Splunk Search

Community Activity

Using a lookup file in a subsearch I have an original search to identify some vulnerabilities in my network, one of the fields in the search string is t... by Makinde New Member in Splunk Search 03-13-2016 0 4	0	4
Multivalue delimited field extraction I am extracting fields from tabular data containing headers with entries in props.conf like the following: EXTRACT-c... by bfontneau Explorer in Splunk Search 03-13-2016 1 5	1	5
Field extraction from lines with different fields from same source I have a source from which I am collecting logs via syslog. My challenge is that the log files send by same source co... by ashabc Contributor in Splunk Search 03-12-2016 0 4	0	4
Anomalies Command All, Just started looking at Anomalies command. Re-read the doc a few times and played with the command some but I... by daniel333 Builder in Splunk Search 03-12-2016 0 1	0	1
Using Stats Average and Count to Display my Results Hi All, I have a search string that reports three fields, Server name, Vulnerability and Severity (in numbers from 1... by Makinde New Member in Splunk Search 03-12-2016 0 1	0	1
Dynamic table - Create three tables in one Hi, I have three reports, each with a different index. And I wanted to join them in the same table. Example: I hav... by renanprado96 Path Finder in Splunk Search 03-12-2016 0 4	0	4
How to create a stats table with field values based off of other fields in same stats table? Hello! I am sure my wording is way more complicated than what I want. Basically, the end result being a stats table a... by cmeyers Explorer in Splunk Search 03-12-2016 0 2	0	2
Lookup File Issues Hello I have multiple Questions about Lookup Files. Can you upload a lookup file into Splunk and search fields in th... by Makinde New Member in Splunk Search 03-11-2016 0 6	0	6
How to search by variable created within a join query? I want join/combine two searches by their common value to compare transaction success/failure rate at both places. i ... by akonduru New Member in Splunk Search 03-11-2016 0 5	0	5
How to implement a Serial Number decoder in Splunk Enterprise? Hello, I am a trying to implement Serial Number decoding in Splunk in anyway possible. For eg. I have 100 test units... by abhijitp Path Finder in Splunk Search 03-11-2016 0 9	0	9
Eval Case Statement Help I would like to put a case statement under the values in the attached image. I tried something along the lines of eva... by jhayIV Engager in Splunk Search 03-11-2016 0 2	0	2
How to get Total Sum of Error Type Counts per day? I'm trying to add a column to the right of OTHER, which sums up the entire row counts of each errorType per day. So f... by mhamano Explorer in Splunk Search 03-11-2016 0 1	0	1
Listing hosts that haven't been locked for 24 hours I'm new to splunk, and logical switch statements have me a bit confused. I'd like to produce a list of hosts that ha... by mbrownec Explorer in Splunk Search 03-11-2016 0 3	0	3
Table query I cannot seem to find the right query for getting the following (table): Time \| field 1 \|... by ltalhouarne Engager in Splunk Search 03-11-2016 0 1	0	1
Change reference date When we use "-3d@". Data is captured from now until 3 days ago. How to set a different date? Not "now". For example,... by renanprado96 Path Finder in Splunk Search 03-11-2016 0 4	0	4
rex every first event in the pair Hello splunkers! I have event in this format: id_param1,id_value1,id_param2,id_value2,...,id_paramX,id_valueX for... by ryastrebov Communicator in Splunk Search 03-11-2016 0 2	0	2
Using Check box How can i use something like checkbox?? I want to index multiple values based on the number of checkbox selected? H... by nmr5316 New Member in Splunk Search 03-11-2016 0 4	0	4
Make search faster Hello I have the following search: index=test sourcetype=Perfmon:* \| lookup khi_threshold_id counter AS counter ob... by tgdvopab Path Finder in Splunk Search 03-11-2016 0 4	0	4
DB Connect 1.2.2 - Cannot connect to MSSQL - Connection Reset Upgraded from DB Connect 1.0 and started getting these error messages: 2016-03-08 22:41:35.033 monsch1:ERROR:Schedul... by ejharts2015 Communicator in Splunk Search 03-11-2016 0 1	0	1
REGEX format to remove unwanted log data using specific text with quotes and spaces I have a log that sends ( eventtype=dlp level=notice vd="PERIM" filteridx=0 filtertype=none filtercat=none severity=m... by srunyon New Member in Splunk Search 03-11-2016 0 7	0	7
Find search by the search id I'd like to find the search query by search id. When searching the audit.log I can find the search id, but unable to... by jsanchez_splunk Splunk Employee in Splunk Search 03-11-2016 0 2	0	2
How can I exclude a group of the mac address found at specific time? I have a dataset with a lot of mac address captured. I would like to excluded all mac address that arrived between 0h... by jpjconti Engager in Splunk Search 03-11-2016 0 6	0	6
index'd Time extractions Hey guys, So I am looking at index'd time extraction as a possibly helping with my search time field extraction tro... by daniel333 Builder in Splunk Search 03-11-2016 0 1	0	1
Timechart Per Day With Tick Mark Per Calendar Week Ee would like to see a timechart of a chart with a time-based x-axis with a resolution per day, one bar per day but t... by mzorzi Splunk Employee in Splunk Search 03-11-2016 0 1	0	1
show only infected with vulnerability on 1 machine hi, I am a newbie in splunk I have this one use case I am trying. search for a machine that have malware infection... by xavierpaul New Member in Splunk Search 03-11-2016 0 1	0	1