Splunk Search

Community Activity

How to create a search to compare a lookup CSV file of blacklisted IPs with firewall logs? Hi All, I have a blacklisted IP CSV file (Placed in lookup folder of search(app)). I need to compare with firewall l... by sumit29 Path Finder in Splunk Search 04-04-2017 0 4	0	4
How to edit my transaction search so that it will only return grouped results? This seems like it would be easy to figure out through search but I'm coming across a dead end. I have a transaction ... by EricLloyd79 Builder in Splunk Search 04-04-2017 0 5	0	5
Top10 in percent with lookup This is my first attempt to create a "bigger" splunk search. I tried it the last two weeks but am stuck now. Hopefull... by spotypoti1 Engager in Splunk Search 04-04-2017 0 4	0	4
How do I pull only specific status entries from a sourcetype at a given time? I have one source-type with column names srno for a ticket. Scenario: Ticket status gets updated per it's life cycle... by AShah_2 Engager in Splunk Search 04-04-2017 0 5	0	5
How to search files compressed using Snappy from virtual indexes? Hi all, I have a few files (containing syslog events) in my Hadoop HDFS compressed using Snappy, and I configured Sp... by chaychoong New Member in Splunk Search 04-04-2017 0 1	0	1
How to optimize my lookup search with large amounts of data? I'm currently collecting IoCs in terms of IPs and Domain names and want to run searches towards my historical log-dat... by JetteBra New Member in Splunk Search 04-04-2017 0 3	0	3
How can I calculate the term frequency for all the words in a field's values? I am trying to calculate some term frequency on the field. The field is defined as follow. rex field=_raw "Notes : (... by mhqssyh Explorer in Splunk Search 04-04-2017 1 5	1	5
Updating LookUp Table Data Externally - 'Auto-magically' I am wanting to create a process that will make it really simple and easy for my users to update their lookup table f... by rgcurry Contributor in Splunk Search 04-04-2017 3 6	3	6
Is it possible to use fillnull for fieldnames with a specific pattern? Hi, is it possible to use fillnull for fields with a specific pattern? Wildcards are not working, but I want to avoi... by HeinzWaescher Motivator in Splunk Search 04-04-2017 0 2	0	2
Regex extraction advice for phone numbers - Replace for multivalued fields Hello, I am trying to extract and normalize some phone numbers that are appearing in inconsistent ways. Below I atte... by jhall0007 Path Finder in Splunk Search 04-04-2017 0 3	0	3
Creating Server update from events and csv lookup I am hitting a mental block in creating this query and wish to monitor our server performance so we have visibility o... by MattLingwood Engager in Splunk Search 04-04-2017 0 9	0	9
How to calculate min/max/avg/stdev by each line The date are all number field, such as cluster, field_1, field_2, field_3, field_4, field_5 1 3 ... by goji Path Finder in Splunk Search 04-04-2017 0 4	0	4
How to calculate percent increase of crime by month over 6 years? Hello, I'm new to Splunk and would appreciate any help. I am trying to figure out what month had the largest percent... by KassandraI Engager in Splunk Search 04-04-2017 0 5	0	5
set earliest and latest time stamp How to set earliest to 26th of previous month and latest to 25th of current month? if hard corded then 26th of Feb to... by k_harini Communicator in Splunk Search 04-04-2017 0 5	0	5
Combinig two graphs into one I have two graphs (I put example and their search code) and I want to display them on a single graph. Is there a way ... by matansocher Contributor in Splunk Search 04-04-2017 0 4	0	4
Error in 'transaction' command: Descending time ordered events required, but the preceding search does not guarantee time order I believe commands like "transaction" work on the _time metadata field that is hidden in each event. This is similar ... by thisissplunk Builder in Splunk Search 04-03-2017 0 1	0	1
How to change the unit values (5G to 5 and 400M to .4) for a scripted input? I have scripted output from UGE qhost command that gives memory in G (GBs) or if less than 1GB, in M (MBs). I'd like... by shearsey New Member in Splunk Search 04-03-2017 0 3	0	3
How to count the number of occurences of distinct strings associated with a specific json tag across multiple events? Hello, I am very new to this tool. I have Splunk set up to monitor a log file and extract json being written to that... by dhartzog New Member in Splunk Search 04-03-2017 0 3	0	3
Need to run a subsearch with practically unlimited rows Hi, Currently I'm trying to run a query which take the results of a subsearch as a parameter as follows: index="vid... by anthony_copus Explorer in Splunk Search 04-03-2017 0 3	0	3
How to extract multi key value from a single event Here is the logs, event=SUCCESS_FROM_SERVICE UserID=abc currentTime=2017-03-31T05:22:52.176Z headline="[{'contentUU... by shaal89 New Member in Splunk Search 04-03-2017 0 3	0	3
How to index Oracle audit trails stored in .aud files? Hi, I have a request from a client to index the .aud files generated by Oracle. I have been searching Splunk Answers... by f_luciani Path Finder in Splunk Search 04-03-2017 1 12	1	12
Getting a value from subsearch (index="myindex" OR index="wineventlog") AND ((host=MYSERVER1 OR host=MYSERVER2) AND (EventCode=20274 OR EventCode=20... by tmontney Builder in Splunk Search 04-03-2017 0 24	0	24
display single row vertically Is there a way to display a single row table in vertical form ? simpleresult ist like key1 key2 key3 I'd like key1 ... by sbsbb Builder in Splunk Search 04-03-2017 0 2	0	2
Rename a Column When Using Stats Function Good morning, This must be really simple. I have the query: index=[my index] sourcetype=[my sourcetype] event=logi... by SplunkLunk Path Finder in Splunk Search 04-03-2017 0 4	0	4
Is it possible to write a search that shows the selected timerange of saved searches? Hi, Is it possible to write a search that shows the selected timeranges for all saved searches? The result table wo... by HeinzWaescher Motivator in Splunk Search 04-03-2017 0 2	0	2