Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
peterchow

Is it possible to name the main search and the subsearch to distinguish which search produced which values in a table?

Dear all, I have a following search host="1.1.1.1" VPN=A | join IP [search host="1.1.1.1" VPN=b] table _time,userna...
by peterchow Explorer in Splunk Search 05-18-2016
0 5
0
5
snehalk

How to get a list of sources that have not produced data for the last 24 hours for a particular index?

Hello All, How can we get a list of sources which did not have any data for last 24 hours in Splunk for a particular...
by snehalk Communicator in Splunk Search 05-18-2016
0 4
0
4
raby1996

How to edit my search to calculate duration?

Hello, I'm running the following search for a runtime report: my search | rex field=source ".*?(?<Machin...
by raby1996 Path Finder in Splunk Search 05-18-2016
0 2
0
2
jtracy

How can I extract specific data from a complex block of XML?

So I've been reading around and most people point to xpath, but after hours of troubleshooting I can't seem to get it...
by jtracy Engager in Splunk Search 05-18-2016
0 3
0
3
Splunk_SachinKu

How to search for the exact URI with wildcards within the URI field?

Hi All, I have following URI in my logs. /svc/appName/1234567890/catalog/search/(status), /svc/appName/1234567890/...
by Splunk_SachinKu New Member in Splunk Search 05-18-2016
0 1
0
1
changux

Why am I unable to find the time difference between two dates with my current eval statements?

Hi all. I have one field called date1 with a timestamp like this: 5/7/16 16:35 I need the time difference (just...
by changux Builder in Splunk Search 05-18-2016
0 7
0
7
eastgrant

Is there a command or search to see which unique Cisco firewalls are sending traffic to Splunk?

Does anyone know the command or search string to see which Cisco firewalls are sending traffic to Splunk?
by eastgrant New Member in Splunk Search 05-18-2016
0 1
0
1
ttoine

How to replace all values for a field with "Other" that do not equal values A, B, or C?

I am working on a pie chart to identify the main categories of some data. Below are some possible values: Apple Peach...
by ttoine Explorer in Splunk Search 05-18-2016
0 6
0
6
sfrazer

How to count the number of times IPs have hit a specific URL over consecutive days?

I'm trying to write a search/report that shows the number of times an IP address has hit a given URL over consecutive...
by sfrazer Explorer in Splunk Search 05-18-2016
0 2
0
2
nidhi6

How to troubleshoot why I'm not getting any data in the iSight Partners ThreatScape App?

Hi All, I installed the iSight Partners ThreatScape App, but data is unavailable in Splunk. What could be the possib...
by nidhi6 New Member in Splunk Search 05-18-2016
0 1
0
1
ynepyyvoda

How to replace values by its rank in a two dimensional chart?

As example I have a search: ... | chart avg(value) as Value by country, supplier this will result in a two dimensi...
by ynepyyvoda New Member in Splunk Search 05-18-2016
0 2
0
2
xilu87

Is it possible to diff file hashes to display if some of the hashes of /etc/ files have changed?

Hi, I have created a script input deployed on several servers which creates a lot of hashes from /etc folder and sub...
by xilu87 New Member in Splunk Search 05-18-2016
0 1
0
1
mahs33

Loop IP address from 10.0.1.0/24 to 10.10.1.0/24 - How to extract events that belong to this IP range?

I want to extract the events belongs to that IP range 10.0.1.0/24, 10.1.1.0/24, 10.2.1.0/24, upto 10.10.1.0/24 Is CID...
by mahs33 Explorer in Splunk Search 05-18-2016
0 5
0
5
fziegler

Plotting events indexed

How can I plot events indexed over time?
by fziegler New Member in Splunk Search 05-18-2016
0 2
0
2
Ruski88

Is there a search or btool command we can run from the deployment server to list all deployment client Splunk versions?

Per this root certificate issue expiring in July and https://answers.splunk.com/answers/395886/for-splunk-enterprise-...
by Ruski88 Engager in Splunk Search 05-18-2016
0 2
0
2
ahmad_elkomey

How to configure props and transforms to automatically extract XML fields from my data so I don't have to use spath?

Hello all, I'm new to Splunk and I would love some help here. I have an xml file (well, partial xml as you will see)...
by ahmad_elkomey Explorer in Splunk Search 05-18-2016
0 8
0
8
las

How to create a search to find the largest contributor to increasing values?

I have a log with statistics from mq containing some key values (time, MQmanager, Queuename) and some variables (numb...
by las Builder in Splunk Search 05-18-2016
1 1
1
1
AbhiGuddu

Is it possible to export a JSON file through a search result and send the file to a remote location outside Splunk?

I have a requirement to export a JSON file to a remote location. The file would be a feed to REST, which performs som...
by AbhiGuddu Explorer in Splunk Search 05-18-2016
1 9
1
9
vivek9955

How to create a hierarchical chart with Splunk?

How to create hierarchical chart in Splunk? I have 4 panels in dashboard and I need to display these 4 panels in hier...
by vivek9955 Engager in Splunk Search 05-18-2016
2 3
2
3
dibrovs

How to get Cisco IP SLA statistics into Splunk to create a timechart with an RTT value?

Hello I need to to get Cisco IP SLA statistics into Splunk. I would like to create a timechart with an RTT value. ...
by dibrovs New Member in Splunk Search 05-18-2016
0 1
0
1
kedjjang

How to edit my regex to extract multiple values for a field?

Hello, There is one event. ex)Normal|2016-05-18 10:52:37|123|119.21.7.28|10460|tcp|52.1.2.157|68|allowed|72|12|Ext...
by kedjjang Path Finder in Splunk Search 05-18-2016
0 1
0
1
guruwells

How to use multiple search results in another search to get my expected output?

Hi All, I have 2 search statements which are giving 2 different search results with same index and sourcetype. I wan...
by guruwells Explorer in Splunk Search 05-18-2016
0 4
0
4
ibekacyril

Is it possible to extract results of an eval match as fields?

Is it possible to do something like this: ...|eval Classification=case(match(class,"Boy"),"Boy",match(class,"Girl"),...
by ibekacyril Explorer in Splunk Search 05-17-2016
0 6
0
6
garinapavan

How to edit my panel to show different colors for each bar in my chart?

Hi , I have the below code with multiples lines on the bar. I want to see different colors for each bar. I added [0x...
by garinapavan Explorer in Splunk Search 05-17-2016
0 2
0
2
mprreddy51

How to use top in timechart

Hi All, I have a requirement to use TOP 4 in the timechart command: Below is my search: index=_internal |timechart...
by mprreddy51 Explorer in Splunk Search 05-17-2016
0 3
0
3
Top Labels
Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...
Top Solution Authors
View All