Splunk Search

Community Activity

remove orphaned scheduled search in Splunk 6.5.3 hi we have Splunk connected to Active Directory and we cannot add local users so we cannot reassign orphaned searche... by asimagu Builder in Splunk Search 07-12-2017 0 2	0	2
How can I remove a events from a search table Hi Guys, Good Day! Just want to ask on how can I remove YYYYMMDD HH24:MI:SS") event on my search table. Here is my ... by vino06 New Member in Splunk Search 07-12-2017 0 2	0	2
how to edit my search earliest=-48h@h latest=-24h@h index="my-live-srv" sourcetype="Perfmon:sqlserver:sql_errors" counter="Errors/sec"\| whe... by sonila Path Finder in Splunk Search 07-12-2017 0 8	0	8
Adding a colum to stats results Hey! Right now I have a search - source="tcp:6555"\| search Message_Type =IP \| stats sum(Bytes) AS Bytes by IP \| s... by amritanshgupta Explorer in Splunk Search 07-12-2017 1 3	1	3
Add original host to windows security event syslog header I want to export windows security events to syslog. The following works but it shows the events all originate from sp... by agarrison Path Finder in Splunk Search 07-12-2017 0 2	0	2
Need help with Predict command to forecast receipts by customer Hi everyone, I use Splunk to assign transactions on daily bank statements to Category (eg receipts, payroll etc) and... by fmcg New Member in Splunk Search 07-12-2017 0 1	0	1
Simple question about timecharts Hi there, I have a field with values, like 2, 4 or 10. Now I want to use a timechart or a chart which display 2, 4 o... by nebel Communicator in Splunk Search 07-12-2017 2 7	2	7
Field Values Case Sensitve I have a lookup table, with an ID field that has case specific alphanumeric values in it. I'm attempting to search ... by tmarlette Motivator in Splunk Search 07-12-2017 0 10	0	10
How to create a single value trend to show the difference based on the previous day? Hi , I need to create a single value visualization with the trend indicator. The trend indicator should be the dif... by seetharamanss Explorer in Splunk Search 07-12-2017 0 4	0	4
Search doesn't show results if for the same node are present two type of alarms Hello, I have a query that extract some type of alarms divided by NODE. These are the columns of the query: _time ... by ngerosa Path Finder in Splunk Search 07-12-2017 0 6	0	6
Why am I just getting a chart, but no trend line after using trendline command? Hi Experts, I am plotting a trend line with trendline command. Here is my simple search sourcetype="Perfmon:CPU14" ... by vikas_gopal Builder in Splunk Search 07-12-2017 1 9	1	9
How to add x-axis labels show on a timechart when data contains epoch time? Hi, I am still fairly new in Splunk as I just started last week. Any help is appreciated!! This is what i currently ... by Michellework New Member in Splunk Search 07-12-2017 0 3	0	3
Windows CPU by Process - How do I divide field value #1 by field value #2? I am trying to get a representation of the percentage of CPU used per windows process based on the amount of processo... by mightaswelby Explorer in Splunk Search 07-12-2017 0 4	0	4
Data masking HI , i want to masking the cookie value in the the log file i just write the regx but its not displaying the data bef... by svemurilv Path Finder in Splunk Search 07-12-2017 0 5	0	5
transaction calculate duration betweeen 2 events I'm trying to use transactions to generate a timeline of events where the events are grouped by an eventId I'm reci... by preben12 Communicator in Splunk Search 07-12-2017 1 8	1	8
Use Join but also display non matching datasets I'm currenty trying to combine data from our firewall and sysmon which is running on a testclient. I want to join the... by davidb89 Engager in Splunk Search 07-12-2017 0 4	0	4
How to Extract value from Source Field Hi, I want to Extarct Filed from Source file and Below are some Sorce file. /opt/si/logs/taopwssid1/admin/paas-cli... by saroj005 Engager in Splunk Search 07-12-2017 1 2	1	2
how to show 0 when no search result found after succeed with "Infected files:" \| rex field=_raw "Infected files: (?<Infected>\d*)" \| convert timeformat="%Y-%m... by cyberportnoc Explorer in Splunk Search 07-12-2017 0 5	0	5
moving rex to props and transforms not woking Hi, I am monitoring print events from windows event logs using WinEventLog:Microsoft-Windows-PrintService/Operationa... by sajeshpp Path Finder in Splunk Search 07-12-2017 0 13	0	13
Connect two points on map based on two coordinates Hello, I have this search: index=ip \| lookup list.csv pop as POP_A OUTPUTNEW LAT as LAT_A LON as LON_A \| lookup list... by ngerosa Path Finder in Splunk Search 07-12-2017 0 3	0	3
Using the like operator for raw text Hi Can someone help me with a query please. So I have a field called message which displays the following: "messag... by dadomor Engager in Splunk Search 07-12-2017 0 2	0	2
How to edit my search to find the time frame window with the least amount of events? Hi there, I am trying to return the top 3 results of three hour windows where an event is least likely to happen bas... by bamalone New Member in Splunk Search 07-12-2017 0 2	0	2
What is the best way to get the running average and standard deviations for external port connects? So I am looking at cisco asa logs and wondering what the best way method would be to create an alert when the number ... by packet_hunter Contributor in Splunk Search 07-11-2017 0 2	0	2
Extract data for last 3 months Hi All, I am searching from a csv lookup. The CSV contains fields --> 1. Reporting Month & Year -->17-Jan, 17-Feb, ... by aartivig289 Engager in Splunk Search 07-11-2017 0 1	0	1
How can I reset the "search timeframe" based on data in results? Is there any way to "reset" the "search timeframe" so that all the "commands that bin" will honor a new "search timef... by vbumgarner Contributor in Splunk Search 07-11-2017 0 4	0	4