Splunk Search

Community Activity

How to create a chart using multiple fields grouped by location I have 6 fields (Ones, Fives, ..., Hundreds). I want to view a chart of the number of bills of each type submitted ov... by ellenbytech Explorer in Splunk Search 07-21-2017 0 4	0	4
Bar color based on value on chart Hi everbody i want to create color bar chart which color change based value. i see different example for stats but t... by karakutu Path Finder in Splunk Search 07-21-2017 0 5	0	5
Splunk Health Check (Warning, Info and N/A) Hi Guys, Good Day! Regarding on our Splunk servers, we've performed a health check and we found some warning, info ... by vino06 New Member in Splunk Search 07-21-2017 0 1	0	1
Wildcard in Field Value for where clause I am currently running this search to populate a table in a dashboard: dedup clientcert sortby "-date" \| where clien... by rmasons New Member in Splunk Search 07-21-2017 0 6	0	6
Multiple Login Failure Attempts How can I search for 10 failed logon attempts within a 5 minute timeframe?I could try timechart, but a 24 hour period... by mihall Path Finder in Splunk Search 07-21-2017 0 6	0	6
Return fields based on boolean value Hi, I have a saved search used by a dashboard which should return different fields based on the boolean value of a s... by hegga Explorer in Splunk Search 07-21-2017 0 3	0	3
Any difference between NULL and null() in eval? In an eval expression, is there any difference between using NULL and null()? Use case: I want to return null in an ... by helge Builder in Splunk Search 07-20-2017 1 3	1	3
Why when I use "\\" it shows results with only one "\" I'm currently creating a search and in my search I entered the following source="FileName.csv" \ OR SMS In the res... by rasamur Engager in Splunk Search 07-20-2017 0 3	0	3
How can I show all x-axis labels , even result is zero with timechart command I want data for the last ten months, but few months doesn't have data,I am using \| timechart span=1mon count then ... by nagarjuna280 Communicator in Splunk Search 07-20-2017 0 1	0	1
Is there an inverse to the IN Command? Hi Everyone, I recently found the IN command IP IN (10.72.168., 10.94.102., 10.80.134.*) I was curious if th... by swright95 New Member in Splunk Search 07-20-2017 0 3	0	3
Conditional Search items I'm trying to create a conditional which will search using one of two search terms based on an IF statement. A simpl... by danataylor Engager in Splunk Search 07-20-2017 0 4	0	4
How to draw a Chart with Duration field in HH:MM:SS format. I have duration field in seconds. I can draw graph using that field. However, I want graph using duration field in HH... by nandanthakkar New Member in Splunk Search 07-20-2017 0 7	0	7
How to keep Distinct fields correlated after merging with Stats command? Quick explanation of my Data format: Sourcetype "A" Field_ID, Field_Name Sourcetype "B" Field_ID, Interesting_Fiel... by chrisw3 Explorer in Splunk Search 07-20-2017 2 2	2	2
How to pull the event or logs from Trend micro deep security for splunk Hi Team, we have installed the Trend micro deep security for splunk and not getting any logs form trend micro. Coul... by lksridhar Explorer in Splunk Search 07-20-2017 0 5	0	5
How to append a total row for a column chart? Hi, so I currently have a column chart that has two bars for each day of the week, one bar is reanalysis and one is r... by byu168168 Path Finder in Splunk Search 07-20-2017 0 17	0	17
Why is my search not returning any results? Can anyone tell me why I am not returning any results? index=nessus cve=* \| eval CVSS_SCORE = cvss_base_score + cvss... by rkaakaty Path Finder in Splunk Search 07-20-2017 0 8	0	8
Is it possible to use wildcards to search by the last letter of a string? I am looking for specific usernames in my data set that end in "a". What would the syntax be to search the username f... by vanessedt New Member in Splunk Search 07-20-2017 0 1	0	1
How to create a table listing users and unique values for other associated fields as HostName or Access? I have the following fields: User HostName Access User A machine A SSH User A ... by jwalzerpitt Influencer in Splunk Search 07-20-2017 2 16	2	16
How can I select the index to search dynamically? I want to say \| eval my_index=(something, probably using if) \| append [index=(whatever my_index is)] How can I d... by sillingworth Path Finder in Splunk Search 07-20-2017 0 2	0	2
How handle case-sensitive results from a subsearch? I have created a dashboard that allows me to search my sendmail logs for some component of a mail transaction (e.g. m... by bacchussr Engager in Splunk Search 07-20-2017 1 3	1	3
two action against source IP I have top 5 source IP dashboard, I want to perform two action 1- when i select source IP it shoud go to external l... by rashid47010 Communicator in Splunk Search 07-20-2017 0 1	0	1
I need to display all the values in the below search index="index1" PROJECTNAME="" ( OBJECT_TYPE="" OR OBJECT_TYPE="*" ) \| dedup PROJECTNAME OBJECT_TYPE NAME \|map [sea... by tvon1990 Explorer in Splunk Search 07-20-2017 0 20	0	20
'rex' command in 6.6.2 Splunk I am trying to use the 'rex' command in one of our searches but not successful, the same search was working 1 month b... by udayk1 Path Finder in Splunk Search 07-20-2017 0 5	0	5
Search Factory: Unknown search command 'vt'. Hi Team, We have installed Virus Total Checker app as well as Enterprise Security Suite App in our Search Head serve... by anandhalagarasa Path Finder in Splunk Search 07-20-2017 1 6	1	6
show data as in the order defined in query I have a chart shows counts of Policies under different Policy Amount ranges (eg: 10000-50000). Query: index\|rename... by dsiob Communicator in Splunk Search 07-19-2017 0 6	0	6