Splunk Search

Community Activity

Splunk for Exchange: Not indexing message tracking logs Splunk for Exchange v2.1.0 on Splunk v5.0.2 main search head and indexers. Running splunk universal forwarder v5.0.2... by SheridanCollege Explorer in Splunk Search 07-17-2016 0 2	0	2
Are wildcards with tstats on accelerated data models not possible? I'm running a search that is something like this: \| tstats values from datamodel=foo When the datamodel is not acc... by Goophy Explorer in Splunk Search 07-17-2016 1 13	1	13
How to display mean of last 30 days count by time from Midnight to next midnight over chart I need to display mean of last 30 days request received count over a chart at the interval of 5 minutes. Chart X-axis... by ID_SplunkUser Path Finder in Splunk Search 07-17-2016 0 2	0	2
Find the second lowest. I am trying to add a new field to my data that lists the second lowest number in a data set. So if I have New York... by DaniR86 Engager in Splunk Search 07-17-2016 0 3	0	3
Report for number of incidents closed per day Hi Eveyrone, How can I generate a report showing me number of incidents closed per day. by rashid47010 Communicator in Splunk Search 07-17-2016 0 3	0	3
How to append a field and it's value from lookup csv to a main search I have a search, main and subsearch. The subsearch uses a lookup table (a csv file). The csv file has 4 columns, co... by wtaylor149 Explorer in Splunk Search 07-16-2016 0 6	0	6
PAN data in indexes. How to tackle them to avoid non-compliance? We have Splunk system collecting data from various sources (network, OS, application logs etc). Unfortunately, some o... by koshyk Super Champion in Splunk Search 07-15-2016 0 4	0	4
Streamstats for multiple columns The following table is representing positions in uPos for different columns. Each number in a c_ column is representi... by mbschriek Explorer in Splunk Search 07-15-2016 0 2	0	2
List for a particuar field I am new to Splunk so any help would appreciated I have a table Host Software installed/Uninstalled 1 ... by taskall78 New Member in Splunk Search 07-15-2016 0 1	0	1
How to extract a text from a field Hi All I have a field which has urls in this pattern GET /echo/index?page=content&id=PRO19579&viewlocale=es_ES HTTP... by nirmalya2006 Path Finder in Splunk Search 07-15-2016 0 1	0	1
How to format an alert inline table to control what fields are displayed? I am testing an alert which sends out an email when members are added to an Active Directory group. It works fine, b... by bbeavise2g Explorer in Splunk Search 07-15-2016 0 8	0	8
How can I track time that a user is using VPN access outside the country? I have a need to track VPN access outside the country. I have an alert that triggers when someone accesses the VPN f... by digital_alchemy Path Finder in Splunk Search 07-15-2016 0 3	0	3
keping only most recent events for a fixed field Hello, I loaded vulnerability scans results into splunk and I am trying to visualize information consistently. The p... by wsw70 Communicator in Splunk Search 07-15-2016 0 5	0	5
How to normalize and display data using sparklines? So I'm planning to normalize latency data for a network. Search: index=_* OR index=* sourcetype="defaut log"\| rena... by rm4149 New Member in Splunk Search 07-15-2016 0 1	0	1
How to convert this string to a numeric value? I've created a new field, however, it's appearing as a string instead of a value. I've used the regular expression to... by abutler1 New Member in Splunk Search 07-15-2016 0 4	0	4
Using lookup values as input for query Hi all, so I built this query search index=sey_ips src_ip=10.0.0.1 dest_ip=10.0.0.2 \| eval time = _time \| sort - ... by pinVie Path Finder in Splunk Search 07-15-2016 1 4	1	4
Search Help In my search, I am trying to display four columns: enr, firstTime, lastTime, and ErrorCount. However, it is currently... by alan20854 Path Finder in Splunk Search 07-15-2016 0 1	0	1
Creating stacked Bar with multiple values I have a field "Allow/Deny"(fildName) which has values Allow/ Deny for a particular Host. How can I produce a stacked... by ashishlal82 Explorer in Splunk Search 07-15-2016 0 7	0	7
$result.fieldname$ not available in script I am trying to understand how scripted alerts work in splunk. I have the basic echo.sh which prints out the argument... by sunilm411 Engager in Splunk Search 07-15-2016 1 2	1	2
How to edit my search to create a weekly trend chart for our data? Hi, We have the following requirement for a weekly trend chart for the data that we get on daily basis (mostly). 1... by amoldesai Explorer in Splunk Search 07-15-2016 0 8	0	8
Error 'Could not find all of the specified lookup fields in the lookup table.' I have created a lookup table to substitute some values in Splunk with some new values in the lookup table, but when ... by danielpellarini Path Finder in Splunk Search 07-15-2016 2 5	2	5
Could not find all of the specified lookup fields in the lookup table I previously configured a lookup file to translate windows processes to more user-friendly names. It was working fine... by wanling Path Finder in Splunk Search 07-15-2016 0 9	0	9
Nested Subsearches - How do I return a list of web activity based on IPs leased to MACs over time Use case: I have three sourcetypes: DHCP Events with these fields: - dhcp_mac - dhcp_ip (the ip just leased) - dhcp_... by sprooit Observer in Splunk Search 07-14-2016 0 3	0	3
how to report a typo in splunk. Cisco is misspelled at 'Apps / Find More Apps - Browse more Apps' on our splunk cloud. ( Technology Cicso ) Has this... by rickrowe New Member in Splunk Search 07-14-2016 0 1	0	1
How to extract the file extensions from Filename field values into a new field and filter against a static list? Hello I have a field called "Filename" and I'd like to attain the equivalent of SQL's Where FieldName IN (). The f... by jclemons7 Path Finder in Splunk Search 07-14-2016 1 2	1	2