Splunk Search

Community Activity

Is it possible to alert on something that is NOT in a lookup file? Hello everyone, Basically exactly what the title says. I made a white list of approved accounts and would like to a... by Svill321 Path Finder in Splunk Search 06-27-2017 0 3	0	3
inputlookup loops The idea is my hosts will write a status message to a log file that gets picked up by Splunk and put into a shared in... by synsoc New Member in Splunk Search 06-27-2017 0 2	0	2
finding repetition in array of logs I have a field in my logs that contains an array of string elements. Is there a way to detect for repeating strings a... by exocore123 Path Finder in Splunk Search 06-27-2017 0 12	0	12
Cannot use earliest and latest for _time field newly converted from other field ? Hello, When i trigger a search like: host="win20_oslo-ifs_CC-DC" index="sqlobj" \| multikv \| eval BusinessEpoch=strp... by sieutruc Contributor in Splunk Search 06-27-2017 0 4	0	4
Derive duration from TimeStamp in event field I have a bit of a tricky one here. I have a search which leverages an automatic lookup. One of the output fields ... by ctripod Explorer in Splunk Search 06-27-2017 0 6	0	6
Changing how time is displayed based on user input I have a dashboard with a range of aggregation span from 1h, 1d, 7d, 1mon. And I want to change how timestamp is disp... by exocore123 Path Finder in Splunk Search 06-27-2017 0 3	0	3
Regex for extracting Windows event subject line LogName=Application SourceName=Oracle EventCode=0 EventType=2 Type=Error ComputerName=server1.xxx.ds.abcde.com TaskCa... by macadminrohit Contributor in Splunk Search 06-27-2017 0 2	0	2
counting results in sub-query I have a list of log lines which indicate an order has been placed and have a session id (sid) but no customer id (ci... by stephenmoorhous Path Finder in Splunk Search 06-27-2017 0 1	0	1
how to search from yesterday at certain time until today I am looking to create a search looks at after hour activities. How would you search for events from yesterday begin... by cheyenne15 New Member in Splunk Search 06-27-2017 0 4	0	4
how to show accumulated sum over bin of time I would like to calculate the accumulated energy used over a period of 15 minutes. The sum has to start around min%15... by ericyeh1995 Explorer in Splunk Search 06-27-2017 0 5	0	5
I have a dashboard with too many searches. How to best split these searches using a base search and post-process searches? I have a dashboard that has way too many searches on it so I was trying to split it up using a base search and the po... by kmaron Motivator in Splunk Search 06-27-2017 1 6	1	6
Sql search and duplicate alerts I have a search defined like this for the alert \| dbxquery connection=MyDB query=usp_Splunk_GetDataForAlert shortnam... by aamelyan Explorer in Splunk Search 06-26-2017 0 1	0	1
Regex to move three values into sourcetype field with transforms.conf Hi, I am very new with Regex and have been struggling with simple task. I need to change three values (Health, Audi... by pbugeja New Member in Splunk Search 06-26-2017 0 24	0	24
How to edit my search to send an email if the count of a down server is greater than 0? I'm new to Splunk and I have the Search where I check one Server for 7 Services and State=Stopped and run a st... by jampar12 New Member in Splunk Search 06-26-2017 0 2	0	2
What are the REST services available from Splunk Hi. Is there a way to search all services from REST command? Or is there a link to list all the services from the R... by splunkrocks2014 Communicator in Splunk Search 06-26-2017 0 4	0	4
How to run a two step search (probably using map) I have a requirement to get the count of events in the past 6 weeks, grouped by week. The query looks a like this: \|... by scott_cultuream New Member in Splunk Search 06-26-2017 0 5	0	5
How to create a Dinamic Field with a String Hello everyone! How can I make a table with the number of concurrencies that splunks finds? for example I want to fi... by danielgp89 Path Finder in Splunk Search 06-26-2017 0 2	0	2
How to exlude the event from Indexing? Hi I have a cisco ASA event , which I have to exclude before Indexing. What's the best way to do it? sample event:... by kiran331 Builder in Splunk Search 06-26-2017 0 1	0	1
Transposing multiple DateTime fields into counts per Dates/Hour We have events that have multiple time values to record timings of a translation. We are looking to show a count of ... by johnwilling Explorer in Splunk Search 06-26-2017 0 3	0	3
Ability to add to search without re-running entire search? hI, I've been asked if there is a way to add/extend a search without re-running it in it's entirety. Apparently, th... by a212830 Champion in Splunk Search 06-26-2017 0 14	0	14
Where can I find detailed documentation for using tstats with accelerated data models? I'm starting to use accelerated data models to power some dashboards, but I'm having some issues. For example, after ... by romedome Path Finder in Splunk Search 06-26-2017 2 6	2	6
Remove character pattern from field value In one of my logs, I have some fields that return values such as: status=FA-Full Pulse AOV Access Realm)[ status=FA-F... by bcarr12 Path Finder in Splunk Search 06-26-2017 0 4	0	4
Extract fields from Windows Event Log Message I have events that do not extract the fields from the message field by default. I'm trying to setup props/transforms... by dw385 Explorer in Splunk Search 06-26-2017 0 7	0	7
Problem with Fields Aliases Hi all, I have some problem with fields aliases. I try to explain, I receive a message MQ with a XML message body; i... by mcalta New Member in Splunk Search 06-26-2017 0 3	0	3
i want split all the "modify" tags value under a column and other tags vice versa. Extends Asasociaoted With Deicooration: Linseld - Acation Coade; modify:extends -act5iodn; modify:extends -date;Exten... by DataOrg Builder in Splunk Search 06-25-2017 0 2	0	2