Splunk Search

Community Activity

How to extract a text from a field Hi All I have a field which has urls in this pattern GET /echo/index?page=content&id=PRO19579&viewlocale=es_ES HTTP... by nirmalya2006 Path Finder in Splunk Search 07-15-2016 0 1	0	1
How to format an alert inline table to control what fields are displayed? I am testing an alert which sends out an email when members are added to an Active Directory group. It works fine, b... by bbeavise2g Explorer in Splunk Search 07-15-2016 0 8	0	8
How can I track time that a user is using VPN access outside the country? I have a need to track VPN access outside the country. I have an alert that triggers when someone accesses the VPN f... by digital_alchemy Path Finder in Splunk Search 07-15-2016 0 3	0	3
keping only most recent events for a fixed field Hello, I loaded vulnerability scans results into splunk and I am trying to visualize information consistently. The p... by wsw70 Communicator in Splunk Search 07-15-2016 0 5	0	5
How to normalize and display data using sparklines? So I'm planning to normalize latency data for a network. Search: index=_* OR index=* sourcetype="defaut log"\| rena... by rm4149 New Member in Splunk Search 07-15-2016 0 1	0	1
How to convert this string to a numeric value? I've created a new field, however, it's appearing as a string instead of a value. I've used the regular expression to... by abutler1 New Member in Splunk Search 07-15-2016 0 4	0	4
Using lookup values as input for query Hi all, so I built this query search index=sey_ips src_ip=10.0.0.1 dest_ip=10.0.0.2 \| eval time = _time \| sort - ... by pinVie Path Finder in Splunk Search 07-15-2016 1 4	1	4
Search Help In my search, I am trying to display four columns: enr, firstTime, lastTime, and ErrorCount. However, it is currently... by alan20854 Path Finder in Splunk Search 07-15-2016 0 1	0	1
Creating stacked Bar with multiple values I have a field "Allow/Deny"(fildName) which has values Allow/ Deny for a particular Host. How can I produce a stacked... by ashishlal82 Explorer in Splunk Search 07-15-2016 0 7	0	7
$result.fieldname$ not available in script I am trying to understand how scripted alerts work in splunk. I have the basic echo.sh which prints out the argument... by sunilm411 Engager in Splunk Search 07-15-2016 1 2	1	2
How to edit my search to create a weekly trend chart for our data? Hi, We have the following requirement for a weekly trend chart for the data that we get on daily basis (mostly). 1... by amoldesai Explorer in Splunk Search 07-15-2016 0 8	0	8
Error 'Could not find all of the specified lookup fields in the lookup table.' I have created a lookup table to substitute some values in Splunk with some new values in the lookup table, but when ... by danielpellarini Path Finder in Splunk Search 07-15-2016 2 5	2	5
Could not find all of the specified lookup fields in the lookup table I previously configured a lookup file to translate windows processes to more user-friendly names. It was working fine... by wanling Path Finder in Splunk Search 07-15-2016 0 9	0	9
Nested Subsearches - How do I return a list of web activity based on IPs leased to MACs over time Use case: I have three sourcetypes: DHCP Events with these fields: - dhcp_mac - dhcp_ip (the ip just leased) - dhcp_... by sprooit Observer in Splunk Search 07-14-2016 0 3	0	3
how to report a typo in splunk. Cisco is misspelled at 'Apps / Find More Apps - Browse more Apps' on our splunk cloud. ( Technology Cicso ) Has this... by rickrowe New Member in Splunk Search 07-14-2016 0 1	0	1
How to extract the file extensions from Filename field values into a new field and filter against a static list? Hello I have a field called "Filename" and I'd like to attain the equivalent of SQL's Where FieldName IN (). The f... by jclemons7 Path Finder in Splunk Search 07-14-2016 1 2	1	2
How to search computer [workstation] information from Active Directory to find which ones do not have SEP installed? I want to get all workstations/computers information from active directory and want to know how can I save it OR util... by rashid47010 Communicator in Splunk Search 07-14-2016 0 2	0	2
How to search a list of times when CPU is greater than 90% for more than 15 seconds and list top processes for each of those times? I don't need the entire tables, just the names of those processes will do so it would look like this: hosts d... by wellhung Explorer in Splunk Search 07-14-2016 1 8	1	8
Help to create drill-down on a stacked bar chart? Hello, I am finding it difficult to create a drilldown on bar chart which has: A B C with success and failures stac... by vrmandadi Builder in Splunk Search 07-14-2016 0 4	0	4
Joining two indexes, why am I not getting a complete set of events with my current search? I've been trying to join two indexes: Windows Security index and a proxy one, but after running the search below, I o... by daniel_augustyn Contributor in Splunk Search 07-14-2016 0 10	0	10
MAP command query Hi, why I am not able to extract date from _raw in MAP command(second part of query) Below is my query: index=abc ... by mprreddy51 Explorer in Splunk Search 07-14-2016 0 3	0	3
How to convert seconds to hours and minutes? How to convert the search results in seconds to hours and minutes? This my search: index=pan* (type=TRAFFIC AND ven... by jfeitosa Path Finder in Splunk Search 07-14-2016 0 3	0	3
Why am I not able to join my search? Hi, Why we are not able to join my search? Can you please suggest how to edit this? index=idx* sourcetype=Uptime ho... by splunker9999 Path Finder in Splunk Search 07-14-2016 0 3	0	3
How do I show top 5% of users after stats sum? Desired Outcome: Shows only the top 5% of people who have spent more than 10000 Table Output - Just the User ID and t... by MayraEllen New Member in Splunk Search 07-14-2016 0 2	0	2
parsing XML data with hierarchy of KV pairs Banging my head on this one for too long, could use some help. Take a sample doc such as the below, where you have a... by halr9000 Motivator in Splunk Search 07-14-2016 2 11	2	11