Splunk Search

Community Activity

How to optimize my lookup search with large amounts of data? I'm currently collecting IoCs in terms of IPs and Domain names and want to run searches towards my historical log-dat... by JetteBra New Member in Splunk Search 04-04-2017 0 3	0	3
How can I calculate the term frequency for all the words in a field's values? I am trying to calculate some term frequency on the field. The field is defined as follow. rex field=_raw "Notes : (... by mhqssyh Explorer in Splunk Search 04-04-2017 1 5	1	5
Updating LookUp Table Data Externally - 'Auto-magically' I am wanting to create a process that will make it really simple and easy for my users to update their lookup table f... by rgcurry Contributor in Splunk Search 04-04-2017 3 6	3	6
Is it possible to use fillnull for fieldnames with a specific pattern? Hi, is it possible to use fillnull for fields with a specific pattern? Wildcards are not working, but I want to avoi... by HeinzWaescher Motivator in Splunk Search 04-04-2017 0 2	0	2
Regex extraction advice for phone numbers - Replace for multivalued fields Hello, I am trying to extract and normalize some phone numbers that are appearing in inconsistent ways. Below I atte... by jhall0007 Path Finder in Splunk Search 04-04-2017 0 3	0	3
Creating Server update from events and csv lookup I am hitting a mental block in creating this query and wish to monitor our server performance so we have visibility o... by MattLingwood Engager in Splunk Search 04-04-2017 0 9	0	9
How to calculate min/max/avg/stdev by each line The date are all number field, such as cluster, field_1, field_2, field_3, field_4, field_5 1 3 ... by goji Path Finder in Splunk Search 04-04-2017 0 4	0	4
How to calculate percent increase of crime by month over 6 years? Hello, I'm new to Splunk and would appreciate any help. I am trying to figure out what month had the largest percent... by KassandraI Engager in Splunk Search 04-04-2017 0 5	0	5
set earliest and latest time stamp How to set earliest to 26th of previous month and latest to 25th of current month? if hard corded then 26th of Feb to... by k_harini Communicator in Splunk Search 04-04-2017 0 5	0	5
Combinig two graphs into one I have two graphs (I put example and their search code) and I want to display them on a single graph. Is there a way ... by matansocher Contributor in Splunk Search 04-04-2017 0 4	0	4
Error in 'transaction' command: Descending time ordered events required, but the preceding search does not guarantee time order I believe commands like "transaction" work on the _time metadata field that is hidden in each event. This is similar ... by thisissplunk Builder in Splunk Search 04-03-2017 0 1	0	1
How to change the unit values (5G to 5 and 400M to .4) for a scripted input? I have scripted output from UGE qhost command that gives memory in G (GBs) or if less than 1GB, in M (MBs). I'd like... by shearsey New Member in Splunk Search 04-03-2017 0 3	0	3
How to count the number of occurences of distinct strings associated with a specific json tag across multiple events? Hello, I am very new to this tool. I have Splunk set up to monitor a log file and extract json being written to that... by dhartzog New Member in Splunk Search 04-03-2017 0 3	0	3
Need to run a subsearch with practically unlimited rows Hi, Currently I'm trying to run a query which take the results of a subsearch as a parameter as follows: index="vid... by anthony_copus Explorer in Splunk Search 04-03-2017 0 3	0	3
How to extract multi key value from a single event Here is the logs, event=SUCCESS_FROM_SERVICE UserID=abc currentTime=2017-03-31T05:22:52.176Z headline="[{'contentUU... by shaal89 New Member in Splunk Search 04-03-2017 0 3	0	3
How to index Oracle audit trails stored in .aud files? Hi, I have a request from a client to index the .aud files generated by Oracle. I have been searching Splunk Answers... by f_luciani Path Finder in Splunk Search 04-03-2017 1 12	1	12
Getting a value from subsearch (index="myindex" OR index="wineventlog") AND ((host=MYSERVER1 OR host=MYSERVER2) AND (EventCode=20274 OR EventCode=20... by tmontney Builder in Splunk Search 04-03-2017 0 24	0	24
display single row vertically Is there a way to display a single row table in vertical form ? simpleresult ist like key1 key2 key3 I'd like key1 ... by sbsbb Builder in Splunk Search 04-03-2017 0 2	0	2
Rename a Column When Using Stats Function Good morning, This must be really simple. I have the query: index=[my index] sourcetype=[my sourcetype] event=logi... by SplunkLunk Path Finder in Splunk Search 04-03-2017 0 4	0	4
Is it possible to write a search that shows the selected timerange of saved searches? Hi, Is it possible to write a search that shows the selected timeranges for all saved searches? The result table wo... by HeinzWaescher Motivator in Splunk Search 04-03-2017 0 2	0	2
timechart time format change I am trying to tabulate number of specific operation per day using this format timechart span=1d count as DLCreateCo... by gancw1 Explorer in Splunk Search 04-03-2017 0 8	0	8
How to push the search query to lookup file If I write a search query and want to push the search query code to my lookup. Ho to do it?? by vivek_manoj Explorer in Splunk Search 04-03-2017 0 6	0	6
Find Time-Range for Most Recent event. So I have splunk events and I want to display information as a time range. For example: event type1: Started proc1 id... by njwrk Engager in Splunk Search 04-02-2017 0 3	0	3
How to extract multivalue pipe separated subfields (with header) from a field? I have a data source from DBX that has a field called "description" that contains a pipe separated format with header... by jedatt01 Builder in Splunk Search 04-02-2017 0 3	0	3
Finding a percentage for every value in another field I am looking for source IPs that have a high percentage of being blocked. The evaluations below work fine if I use ju... by stakor Path Finder in Splunk Search 04-01-2017 0 1	0	1