, Field_Name Sourcetype "B" Field_ID, Interesting_Fiel... by chrisw3 Explorer in Splunk Search 07-20-2017 2 2	2	2
How to pull the event or logs from Trend micro deep security for splunk Hi Team, we have installed the Trend micro deep security for splunk and not getting any logs form trend micro. Coul... by lksridhar Explorer in Splunk Search 07-20-2017 0 5	0	5
How to append a total row for a column chart? Hi, so I currently have a column chart that has two bars for each day of the week, one bar is reanalysis and one is r... by byu168168 Path Finder in Splunk Search 07-20-2017 0 17	0	17
Why is my search not returning any results? Can anyone tell me why I am not returning any results? index=nessus cve=* \| eval CVSS_SCORE = cvss_base_score + cvss... by rkaakaty Path Finder in Splunk Search 07-20-2017 0 8	0	8
Is it possible to use wildcards to search by the last letter of a string? I am looking for specific usernames in my data set that end in "a". What would the syntax be to search the username f... by vanessedt New Member in Splunk Search 07-20-2017 0 1	0	1
How to create a table listing users and unique values for other associated fields as HostName or Access? I have the following fields: User HostName Access User A machine A SSH User A ... by jwalzerpitt Influencer in Splunk Search 07-20-2017 2 16	2	16
How can I select the index to search dynamically? I want to say \| eval my_index=(something, probably using if) \| append [index=(whatever my_index is)] How can I d... by sillingworth Path Finder in Splunk Search 07-20-2017 0 2	0	2
How handle case-sensitive results from a subsearch? I have created a dashboard that allows me to search my sendmail logs for some component of a mail transaction (e.g. m... by bacchussr Engager in Splunk Search 07-20-2017 1 3	1	3
two action against source IP I have top 5 source IP dashboard, I want to perform two action 1- when i select source IP it shoud go to external l... by rashid47010 Communicator in Splunk Search 07-20-2017 0 1	0	1
I need to display all the values in the below search index="index1" PROJECTNAME="" ( OBJECT_TYPE="" OR OBJECT_TYPE="*" ) \| dedup PROJECTNAME OBJECT_TYPE NAME \|map [sea... by tvon1990 Explorer in Splunk Search 07-20-2017 0 20	0	20
'rex' command in 6.6.2 Splunk I am trying to use the 'rex' command in one of our searches but not successful, the same search was working 1 month b... by udayk1 Path Finder in Splunk Search 07-20-2017 0 5	0	5
Search Factory: Unknown search command 'vt'. Hi Team, We have installed Virus Total Checker app as well as Enterprise Security Suite App in our Search Head serve... by anandhalagarasa Path Finder in Splunk Search 07-20-2017 1 6	1	6
show data as in the order defined in query I have a chart shows counts of Policies under different Policy Amount ranges (eg: 10000-50000). Query: index\|rename... by dsiob Communicator in Splunk Search 07-19-2017 0 6	0	6
How to merge rows in a table column if the value is repeating? I need to merge rows in a column if the value is repeating. My search output gives me a table containing Subsystem, ... by jagadish85 Path Finder in Splunk Search 07-19-2017 2 7	2	7
How to remove all identical events and keep the latest event for each different timestamp in a transaction search? We tried this search below: index=test \| eval dup=_raw \| convert ctime(_time) as T1 \| transaction dup mvlist=t ma... by kkarthik2 Observer in Splunk Search 07-19-2017 0 2	0	2
query is reaching memory limit and auto-finalizing, is there a way to optimize the query and prevent this from happening? Query : index=INDEXA earliest=-7d@d latest=@d sourcetype=GHI "service=randomservice" (api_name=API1 OR api_name=API... by tareddy Explorer in Splunk Search 07-19-2017 0 2	0	2
How to use the Rex command with text copied from Field Extractor? Hello all, I've used the field extractor to pull out the following field, but because the permissions are a little s... by jrnastase Explorer in Splunk Search 07-19-2017 0 2	0	2
Stats Count not returning expected Results - Difference in count over single date and span covering same date HI Guys, Just noticed something a little strange, I am running a query to cont the number of a certain transaction.... by insaneteddie Path Finder in Splunk Search 07-19-2017 0 16	0	16
How to edit my search to list jobs in a table per user, per day? Hello, One of my co-workers is using a search to make a table listing the days the events of interest took place, as... by Svill321 Path Finder in Splunk Search 07-19-2017 0 1	0	1
How to get a Line Chart with 3 Split by Clauses? I have a set of lab samples that have a Percent value measured in 3 different locations across the sample, identified... by mstark31 Path Finder in Splunk Search 07-19-2017 1 3	1	3
How to find and stop real time searches running on indexers? Hi there, I am seeing some real time searches running on indexers. Can I please know how real time searches are runn... by kteng2024 Path Finder in Splunk Search 07-19-2017 0 3	0	3
How to add the duration of the last event in a transaction to the total duration? I am trying to use the transaction command to group events within 5 minutes of each other, and have set up fields to ... by phakey New Member in Splunk Search 07-19-2017 0 6	0	6