Splunk Search

Community Activity

How to create a report that lists the groups that a user belongs to? Our Active Directory logs contain a field called member_of and the value contains all the groups that a user is a mem... by digital_alchemy Path Finder in Splunk Search 02-23-2017 0 2	0	2
How To filter internal IP address in splunk search Hi All, I want to filter out internal IP range while searching, can please suggest some of the best search commands,... by nnimbe Path Finder in Splunk Search 02-23-2017 1 5	1	5
Calculating the disk read write ratio I have this below query . After the summation of values is calculated , i have to find the ratio of read versus wri... by shabdadev Engager in Splunk Search 02-23-2017 0 8	0	8
How to return field from a subsearch to main search for subsequent calculations I have an xml sourcetype, with multiple events correlated with a corrID field. For one class of events, I have a "be... by techols New Member in Splunk Search 02-23-2017 0 1	0	1
How to edit my timechart search to create a vertical line? Hi guys, I need to create a vertical line in a time chart. I thought that I could use the following search to draw t... by faustf Communicator in Splunk Search 02-23-2017 0 14	0	14
How do I extract a certain OU from my DN in my active directory data? I would like to extract a certain portion of my AD data to identify a certain OU. The OU I want to extract always app... by DPWSplunkPOC Explorer in Splunk Search 02-23-2017 0 1	0	1
Show a result even if no events match I am trying to get the result even if no results matches. fillnull works fine with- search sourcetype="test" Status... by siddharthmis Explorer in Splunk Search 02-23-2017 0 4	0	4
Regex help! Hi How to extract the Ips from the below windows event both Client IP-1 and Client Ip-2 02/22/2017 09:05:24 AM Log... by kiran331 Builder in Splunk Search 02-22-2017 0 4	0	4
system uptime calculation I have a field uptime which is being forwarded from one of the server i want to monitor its uptime. This field has ac... by pprakash2 Explorer in Splunk Search 02-22-2017 1 5	1	5
add a count column in the table Hi All. I want to add an additional column in the table to display how many times a particular host in the set time... by ringbbg Engager in Splunk Search 02-22-2017 0 3	0	3
How to calculate autoLB time interval? Can i please know how to calculate the autoLB time interval as i am planning to change the default value. For example... by kteng2024 Path Finder in Splunk Search 02-22-2017 0 3	0	3
Transaction search and appendcols - missing cols Hey folks, I have two separate searches that work fine and return the expected results. I.e. 1 - index=blah field1... by RocIngersol Explorer in Splunk Search 02-22-2017 0 12	0	12
Adjust time difference for suspended and unsuspended events I am trying to find a solution for adjust my time interval for time to resolve. There are two indexes being used, the... by 1067062 New Member in Splunk Search 02-22-2017 0 6	0	6
tstats issue following upgrade from 6.4.4 to 6.5.2 I’m having an issue with the tstats command not producing any results when calling a namespace post tscollect. For e... by adayton20 Contributor in Splunk Search 02-22-2017 1 6	1	6
How to filter IIS logs with regular expression? Greetings, I'm trying to make a regular expression to filter the IIS logs. I want Splunk to index only logs whose sc... by markuxProof Path Finder in Splunk Search 02-22-2017 0 6	0	6
How to display SplunkIcons Glyphs library and where can I find them? I use SplunkIcons glyphs to display some states with search command "rangemap". I would like to see the icons are ava... by erwan_raulet Explorer in Splunk Search 02-22-2017 2 7	2	7
Compare two counts from two time searches I need to be able to find the difference between two "Count" values; the count for today, and the count yesterday. M... by smcdonald20 Path Finder in Splunk Search 02-22-2017 0 9	0	9
Extracting Fields & Regular Expression Formating I have Active Directory logs that do not have many fields associated with them. Each log is over 100 lines and I wish... by santorof Communicator in Splunk Search 02-22-2017 0 2	0	2
Help me with Rex in search query "sessionID":"123456567" "sessionID":"ABCnsh8ah" Please help me with Rex to pick 123456567 ABCnsh8ah from above _ra... by sravankaripe Communicator in Splunk Search 02-22-2017 0 3	0	3
Why am I getting lookup search error "[server x] Script for lookup table 'user_agents' returned error code 1. Results may be incorrect"? We are using Splunk version 6.3 and facing an issue with a lookup table. While running the search, it returns below e... by cdcproject New Member in Splunk Search 02-22-2017 0 1	0	1
Can the results of the same search vary between use in a search bar and a dashboard? hi, I am writing the following search query in the dashboard panel sourcetype=xml22 \|where $field1$ = 7\|search Tex... by 20065945 Explorer in Splunk Search 02-22-2017 0 3	0	3
Secuirty checks with help of splunk Hi, I want to figure out, how long an employee inside office. Once employee enters into office he will do card swipe... by srinivasup Explorer in Splunk Search 02-22-2017 0 8	0	8
output lookup to /app/lookups I have a saved search that generates a table of users each day: search "my users" \| table username, id I want to tu... by himynamesdave Contributor in Splunk Search 02-22-2017 0 3	0	3
Wildcard not working in monitor input I used following syntax to monitor a file input in windows [monitor://D:\app\logs\a.log] The above stanza is not in... by reach2tushar Explorer in Splunk Search 02-21-2017 0 6	0	6
count eval results doesn't match the results under the Events tab I have a simple search with stats count eval (u_id is a numeric field): index=myindex base search \| stats count(eval... by rarbabi New Member in Splunk Search 02-21-2017 0 1	0	1