Splunk Search

Community Activity

Listing hosts that haven't been locked for 24 hours I'm new to splunk, and logical switch statements have me a bit confused. I'd like to produce a list of hosts that ha... by mbrownec Explorer in Splunk Search 03-11-2016 0 3	0	3
Table query I cannot seem to find the right query for getting the following (table): Time \| field 1 \|... by ltalhouarne Engager in Splunk Search 03-11-2016 0 1	0	1
Change reference date When we use "-3d@". Data is captured from now until 3 days ago. How to set a different date? Not "now". For example,... by renanprado96 Path Finder in Splunk Search 03-11-2016 0 4	0	4
rex every first event in the pair Hello splunkers! I have event in this format: id_param1,id_value1,id_param2,id_value2,...,id_paramX,id_valueX for... by ryastrebov Communicator in Splunk Search 03-11-2016 0 2	0	2
Using Check box How can i use something like checkbox?? I want to index multiple values based on the number of checkbox selected? H... by nmr5316 New Member in Splunk Search 03-11-2016 0 4	0	4
Make search faster Hello I have the following search: index=test sourcetype=Perfmon:* \| lookup khi_threshold_id counter AS counter ob... by tgdvopab Path Finder in Splunk Search 03-11-2016 0 4	0	4
DB Connect 1.2.2 - Cannot connect to MSSQL - Connection Reset Upgraded from DB Connect 1.0 and started getting these error messages: 2016-03-08 22:41:35.033 monsch1:ERROR:Schedul... by ejharts2015 Communicator in Splunk Search 03-11-2016 0 1	0	1
REGEX format to remove unwanted log data using specific text with quotes and spaces I have a log that sends ( eventtype=dlp level=notice vd="PERIM" filteridx=0 filtertype=none filtercat=none severity=m... by srunyon New Member in Splunk Search 03-11-2016 0 7	0	7
Find search by the search id I'd like to find the search query by search id. When searching the audit.log I can find the search id, but unable to... by jsanchez_splunk Splunk Employee in Splunk Search 03-11-2016 0 2	0	2
How can I exclude a group of the mac address found at specific time? I have a dataset with a lot of mac address captured. I would like to excluded all mac address that arrived between 0h... by jpjconti Engager in Splunk Search 03-11-2016 0 6	0	6
index'd Time extractions Hey guys, So I am looking at index'd time extraction as a possibly helping with my search time field extraction tro... by daniel333 Builder in Splunk Search 03-11-2016 0 1	0	1
Timechart Per Day With Tick Mark Per Calendar Week Ee would like to see a timechart of a chart with a time-based x-axis with a resolution per day, one bar per day but t... by mzorzi Splunk Employee in Splunk Search 03-11-2016 0 1	0	1
show only infected with vulnerability on 1 machine hi, I am a newbie in splunk I have this one use case I am trying. search for a machine that have malware infection... by xavierpaul New Member in Splunk Search 03-11-2016 0 1	0	1
change color of column chart for each type? Hello all , I ran the below query ....\| chart count by SRC_ID which gives me the count for each SRC_ID . when ... by vrmandadi Builder in Splunk Search 03-11-2016 0 7	0	7
Using Geostats to display count on Map Hi, I've tried looking at various Geostats solutions but I'm struggling to get any results out. I have a search whic... by Harveyj Engager in Splunk Search 03-11-2016 0 1	0	1
Is it possible to create a dashboard where you must manually select a panel before a search is run to improve performance? Hi, I have the task of improving some of the performance issues with our instance of Splunk. One of the issues I see... by therockhead Path Finder in Splunk Search 03-10-2016 2 15	2	15
tstats and using timechart not displaying any results I am trying to use the tstats along with timechart for generating reports for last 3 months. We have accelerated data... by nmohammed Builder in Splunk Search 03-10-2016 0 7	0	7
Control Alerting Based on Host Groups I want to be able to create searches that will only look at hosts from different levels of our SDLC environment so fo... by rlaan Path Finder in Splunk Search 03-10-2016 0 3	0	3
using variables in a search + to store number of rows I have a search \| timechart span=h count \| streamstats count as row that gives me 24 rows: (1 full day at an hourly l... by HattrickNZ Motivator in Splunk Search 03-10-2016 0 2	0	2
to search and show a string in the same field. Dears, I would like to search and show a string in the field that contains multiples values. Ex.: In the IP field, ... by fasantos New Member in Splunk Search 03-10-2016 0 2	0	2
Data forwarded to third party system missing metadata Hi, I have an all in one enterprise splunk install (indexer, search head, file monitoring) with a number of universa... by calinm Engager in Splunk Search 03-10-2016 0 2	0	2
Distinct count of multiple values from the same field I have some fields "Codes" "Count". In the "Codes" field i'll get multiple values and will count the values totally b... by kamaleshwar Explorer in Splunk Search 03-10-2016 0 11	0	11
Alternative to mvexpand in order to count values in multi-value field? I currently use mvexpand in order to count the number of unique values in a multi-value field. However, this field is... by sc0tt Builder in Splunk Search 03-10-2016 0 4	0	4
is it possible to execute some commands in index time i would like to know if it's possible is to execute some commands at index time . i mean commands such as ( mvzip \| ... by ahmedhassanean Explorer in Splunk Search 03-10-2016 0 1	0	1
Alternatives for subsearch needed (10k limit) Hello, I have a powershell Script that runs every day through my Filesystem and logs every Folder with all NTFS perm... by PPape Contributor in Splunk Search 03-10-2016 0 3	0	3