Splunk Search

Community Activity

Creating local temporary file creates Checksum mismatch Hello, I'm trying to create an app that runs a script that executes an app, and the app creates a log file that I'm ... by Epicism1 Explorer in Splunk Search 03-26-2017 0 2	0	2
How to count hosts that have a field value of ((X OR Y) AND (A OR B)), over the course of time? I am looking to find hosts that have two field values over the course of time for the search, for example a week. T... by stakor Path Finder in Splunk Search 03-26-2017 0 2	0	2
How to use rex to extract values from URLs into a field? Hello all, From the following list http://www.foo.com:80/main.html http://www.foo.com:80/xe/journal/v1/book/nF1.jpg... by willamwar Path Finder in Splunk Search 03-26-2017 0 4	0	4
How to pass unused fields in an outer search? Hello, I need to execute a search where the 5 fields from one search would be used to search another data. Also, I n... by jagdeepgupta813 Explorer in Splunk Search 03-26-2017 0 4	0	4
How to identify symantec ep av logs in splunk Can any one tell how we can identify the symantec EP old av logs and will be there any source to pull these logs ? by vkumar6 Explorer in Splunk Search 03-26-2017 0 1	0	1
kvstore lookups and efficiency I wanted to get peoples thoughts on using multiple data sources in Splunk and whether it’s worth doing some processin... by brent_weaver Builder in Splunk Search 03-25-2017 0 1	0	1
searching bro_dns answers{} array bro_dns shows the results of a dns query as what I presume is an array, for example: answers: [ [-] mt-inges... by splunkjosef Explorer in Splunk Search 03-25-2017 0 6	0	6
How to update a lookup file with top command results? Hi, I have lookup file with host and count fields as below host.csv host count ----------------- host1 10 host2 2... by srinivasup Explorer in Splunk Search 03-25-2017 0 3	0	3
Display Avg Column sourcetype="email_process" \| eval processing_time_in_seconds = processing_time/1000 \| table email, processing_time ,p... by signpriya82 New Member in Splunk Search 03-25-2017 0 2	0	2
How do I combine my two alerts into a single search? The use case involves two alerts: ALERT 1: raising the alert when more than 4 systems got affected with the same vir... by samsingnok Engager in Splunk Search 03-25-2017 0 1	0	1
How to create a search to display with traffic on Splunk source and destination ports? help me with Splunk search to display the traffic on Splunk source and destination ports. by sravankaripe Communicator in Splunk Search 03-25-2017 0 1	0	1
How can I update tags and corresponding permissions from a lookup table via Search Processing Language? Hi, I have a list of hosts which are maintained and updated via a lookup table. Is it possible in Search Processing L... by jedatt01 Builder in Splunk Search 03-25-2017 0 1	0	1
How to edit my search to find real-time scheduled searches? Below is the search i am using to find the real time schedule searches .. but i would like to know which user is runn... by kteng2024 Path Finder in Splunk Search 03-25-2017 0 4	0	4
timestamp parsing issue for a specific time my log is: 2016-12-22 00:01:11,076 [myid:123] - INFO [xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx] - Accepted d... by kteng2024 Path Finder in Splunk Search 03-25-2017 0 5	0	5
Received error warning "Failed to parse timestamp. Defaulting to timestamp of previous event". How can I find which event in the source log threw this error? i am trying to debug an issue "failed to parse timestamp". In the splunkd log, i see the following warning :- 02-23... by kteng2024 Path Finder in Splunk Search 03-25-2017 0 2	0	2
changing the source type in splunk Hi, what happens if we change the source type of already existing data . For example , i have a monitor stanza like ... by kteng2024 Path Finder in Splunk Search 03-25-2017 1 4	1	4
Why is setting a token from result not working? Any ideas on why KER_RESULT would not be working? Tail end of base query... Updated code... <search id="events">... by snoobzilla Builder in Splunk Search 03-25-2017 2 15	2	15
Return command giving error for stats c(eval...) in splunk Hello Everyone, Am creating the dynamic query depending on condition and after that using return command to execute ... by snehalk Communicator in Splunk Search 03-25-2017 0 1	0	1
REX issue, quite an interesting one, potential bug? Just wondering if anyone has ever seen this before? This is the data I’m extracting from: "Classic,Audit Failure",1... by mrgibbon Contributor in Splunk Search 03-24-2017 0 8	0	8
How to form a search based on my data and my desired output? Hi All, I have the below format of data Name Value 1-Jan A 2-Jan B 2-Jan B 3-Jan C 2-Feb A 1-Mar V... by rsathish47 Contributor in Splunk Search 03-24-2017 0 6	0	6
Fields value correlation not working Hello, I have a query regarding ordering of ElapsedTime field. It is not coming properly with associated ServiceLaye... by hemendralodhi Contributor in Splunk Search 03-24-2017 0 7	0	7
How to combine additional events to an existing Transaction? Hello, I am trying to organize various types of events into single events. Currently I have a transaction set up to c... by like2splunk Explorer in Splunk Search 03-24-2017 0 4	0	4
Is there a limitation in the length of a search? Hello, I have a long Splunk search that I continue to add more conditions to each day so it keeps growing. Eventuall... by patricknguyen Explorer in Splunk Search 03-24-2017 0 4	0	4
How to write a crontab running from Monday 6 AM through Saturday 2 AM How to write a crontab from Monday 6 AM through Saturday 2 AM to run once in a hour. by srisplunk12 Engager in Splunk Search 03-24-2017 0 18	0	18
help me with search command -------\| eval test=if(condition,"INFO","Error") \| search test if condition is true the search must be behave as ----... by sravankaripe Communicator in Splunk Search 03-24-2017 0 3	0	3