Splunk Search

Community Activity

no data from specific data source hi, How to find out whether a forwarder sending an events which belongs to specific data source because i don't see ... by kteng2024 Path Finder in Splunk Search 03-14-2017 0 1	0	1
How generate a search to monitor devices that send out an unusual amount of logs? Dear fellows， i am trying to write a search string to monitor which of my devices send out an unusual amount of log... by willluo Engager in Splunk Search 03-14-2017 0 2	0	2
Verify a list of values Hello everybody (皆おはようございます) I have a new request for all members  This search : sourcetype=sccm \|streamstats count... by LNebout Path Finder in Splunk Search 03-14-2017 0 2	0	2
Does Splunk recognize LEEF formatted? I am trying to import "LEEF" formatted data (from an IBM mainframe) into Splunk, but none of the name / value pairs a... by steveirogers Communicator in Splunk Search 03-14-2017 0 10	0	10
Why am I unable to search my extracted fields? I'm trying to ingest airwatch syslog events but not all fields are searchable only those with Field=Value in the mess... by hmasten Explorer in Splunk Search 03-14-2017 0 10	0	10
How to use result from subsearch in my search? Hi All, My data looks like this: sourcetype - Loginstats contents - Hostname, host, Address sourcetype - Clientstat... by billycote Path Finder in Splunk Search 03-14-2017 0 10	0	10
How to extract a field and send an email alert? Hi, I have the below event for which I need to get an alert whenever the event occurs and get the version of the fil... by macadminrohit Contributor in Splunk Search 03-14-2017 0 4	0	4
How to use a lookup file as a whitelist? I'm having problems to use a lookup file as a whitelist. Basically, I have a simple ip address list with CIDR mask ap... by alainrojas New Member in Splunk Search 03-14-2017 0 3	0	3
Which of these searches is the best way to filter (by index, by source, or both)? Which of these would be the most efficient/fast/best way to start filtering for a search? index=foo \| ... or so... by driekhof Path Finder in Splunk Search 03-14-2017 0 5	0	5
DNS Resolution in a search Is it possible to have ip addresses in a search resolved to a host name and displayed in the results rather then the ... by balcv Contributor in Splunk Search 03-14-2017 2 10	2	10
How to read a file and use the data inside in a eval function? I am new using Splunk, sorry. I need to separate a lot of subnets by name. I would like (txt) to read a file kind of... by langanix New Member in Splunk Search 03-14-2017 0 2	0	2
How to generate a search where the count is greater than 0 after 5 days? I need to see if errors are still continuing after 5 days. If they are there then there is an issue and I need it to ... by nickyp86 Engager in Splunk Search 03-14-2017 0 2	0	2
How to filter results based on date (not _time)? I'm trying to filter my data results based on the following: myDate format: yyyy-mm-dd HH:MM:SS (Ex: 2017-03-14 03:5... by tmaltizo Path Finder in Splunk Search 03-14-2017 2 3	2	3
My management URI is not showing correctly in the rest endpoint info I am getting an incorrect value for the mgmt_uri value when accessing the rest endpoint /services/shcluster/status T... by ben_leung Builder in Splunk Search 03-14-2017 0 2	0	2
How do I find events that appear today that did not appear yesterday? I am trying to identify events that occur in events collected today that did not happen yesterday, I looked at the de... by bigtyma Communicator in Splunk Search 03-14-2017 2 10	2	10
How to edit my search to find the sources from soucetype? Hi, I am using the following search \| metadata type=sourcetype\| where match(sources) to find all the sources that... by kteng2024 Path Finder in Splunk Search 03-14-2017 0 4	0	4
How to generate a search to compare the value of a field with a CSV table? Hello! I'm currently trying to compare the value of a field with a csv table. I want to compare the destination por... by soesia12 New Member in Splunk Search 03-14-2017 0 4	0	4
compare two fields Hi All, I am looking to compare two field values with three conditions as below: if it satisfy the condition xyz>15... by bharathkumarnec Contributor in Splunk Search 03-14-2017 0 5	0	5
Parsing ldap access and error logs Hi all, just curious if anyone can give me a head-start. I'd like to use Splunk to parse Sun's Directory Server acce... by croomes Engager in Splunk Search 03-14-2017 3 4	3	4
Does Splunk internally know the "number_of_cpus" or do I need to set this? Does Splunk internally know the "number_of_cpus" for the below maths? max_hist_searches = max_searches_per_cpu x num... by robertlynch2020 Influencer in Splunk Search 03-14-2017 0 3	0	3
Clarification on regular expression to extract XML field as multivalue field and related fields? I am working with a datasource which contains multiple instances of an XML value which exists similarly to this: (WI... by alexandermunce Communicator in Splunk Search 03-13-2017 0 4	0	4
Multi Line field extraction Trying to do an expression that would extract IP's that are below the Client IP: line. Im looking to pull out each IP... by santorof Communicator in Splunk Search 03-13-2017 0 7	0	7
How to create a bar chart to count how many events were created and completed over last 6 months (span 1 week)? I managed to count how many events were created and completed (tickets) in last weeks (last 6 months). You can see th... by Accak Path Finder in Splunk Search 03-13-2017 0 5	0	5
How to plot SAR info? I have SAR info like this and I am able to get values in table format. But I need the same values plotted in graph. I... by kirandvrs New Member in Splunk Search 03-13-2017 0 2	0	2
How to edit my search to find a session where a user has visited two different URLs in the same session? Hi all, (URL="xxx.com") OR (URL="zzz.com") index=logs \| timechart span=1d dc(IP) I am trying to use above search ... by jh5970 New Member in Splunk Search 03-13-2017 0 4	0	4