Splunk Search

Community Activity

How to gather Results based on various variables Still trying to brush the rust off my fingers, I have this search: index=nitros_servers sourcetype=_json OR sourcety... by JoshuaJohn Contributor in Splunk Search 03-23-2017 0 5	0	5
How to generate a search to sort based on domain names and count the number of emails from the domain? i have a search with multiple domains in the email address , i need to sort it based on domain names and number of em... by rvinjana Explorer in Splunk Search 03-23-2017 0 4	0	4
How to generate a search to calculate new column value? Sample data below. I need to compute the col_3 based on col_1. It should give me the running sum of col_2 but should... by praveerg New Member in Splunk Search 03-23-2017 0 7	0	7
How do I also include the values which has stats count 0 in the table ? I'm trying to get the usage of some values (say, xyz) by "stats count by xyz" where i am getting the results of xyz ... by shaal89 New Member in Splunk Search 03-23-2017 0 2	0	2
How do I chart Windows logon and logoff per user by hour? I get a nice table with the logon and logoff times per user using the following search - LogName=Security EventCode... by scottrunyon Contributor in Splunk Search 03-23-2017 0 6	0	6
How to use values in lookup table not as fields but as search strings? Using lookup table to search events but having some issues: \|inputlookup router_lookup \| rename Router_Name as DEVIC... by christopheryu Communicator in Splunk Search 03-23-2017 0 4	0	4
Search two fields in one csv lookup I want to use fields two fields that i have inside the lookup, Inside my lookup i have "account" and "date" basical... by ocampocliff1 Engager in Splunk Search 03-23-2017 0 5	0	5
How to edit my search to filter only IPs that have multiple Attack Names associated with them? How do I filter only IPs that have multiple Attack Names associated with them? Here is the search string so far; howe... by alexburst37 Explorer in Splunk Search 03-23-2017 0 2	0	2
Table drilldowns: Problem with forward slash Hi community, I am trying to create a drilldown for a table using a cell value that contains a URL (or part of it). ... by enexwhy Explorer in Splunk Search 03-23-2017 0 10	0	10
Transaction Maxpause doesn't work I am trying to get the transaction results from a lookup file and I have _time field written into it for this to work... by edookati Path Finder in Splunk Search 03-23-2017 0 4	0	4
Column value differences Hello Guys, I have columns like column1, coulmn2, column3... and I want output as column1, column2=column2-column1,... by Chinmai Explorer in Splunk Search 03-23-2017 0 4	0	4
Mapping the location of a TrueClientIP on a Cluster or Choropleth Map. Is it possible to Map out the locations of the 'TrueClientIP' Field in a search using either a Cluster or Choropleth ... by JChute Explorer in Splunk Search 03-22-2017 0 4	0	4
Determining Logging Lag (and Device Feed Monitoring) How do you track log and index lag with little overhead? Per device would be awesome and maybe throw in some kind of ... by rshoward Path Finder in Splunk Search 03-22-2017 1 5	1	5
Search to find unauthorized host(s) last login date Hi looking for a search to find any unauthorized systems that are sitting on a network and the last login date. by cjsweeney1 Explorer in Splunk Search 03-22-2017 0 5	0	5
Is it possible to display all _raw events from one source I have a file call /net/dell569srv/dell569srv2/apps/qa10157_TPK0002437_24367887/TestRunner/logs/20170321-184649.1733... by robertlynch2020 Influencer in Splunk Search 03-22-2017 0 4	0	4
Using the Splunk Tutorial data, how to edit my search to calculate the cart to purchase percentage by productId? Using eval command, how would I calculate the cartToPurchase percentage by product? sourcetype=access* status=200 ... by rishabh4 New Member in Splunk Search 03-22-2017 0 4	0	4
How to combine 2 searches to get show values and percentage of host and instance fields? Hi, I have 2 searches, for 1st output is values (2GB) and other gives output as percent (2%) . index=windows sourc... by shreyasathavale Communicator in Splunk Search 03-22-2017 0 6	0	6
How to extract events relative to latest time using eval for stats? Hi, I am new to Splunk and have been working on a dashboard. Most of the knowledge I have picked up via documentatio... by umaryasin New Member in Splunk Search 03-22-2017 0 4	0	4
How to count a particular string in the searched field I have the following search, which lists the complete path name of the file in field12: index="xxxxxxxxx" host=xxxxx... by discoverneeraj Explorer in Splunk Search 03-22-2017 0 7	0	7
about metrics.log:name What is the last value of name in metrics.log? name=default-autolb-group:172.01.01.01:9997:0 name=default-autolb-gro... by HiroshiSatoh Champion in Splunk Search 03-22-2017 0 4	0	4
Unable to perform wildcard lookups I'm having difficulty getting the wildcard lookups to work for me. LookupTable: path,command,description *b/c/d,comm... by dpochopsky New Member in Splunk Search 03-22-2017 0 2	0	2
How to generate a search to show columns in a table based on dropdown values In a dropdown say there are two values : 1) Apple 2) Banana Underneath table the data has to come like below , whil... by splunklakshman Explorer in Splunk Search 03-21-2017 0 3	0	3
How to extract the timestamp and other fields from my sample event? HI I need to extract the fields from the raw Cisco umbrella logs. Is there any add-on for this one or do I have to e... by kiran331 Builder in Splunk Search 03-21-2017 0 3	0	3
Keep numbers right-aligned after using fieldformat Hello, I have a numeric field that I convert to a comma separated number using fieldformat. The only problem is that... by mjosen Engager in Splunk Search 03-21-2017 4 7	4	7
How to disable default drilldown in the search window for certain users? For certain users, we do not want them to drilldown in the Splunk Search window, and for another set of users we do w... by simpkins1958 Contributor in Splunk Search 03-21-2017 0 1	0	1