Splunk Search

Community Activity

Custom Eval Command or Custom Search Command as Calculated Field? Is it possible to include a custom search command in your app as a calculated field? One that would automatically app... by snoobzilla Builder in Splunk Search 10-17-2016 1 3	1	3
Turn stats search into chart Trying to find a way to put the results of this search into a chart. I know the issue is that there are 2 fields Im t... by tkwaller Builder in Splunk Search 10-17-2016 0 12	0	12
Using tstats to generate list of unique users logged in over time I'm trying to create a simple report that shows the number of unique users logged into our Cisco ASA over the course ... by jmaple Communicator in Splunk Search 10-17-2016 0 3	0	3
Error when extracting multivalue field from xml data via rex command Hi I need to extract multivalue field from an event structured in xml. <job> <nameJob>Job1</nameJob> <execut... by jurbain New Member in Splunk Search 10-17-2016 0 4	0	4
How to best combine 2 eval searches and use timechart? I know this is fairly simple question. I am trying to do a couple evals on userAgent fields, as I am trying not to us... by tkwaller Builder in Splunk Search 10-17-2016 0 5	0	5
sort show wrong result Hello, I hope anyone can help me. My search eval epochtime=strptime(DATUM,"%d.%m.%Y") \| eval datefield=strftime(ep... by Paul1896 Path Finder in Splunk Search 10-17-2016 0 16	0	16
Field extraction using Field Extractor Hi at all, I would extract a field as a part of source field and I know how to do this using rex command \| rex field... by gcusello SplunkTrust in Splunk Search 10-17-2016 0 4	0	4
_audit - see users behavior - users searches by sourcetypes Hi guys, hope you can help me. I want to have a statistic of my users. The most of the users access the search&repo... by egreibl Engager in Splunk Search 10-17-2016 0 4	0	4
how to configure field extractor for a single source file only Hi, I am configuring Field Extractor to extract fields from a single files directly from events>action>extract field... by sumituv New Member in Splunk Search 10-16-2016 0 2	0	2
Stumped on this regex Hi, I'm trying to pull the user ID from the below data? The userids are: mspeer2, ddaniel, mirella, jcrews I have... by dbcase Motivator in Splunk Search 10-16-2016 0 7	0	7
Exclude a Country with geoip Hello, I have the following search index=collaboration sourcetype="mail-2" Auth \| geoip simta_client_ip \| dedup simt... by brywilk_umich Path Finder in Splunk Search 10-16-2016 0 2	0	2
How do I find the unique elements between two columns? If I have a search that returns a table with multi-values in two different columns, how can I find the unique element... by mbintz Explorer in Splunk Search 10-15-2016 0 5	0	5
Compare Results From Two Searches Hi, I wonder whether someone may be able to help me please. I'm using the following subqueries: The first extracts ... by IRHM73 Motivator in Splunk Search 10-15-2016 0 9	0	9
Restrict Time Range by User Role and index / SourceType We have different indexes with varied retention and volumes. We would like to be able to restrict some roles to searc... by VidhyaR New Member in Splunk Search 10-14-2016 0 3	0	3
How to display values in xyseries format? How to display values in xyseries format? i have log like below tcp 0 0 12b8-splfwd02.nam.nsro:7171 poc-... by rajgowd1 Communicator in Splunk Search 10-14-2016 0 15	0	15
Field Extraction issue HI Experts, i am able to exact 4th and 5th fields from below log but i am able to exact get the value if the 4th or 5... by rajgowd1 Communicator in Splunk Search 10-14-2016 0 8	0	8
Filtering on lookup field values using multiple values on a few field Searching for events which match any of multiple values for the same field times several fields in a lookup using the... by landen99 Motivator in Splunk Search 10-14-2016 0 1	0	1
Count Fraction of Distinct events I woudl like to know, per CountryId, what fraction of FooId equal to BarId In the follwoing log: MyEvent CountryId=... by viggor Path Finder in Splunk Search 10-14-2016 0 1	0	1
How can I pull and alert on a value found from a search? I am trying to pull data from Splunk via a search and send it to Netcool OMNIbus. Right now I am just sending it via ... by larryleeroberts Path Finder in Splunk Search 10-14-2016 0 7	0	7
Rolling Averages I am having alot of trouble setting up rolling averages in Splunk. I would love to be able to overlay a 30, 60, 90 da... by justx001 Explorer in Splunk Search 10-14-2016 1 4	1	4
How to display the 2nd through n-1 values of a field? I have some Windows event log data that shows the ID when a user logs in and logs out. In addition, it shows me the ... by DEAD_BEEF Builder in Splunk Search 10-14-2016 0 4	0	4
Result differences? Fairly new to Splunk and I am trying to understand the reason for the difference in results and search time for the f... by tinylund Explorer in Splunk Search 10-14-2016 0 1	0	1
Unknown search command 'gentimes'.... can anyone help to find if this command has been discontinued in Splunk? When Trying to run below query in Splunk search: \| gentimes start=-1 \| eval YourDate="3:21:34 PM 10/14/2016" \| table... by accragv1 Explorer in Splunk Search 10-14-2016 0 7	0	7
Eval with multiple values I have three event types: eventtype="windows_login_failed" eventtype="duo_login_failed" eventtype="sremote_login_fai... by jwalzerpitt Influencer in Splunk Search 10-14-2016 0 6	0	6
How do I return a search for a field that contains a number? example: If I have a list of user and I want to search and the users who only have a number in that field; John_doe... by jbala1 Engager in Splunk Search 10-14-2016 0 3	0	3