Splunk Search

Community Activity

How to use a lookup file as a whitelist? I'm having problems to use a lookup file as a whitelist. Basically, I have a simple ip address list with CIDR mask ap... by alainrojas New Member in Splunk Search 03-14-2017 0 3	0	3
Which of these searches is the best way to filter (by index, by source, or both)? Which of these would be the most efficient/fast/best way to start filtering for a search? index=foo \| ... or so... by driekhof Path Finder in Splunk Search 03-14-2017 0 5	0	5
DNS Resolution in a search Is it possible to have ip addresses in a search resolved to a host name and displayed in the results rather then the ... by balcv Contributor in Splunk Search 03-14-2017 2 10	2	10
How to read a file and use the data inside in a eval function? I am new using Splunk, sorry. I need to separate a lot of subnets by name. I would like (txt) to read a file kind of... by langanix New Member in Splunk Search 03-14-2017 0 2	0	2
How to generate a search where the count is greater than 0 after 5 days? I need to see if errors are still continuing after 5 days. If they are there then there is an issue and I need it to ... by nickyp86 Engager in Splunk Search 03-14-2017 0 2	0	2
How to filter results based on date (not _time)? I'm trying to filter my data results based on the following: myDate format: yyyy-mm-dd HH:MM:SS (Ex: 2017-03-14 03:5... by tmaltizo Path Finder in Splunk Search 03-14-2017 2 3	2	3
My management URI is not showing correctly in the rest endpoint info I am getting an incorrect value for the mgmt_uri value when accessing the rest endpoint /services/shcluster/status T... by ben_leung Builder in Splunk Search 03-14-2017 0 2	0	2
How do I find events that appear today that did not appear yesterday? I am trying to identify events that occur in events collected today that did not happen yesterday, I looked at the de... by bigtyma Communicator in Splunk Search 03-14-2017 2 10	2	10
How to edit my search to find the sources from soucetype? Hi, I am using the following search \| metadata type=sourcetype\| where match(sources) to find all the sources that... by kteng2024 Path Finder in Splunk Search 03-14-2017 0 4	0	4
How to generate a search to compare the value of a field with a CSV table? Hello! I'm currently trying to compare the value of a field with a csv table. I want to compare the destination por... by soesia12 New Member in Splunk Search 03-14-2017 0 4	0	4
compare two fields Hi All, I am looking to compare two field values with three conditions as below: if it satisfy the condition xyz>15... by bharathkumarnec Contributor in Splunk Search 03-14-2017 0 5	0	5
Parsing ldap access and error logs Hi all, just curious if anyone can give me a head-start. I'd like to use Splunk to parse Sun's Directory Server acce... by croomes Engager in Splunk Search 03-14-2017 3 4	3	4
Does Splunk internally know the "number_of_cpus" or do I need to set this? Does Splunk internally know the "number_of_cpus" for the below maths? max_hist_searches = max_searches_per_cpu x num... by robertlynch2020 Influencer in Splunk Search 03-14-2017 0 3	0	3
Clarification on regular expression to extract XML field as multivalue field and related fields? I am working with a datasource which contains multiple instances of an XML value which exists similarly to this: (WI... by alexandermunce Communicator in Splunk Search 03-13-2017 0 4	0	4
Multi Line field extraction Trying to do an expression that would extract IP's that are below the Client IP: line. Im looking to pull out each IP... by santorof Communicator in Splunk Search 03-13-2017 0 7	0	7
How to create a bar chart to count how many events were created and completed over last 6 months (span 1 week)? I managed to count how many events were created and completed (tickets) in last weeks (last 6 months). You can see th... by Accak Path Finder in Splunk Search 03-13-2017 0 5	0	5
How to plot SAR info? I have SAR info like this and I am able to get values in table format. But I need the same values plotted in graph. I... by kirandvrs New Member in Splunk Search 03-13-2017 0 2	0	2
How to edit my search to find a session where a user has visited two different URLs in the same session? Hi all, (URL="xxx.com") OR (URL="zzz.com") index=logs \| timechart span=1d dc(IP) I am trying to use above search ... by jh5970 New Member in Splunk Search 03-13-2017 0 4	0	4
How to find out why an indexer is using more license than other indexers? how to find out why an indexer is using more license than other indexers? Because i have 5 indexers, out of which 2 i... by kteng2024 Path Finder in Splunk Search 03-13-2017 0 4	0	4
How do you get around the subsearch limitation when defining events? Hi Splunkers. I am retrieving a field from JSON log file using rex, table and spath. Although this runs fine as a st... by splunk_svc Path Finder in Splunk Search 03-13-2017 0 4	0	4
Pass earliest/latest in pipeline Hi, Sorry for the newbie question. We want to calculate percentage of time between 2 events over the entire search ... by stwong Communicator in Splunk Search 03-13-2017 0 14	0	14
How to set up an alert if an ack message is not available for a particular req? Hi, i have messages like this how to setup an alert if ack message is not available in the logs for particular... by prashanthberam Explorer in Splunk Search 03-13-2017 0 9	0	9
How to edit my search to count the number of servers? We have Multiple servers that all end with the same few letters like this. Office1Server Office2Server Remot1Serve... by lbonnes Observer in Splunk Search 03-13-2017 0 2	0	2
how get combine result from two different search to a timechart I have 2 search search 1 index=A "testx" \| stats count(user) AS total1 by _time search 2 index=B "testx" \| stats c... by jackieh00 New Member in Splunk Search 03-13-2017 0 2	0	2
Why does "\| fields - _*" and "\| fields - _raw,_time" give zero results? I've got a query that gives 178 results, and it ends with me filtering down to a single field, which by itself works ... by bradparks Explorer in Splunk Search 03-13-2017 0 5	0	5