Splunk Search

Community Activity

How to generate a stats count search on field with interchanging values? hi, looking to do a stats count something like below. Field1: A,B A B,A B,A,C A,C each row accounts for different... by mpatel11 Explorer in Splunk Search 02-13-2017 0 2	0	2
Rex Help for fields extraction Please help me with rex i have key and value in json format {"context":{<!-- --> "sessionID":"1234567890", "eve... by sravankaripe Communicator in Splunk Search 02-13-2017 0 14	0	14
How to have a notable event search DHCP logs based on source in FW logs? Hello i have been trying to figure this out for days now. i have logs coming in from multiple sources that only dis... by Stevensmith529 New Member in Splunk Search 02-13-2017 0 5	0	5
How to generate a search to compare the number of hosts in a CSV file to the number of hosts we are actually getting events from? I have a list of Hostnames in a CSV. There are 2 fields 1) cn (hostname) and 2) ComputerType. I would like to compare... by LANGLEYJ New Member in Splunk Search 02-13-2017 0 1	0	1
How to edit my search to get the status of a log script? log file:testscripts.log Date = 02/10/17 14:15:00,script = testscript, id = 29251, log=Script started Date = 02/10/1... by sunitakesam New Member in Splunk Search 02-13-2017 0 6	0	6
time difference of events eval test_time = time() - _time \| search (test_time > 1800 AND test_time < 86400)\| I'm trying to see if the events i... by msachdeva3 Explorer in Splunk Search 02-13-2017 0 2	0	2
How to combine the results of two searches to display on one chart or visualization? Hi all First search is ( host=wjb2* NOT host=wjb2stl22 NOT host=wjb223 NOT host=wjb224 NOT host=wjb2*25 NOT ho... by ssrdc New Member in Splunk Search 02-13-2017 0 1	0	1
Wildcard expansion in case statement I'll start with what works: If I do a search ERROR host="foobar0" The wildcard() expands and I get a list of re... by clashley Explorer in Splunk Search 02-13-2017 1 9	1	9
What does your splunk tell you about Valentines day? Can a Splunk search tell you anything about love? Share your valentine's day searches here. Here's one to get you st... by jplumsdaine22 Influencer in Splunk Search 02-13-2017 0 3	0	3
How to convert epoch to human readable in "KV_MODE = json" extractions. I've recently installed the Tenable Nessus app, which is doing most of it's search-time field extractions using the "... by adamsmith47 Communicator in Splunk Search 02-13-2017 0 3	0	3
How to show only single values of different fields in a single table? I am very new to Splunk and have a requirement to show current values of multiple fields in a single table, my data g... by hwakonwalk Path Finder in Splunk Search 02-13-2017 0 3	0	3
How include empty buckets in the start and end of timechart/bin output? I have a scenario here. I have data in my local Splunk for time range from 6-Nov-2015 11:45 UTC to 10-Nov-2015 13:45... by sureshbabu123 New Member in Splunk Search 02-13-2017 0 6	0	6
Need help with RegEx Hi, I am trying to extract a field in Splunk but the field extraction doesn't work and throws this error "The extr... by omuelle1 Communicator in Splunk Search 02-13-2017 0 10	0	10
How to edit an inputlookup search that displays table of hostnames against corresponding indexes? I have an inputlookup called hosts.csv that looks like this: host ---------- hostname1 hostname2 hostname3 hostname4... by gener_yc Explorer in Splunk Search 02-13-2017 1 4	1	4
How to apply Text Analytics on a field ? How to apply Text Analytics on "Country" field in my dashboard to find out the top 3 countries most frequently used? by c_krishna_gutur Explorer in Splunk Search 02-13-2017 0 1	0	1
Is there an efficient way to not allow * search Often times users issue * search over a time range. With huge data on the indexes this becomes a problem taking unnec... by pradeepkumarg Influencer in Splunk Search 02-13-2017 0 11	0	11
Using timechat with 2 fields without any field calculation Hi, I'm new in Splunk (and my knowledge is very very basic) and I have to build a complex dashboard with multiple in... by fariapm1 Explorer in Splunk Search 02-12-2017 0 3	0	3
Regex help on multiline fields and mvexpand My data sample is as below C12345 my1Surname, my1First Role Access (Group1) - I ... by koshyk Super Champion in Splunk Search 02-12-2017 0 2	0	2
checking the duplicate sourcetypes for monitor stanzas in UF what happens if 2 different monitoring stanzas have same source type name ? . Is there any query to verify whether di... by kteng2024 Path Finder in Splunk Search 02-12-2017 0 3	0	3
How can I dedup across rows and columns in a pivot table? I have a pivot table with data, but I need to find the number of times these values occur. However, a user can input ... by ereed18 Engager in Splunk Search 02-11-2017 0 2	0	2
How do I write a regular expression to return a matching pattern in my logs? Any string starting with COLDAPP , ending with double colon, would be a Tx id in my logs. it can be at the beginning/... by pradjswl Explorer in Splunk Search 02-11-2017 1 9	1	9
How to properly index data from a CSV input with timestamp column I'm trying to index CSV format inputs and the timestamp can be indicated by the fields within, rather than the time t... by jayakumar89 Explorer in Splunk Search 02-11-2017 0 3	0	3
how to eval new field to filter events by a number in the raw data i want to filter my data, based on the key numbers present in raw events. example event1: sdfgn dfnlk 1/25/2017 ldjo... by annamareddi New Member in Splunk Search 02-11-2017 0 2	0	2
How to generate a search to find out hosts in Splunkd that have restarted? Can i please know the search to find out the hosts in Splunkd that have restarted or has " splunkd started Conf mut... by kteng2024 Path Finder in Splunk Search 02-11-2017 0 2	0	2
DGA Regex in Splunk I am trying to search through logs for unusual domains generated by DGAs. I want to use regex to search for domain na... by masfar Engager in Splunk Search 02-11-2017 0 7	0	7