Splunk Search

Community Activity

Lookup multiple values So I'm doing a lookup for multiple values, so similar to the following: ...\| lookup entity OUTPUT x as XX y as YY ... by edschembor Path Finder in Splunk Search 07-05-2017 0 5	0	5
How to fit a subsearch in the middle of a search query Hi everyone. How do I format this subsearch to work in my search query? I'm still fairly new to splunk \| inputloo... by chaninphx Path Finder in Splunk Search 07-05-2017 0 8	0	8
Grouping Events by Both Time and Customer Hi all, Want to alert when a customer's usage suddenly drops. Tried breaking recent usage into two time periods: -... by DGray Engager in Splunk Search 07-05-2017 0 2	0	2
Timezone query to modify _time field if the user's timezone is not UTC. I have a dropdown in my dashboard where I provide static label and value for 4 timezones as of now(UTC,ET,PST,CT) (Wh... by waltz Explorer in Splunk Search 07-05-2017 0 2	0	2
Translate Windows security descriptor to readable format Im working on using Splunk for Windows auditing. In events 4670, 4656 and 4663 one (or more) security descriptors are... by coenvandijk Observer in Splunk Search 07-05-2017 0 2	0	2
Perform another search from the search result Hi Splunk Gurus, I am not sure what is the term to use about my question, so I will explain it so everyone will unde... by wiggler Explorer in Splunk Search 07-05-2017 0 2	0	2
Finding max of a count up to each hour of the day I am wrestling with a query around getting a max value of a count per hour up to each. I will explain with an example... by bjmclean Explorer in Splunk Search 07-05-2017 0 2	0	2
How to write a basic SPLUNK query which returns value A, B, C & D. Can you please help me on how to write a basic SPLUNK query which returns value A, B, C & D. here are the sample XML... by t964396 New Member in Splunk Search 07-05-2017 0 8	0	8
Connection time delta of a replication session, filter source and destination by connection id Hi! I would like to create a chart for connection time delta of a replication session, filter source and destination ... by kisfoldik Explorer in Splunk Search 07-05-2017 0 1	0	1
How to use Stats command ? Hi Splunker, I have a logs which has Defect ID ,Actual Fix Time Taken,Detected By,Priority. I would like to calcul... by m7787580 Explorer in Splunk Search 07-05-2017 0 2	0	2
Ho to get search input from csv file I am having a csv file which contains some production server jobs name to monitor. I want to give those jobs listed i... by Kwip Contributor in Splunk Search 07-04-2017 1 3	1	3
How can I take the results from a search and generate a second search from those results? Hi all, I have a search that looks for ICID's (injection connection ID) found in incoming SPAM email events. Someti... by doogan12 Engager in Splunk Search 07-04-2017 0 11	0	11
Calclute Avg of max values for a given period Hi everyone, please help me in below task , appreciate your time and effort Use case : in below table for example ... by x186855 New Member in Splunk Search 07-04-2017 0 3	0	3
Compare search fields to add another field if they match So at the moment I have a simple search index=index sourcetype="sourcetype" host1 OR host2 \| table hour day month ... by danielsavage New Member in Splunk Search 07-04-2017 0 2	0	2
Rex Not Extracting All Data HI, I wonder whether someone could help me please. I'm trying to extract the first name from the data as shown belo... by IRHM73 Motivator in Splunk Search 07-04-2017 0 22	0	22
Getting average of variable name fields Hi! ... \| streamstats count as SESSION by PATIENT_ID PROGRAM_NAME \| chart values(AVG_RT) over SESSION by PROGRAM_NAM... by yurykiselev Path Finder in Splunk Search 07-04-2017 0 3	0	3
Storing a REGEX filed into a DataModel Hi All I am looking for the best approach to an issues i have. I have multiple files that start with the following.... by robertlynch2020 Influencer in Splunk Search 07-04-2017 0 1	0	1
How to add event duration time for multiple events into one row? Hello, I'm trying to find the correct syntax to get the total time a device was in an alert status. The events have... by lagle123 New Member in Splunk Search 07-03-2017 0 6	0	6
Working with Lookup I am having below requirements to be merged to create a dashboard/Report. Need to append my search result to the lis... by Kwip Contributor in Splunk Search 07-03-2017 0 5	0	5
i have a results which has order status across many system. i want to group by order status with system in bar graph status1 status2 status3 status4 status5 complete failed complete complete ... by DataOrg Builder in Splunk Search 07-03-2017 0 5	0	5
How to give every event all fields that occur in any event already processed in search So I've managed to make the first few events be those which have the 25 extra fields, but how do I make all following... by snreichel Engager in Splunk Search 07-03-2017 0 2	0	2
How can I search for a URL that a user or users may have clicked on from a SPAM or phishing email? Often times users click the link or open a attachment in a SPAM or phishing email. I would like to be able to enter ... by doogan12 Engager in Splunk Search 07-03-2017 0 5	0	5
How to join multiple tables / stats to a single table In our application, we are processing files received by our application. In various places, we have logs as follows: ... by parameshjava Explorer in Splunk Search 07-03-2017 1 5	1	5
I Want to split the results by hour and server Hi all, We have data coming from 2 diferent servers and would like to get the count of users on each server by hour.... by leandrot Explorer in Splunk Search 07-03-2017 0 10	0	10
'Error in 'search' command: Unable to parse the search: Comparator '>' is missing a term on the left hand side' Hi, I am getting the below error 'Error in 'search' command: Unable to parse the search: Comparator '>' is miss... by prathapkcsc Explorer in Splunk Search 07-03-2017 0 7	0	7