Splunk Search

Community Activity

regular Expression extration I want to do something like this, referer_domain is the field i want to extract to create a new field. I want to rex ... by Kwip Contributor in Splunk Search 07-06-2017 0 4	0	4
Why is there a discrepancy when grouping by a variable vs searching? I want to see how many times a user has accessed a database in a given time period. I used sourcetype= h1 \| stats ... by psangli Explorer in Splunk Search 07-06-2017 0 9	0	9
How to search on non-English keywords? Hello, I have user logon logs from different countries, and some of their username contain non-English characters, su... by vj1226 New Member in Splunk Search 07-06-2017 0 3	0	3
chart Y axis right and left side Hi, I have two merge line chart in single report, for both I want two Y axis on left as well as in right side with ... by rameshlpatel Communicator in Splunk Search 07-06-2017 0 6	0	6
given a date find which week of the year given a date find which week of the year For example : if date is "27-Feb-17" the result will be "09". As 27th Feb ... by ajaylowes Path Finder in Splunk Search 07-06-2017 0 14	0	14
How to use eval to change a field's value? Is it possible with EVAL do the following? I have a field named version which brings the value like this: Version 60... by guillecasco Path Finder in Splunk Search 07-06-2017 0 21	0	21
Counting occurences of 5 specific strings in logs For a given sourcetype=src I have to search for five specific strings (let it be "abc", "def", "ghi", "jkl", "mno") o... by AshimaE Explorer in Splunk Search 07-06-2017 0 5	0	5
How can I show these two queries over two different time ranges in one chart I would like to show the comparison of our website's apache log as a chart in my panel. I am able to run the queries ... by vikasT Explorer in Splunk Search 07-05-2017 0 8	0	8
When I Compare a field that has dates, the results brings dates out of the comparison I'm trying to filter a field when date is greater than 07/05/2017 The date fild format is as follows : DD-MMM-YY Ex.... by asotorod New Member in Splunk Search 07-05-2017 0 6	0	6
How to sum field values with a dependancy on another field? My data has a IP field and a number of bytes used by that field. I send data every 5 mins and most of the IPs remain ... by amritanshgupta Explorer in Splunk Search 07-05-2017 0 4	0	4
mvzip json array of values in one event [ { "sym":"ee", "code":2E1, }, { "sym":"ie", "code":2E2, } ] I have a fie... by exocore123 Path Finder in Splunk Search 07-05-2017 0 6	0	6
How to generate a search that I am looking for Unique users on my Splunk search head cluster like : like compare the users change percentage with ... by svemurilv Path Finder in Splunk Search 07-05-2017 0 1	0	1
Combine two searches left outer style Hello I have an index which gets data of manual IT system scans with the following structure (simplified for example... by altink Builder in Splunk Search 07-05-2017 0 5	0	5
Lookup multiple values So I'm doing a lookup for multiple values, so similar to the following: ...\| lookup entity OUTPUT x as XX y as YY ... by edschembor Path Finder in Splunk Search 07-05-2017 0 5	0	5
How to fit a subsearch in the middle of a search query Hi everyone. How do I format this subsearch to work in my search query? I'm still fairly new to splunk \| inputloo... by chaninphx Path Finder in Splunk Search 07-05-2017 0 8	0	8
Grouping Events by Both Time and Customer Hi all, Want to alert when a customer's usage suddenly drops. Tried breaking recent usage into two time periods: -... by DGray Engager in Splunk Search 07-05-2017 0 2	0	2
Timezone query to modify _time field if the user's timezone is not UTC. I have a dropdown in my dashboard where I provide static label and value for 4 timezones as of now(UTC,ET,PST,CT) (Wh... by waltz Explorer in Splunk Search 07-05-2017 0 2	0	2
Translate Windows security descriptor to readable format Im working on using Splunk for Windows auditing. In events 4670, 4656 and 4663 one (or more) security descriptors are... by coenvandijk Observer in Splunk Search 07-05-2017 0 2	0	2
Perform another search from the search result Hi Splunk Gurus, I am not sure what is the term to use about my question, so I will explain it so everyone will unde... by wiggler Explorer in Splunk Search 07-05-2017 0 2	0	2
Finding max of a count up to each hour of the day I am wrestling with a query around getting a max value of a count per hour up to each. I will explain with an example... by bjmclean Explorer in Splunk Search 07-05-2017 0 2	0	2
How to write a basic SPLUNK query which returns value A, B, C & D. Can you please help me on how to write a basic SPLUNK query which returns value A, B, C & D. here are the sample XML... by t964396 New Member in Splunk Search 07-05-2017 0 8	0	8
Connection time delta of a replication session, filter source and destination by connection id Hi! I would like to create a chart for connection time delta of a replication session, filter source and destination ... by kisfoldik Explorer in Splunk Search 07-05-2017 0 1	0	1
How to use Stats command ? Hi Splunker, I have a logs which has Defect ID ,Actual Fix Time Taken,Detected By,Priority. I would like to calcul... by m7787580 Explorer in Splunk Search 07-05-2017 0 2	0	2
Ho to get search input from csv file I am having a csv file which contains some production server jobs name to monitor. I want to give those jobs listed i... by Kwip Contributor in Splunk Search 07-04-2017 1 3	1	3
How can I take the results from a search and generate a second search from those results? Hi all, I have a search that looks for ICID's (injection connection ID) found in incoming SPAM email events. Someti... by doogan12 Engager in Splunk Search 07-04-2017 0 11	0	11