Splunk Search

Community Activity

LDAP group reporting Hi. Could someone suggest how I could go about creating a report that list all AD users and all the associated LDAP g... by aoliullah Path Finder in Splunk Search 04-11-2017 0 4	0	4
Search for file path and only that file path to come back nothing else hi I have the following files /net/dell427srv/data1/apps/QCST_DBS_RSAT_v3.1.38_MASTER_DONOTRESTART/ /net/dell427sr... by robertlynch2020 Influencer in Splunk Search 04-11-2017 0 4	0	4
Stuck on extracting fields using own RegEx Hi, still finding my around Spplunk and I've sort of go what I want in pt2 of my requirements, but after a couple of ... by StuReeves Explorer in Splunk Search 04-11-2017 0 3	0	3
How to expand multivalue fields after using streamstats command? Hello, I am trying to figure out how to expand multivalue fields after using the streamstats command. I have an event... by like2splunk Explorer in Splunk Search 04-11-2017 0 3	0	3
I am not getting the right query for searching 2 different errors on same one server For example, below query, the host is prodsrvhpsm01 and I am searching for 2 different errors error1 and error2 but... by stagare Explorer in Splunk Search 04-11-2017 0 1	0	1
How to assign fields to event/logs which do not contain target string I have two applications, these can exist in preprod or live environments. I want to have a field on logs from both ap... by JpAnderson_2 New Member in Splunk Search 04-11-2017 0 4	0	4
Delta on serveral fields, separate by id I have multiple events like : field 1; otherTimestamp; field2;field3;field4 test;1371481920.000000,value2,valeu3...... by sbsbb Builder in Splunk Search 04-11-2017 2 10	2	10
How to display values in the columns for a chart? Hi All, Im using splunk 6 This is my search string search string...."Send Destination") \| timechart count by group... by aak2 New Member in Splunk Search 04-11-2017 0 3	0	3
Correlating field values and finding where they match Hello guys, So I have struggled writing search pipeline for this senario: I have comparing unique id(numerical valu... by sasisudas New Member in Splunk Search 04-11-2017 0 1	0	1
How to count number of item that sastify condition by small group For example, I have below data: Shop1 Day1 sell 11 Shop1 Day2 sell 14 Shop1 Day3 sell 20 Shop2 Day1 sell 15 Shop2 Da... by nguyentu New Member in Splunk Search 04-10-2017 0 2	0	2
How do I make a timechart show the times in horizontal instead of vertical? I am trying to run a search that shows how many unique ports a particular IP address access in a day over a seven pay... by ngoetz9915 New Member in Splunk Search 04-10-2017 0 1	0	1
Combining multiple CPU percentage instances to a single instance So I have CPU data from template for Citrix XenApp addon gathering CPU metrics. Each line on the graph is populated f... by shawngarrettsgp Path Finder in Splunk Search 04-10-2017 0 4	0	4
I have multiple whitelists in the same directory. How to edit inputs.conf to make sure it captures all the logs? I have all my switch and linux syslogs stored in a single directory - let's call it /var/log/syslog. I'm trying to as... by ejwade Contributor in Splunk Search 04-10-2017 0 2	0	2
how to sum http get/post/ delete in log sample? Total Get =4 Total Post = 10 Total PUT=30 Log files example index=index1 2017-04-08, logger="test1, AppId="100",", h... by jw44250 New Member in Splunk Search 04-10-2017 0 4	0	4
Using LOOKUP to insert a Regex string - is it possible? I want to insert a different regex string into my query for each host. I am thinking that a way to achieve this is b... by ipicbc Explorer in Splunk Search 04-10-2017 0 3	0	3
Outer query should display the results based on the inner query count i want to display the events based on subquery's count(say Mycount) . please help me with search query. index=abc so... by sravankaripe Communicator in Splunk Search 04-10-2017 0 2	0	2
How to use sum() for the $ values? Hi I have a csv file with $6.00, $6.11,etc as values. How can user sum() for these values? by kiran331 Builder in Splunk Search 04-10-2017 0 1	0	1
How to edit my search to find Fortinet Internet Browsing Time by User per Day? We have Fortinet FSSO in place and we have syslogs coming into Splunk. I need a way to report how much time users are... by wellmore Explorer in Splunk Search 04-10-2017 0 5	0	5
Only show null values from timechart values(source) Hello guys, could you tell me how to only show null cells from this kind of table, for alerting purpose? Search: in... by splunkreal Influencer in Splunk Search 04-10-2017 0 9	0	9
How to convert Local time to XML time format? Hi How to convert EVENT_LOCAL_TIME="2017-04-06 15:49:29.0" this time into XML time format? by kiran331 Builder in Splunk Search 04-10-2017 0 2	0	2
How do you track down inefficient field extractions? Just had to support a user with field extraction issues. While working on it, I noticed the report was still taking a... by twinspop Influencer in Splunk Search 04-10-2017 1 8	1	8
how to create line chart with multiple fields like timeline? hello, i have this raw table: 1 2 3 4 5 6 7 8 9 10 0 0 0 0 0 0 0 0 0 ... by avivn Explorer in Splunk Search 04-10-2017 0 3	0	3
+ fields command + question/observation on case sensititvity ... \| fields + _time GOUa this will give me my _time column on the left with other columns on the right matching th... by HattrickNZ Motivator in Splunk Search 04-10-2017 1 3	1	3
Eventtype or macros - Need Suggestion Hi Everyone, I need a suggestion to build the Splunk app or query . The situation is I had list of cities (lets... by himpor Engager in Splunk Search 04-10-2017 0 5	0	5
Data Enrichment from lookup with column header containing spaces Is it possible to use a csv file in a lookup specifically for data enrichment whereby the column header contains spac... by jacqu3sy Path Finder in Splunk Search 04-10-2017 0 8	0	8