Splunk Search

Community Activity

How do you restrict user searches to only return data injected by themselves? I have a subset of users who should only be able to view data injected by themselves. To know the event in Splunk wa... by ddurio Engager in Splunk Search 07-17-2017 1 3	1	3
Average of results from input search So I have a search set up where I can find the cpu of a server for a given host. However, now I want to add an option... by danielsavage New Member in Splunk Search 07-17-2017 0 6	0	6
Why does my search return error "Unable to parse the search: Comparator '=' is missing a term on the right hand side"? I had this search working and now it seems to have stopped gives an error. Thoughts? Search: index=symantec source... by HealyDPS Explorer in Splunk Search 07-17-2017 0 7	0	7
Field Extraction errors I keep receiving this error: The extraction failed. If you are extracting multiple fields, try removing one or more f... by jclehmuth Path Finder in Splunk Search 07-17-2017 0 7	0	7
entire file to a single event SHOULD_LINEMERGE = true MAX_EVENTS = 99999 TRUNCATE = 9999999 SHOULD_LINEMERGE = false LINE_BREAKER = ((FAIL*)) I... by 722624 Path Finder in Splunk Search 07-17-2017 0 7	0	7
How do we keep the null results obtained from stats count by field to match the table? I am trying to obtain the DailyTransactions and WeeklyTranscations . The following is my Query -> index=INDEXA sourc... by tareddy Explorer in Splunk Search 07-16-2017 0 3	0	3
Why Splunk results are not showing properly? Hi, Can anyone please help me to understand why I am seeing the results in a linear format and I can not see the res... by iqbalintouch Path Finder in Splunk Search 07-16-2017 0 7	0	7
Find computer availability index="windows_logins_test" LogName="Security" (EventCode=4624 AND EventCode!=4647) \|table ComputerName when I set... by vikashnimoyle New Member in Splunk Search 07-16-2017 0 2	0	2
How to use Regex to extract the fields in the windows application event? HI, How to extract the field user, action and src_ip from the below event? 05/31/2017 11:59:52 PM LogName=Applicatio... by kiran331 Builder in Splunk Search 07-16-2017 0 3	0	3
Eval Match function Issue I need to extract the date from the file name,But the format of the data on different files are different for eg:D2... by vikasreddy Explorer in Splunk Search 07-15-2017 0 7	0	7
How to exclude NULL return fields from my search? eventtype=qualys_vm_detection_event STATUS!="FIXED" \| fillnull value=- PROTOCOL \| dedup 1 HOST_ID, QID, PROTOCOL, ST... by rkaakaty Path Finder in Splunk Search 07-15-2017 1 6	1	6
What is the search engine Splunk uses to retrieve the data instantly ? I need to understand the backend search engine Splunk uses to retrieve the data instantly upon a search in the UI. Al... by Rshekar19 New Member in Splunk Search 07-15-2017 0 1	0	1
How to remove fields from a search that will be used in dashboard drill down panel in dashboard. All, I am running this search to build a drilldown panel in a dashboard: index=os "invoked oom-killer:" \| eval stim... by GersonGarcia Path Finder in Splunk Search 07-15-2017 0 4	0	4
Can I display the variable concatenated in a table? Hi, everyone When I create a field concatenated with eval, example: \|eval date = day. "/" .month." /". year. \| Can ... by cgaete Explorer in Splunk Search 07-14-2017 0 3	0	3
How to find alerts and dashboards that were created a long time ago? Is there any way to find out the alerts and dashboards created like 5 months ago and with the respective user names? by kteng2024 Path Finder in Splunk Search 07-14-2017 0 1	0	1
How can I identify missing log inputs on Splunk Enterprise? I am trying to develop a search that can identify missing logs based on average of time between log entries for each ... by fcompagnari New Member in Splunk Search 07-14-2017 0 6	0	6
Extract value from fields that are named the same Here's some sample data: appName=test-application projectId=unknown projectName=My Test, id=123, projectId=12345abcd... by hippe21 Explorer in Splunk Search 07-14-2017 0 2	0	2
latest = earliest + 1day. in search query Hi, I am trying to filter my search results by specifying earliest and latest time in my search query. The earliest ... by snehasal Explorer in Splunk Search 07-14-2017 0 3	0	3
How to bucket sums of a multi-value array with values of another array? I have some logging being generated that aggregates values for a user in a comma-separated sequence, and has a second... by jpolson New Member in Splunk Search 07-14-2017 0 3	0	3
Grouping using extracted text Hi Team, I am trying to extract substring from the error log and generate the stats by grouping the extracted descri... by newbie2tech Communicator in Splunk Search 07-14-2017 0 11	0	11
Quick TimeChart Question \| timechart count \| timechart per_day(count) span=24h Can someone breakdown this for me as i am trying to figure out... by colinmchugo Explorer in Splunk Search 07-14-2017 0 6	0	6
get latest record based on custom time field I have a excel input having columns-> Id, UpdateTime, Desription, AssignedTo, StartTime having Values like Id ... by dsiob Communicator in Splunk Search 07-14-2017 0 3	0	3
How to add a column to a chart? I am trying to add a column to my current chart which has "Customers" as one column and "Users" as another. e.g. ... by andrewygray New Member in Splunk Search 07-14-2017 0 4	0	4
Timechart graph disappears after loading is complete Hi, Below is my query which shows be the growth of the database in a year index=db_connect source = "db2*.log" \|de... by sangs8788 Communicator in Splunk Search 07-14-2017 0 2	0	2
what is the maximum number of lines my search result can return ? for example : If i dont use " limit = 0 "it will return unlimited number of lines in search result but without using ... by dilipdwayne Engager in Splunk Search 07-14-2017 0 2	0	2