Splunk Search

Community Activity

Extract Searches Performed Hi, I wonder whether someone may be able to help me please. I was using the query below to return details of all the... by IRHM73 Motivator in Splunk Search 03-14-2016 0 2	0	2
How to mass update / search+replace user defined searches Is there a way to perform a mass update (or search+replace) on user defined searches? One at a time (300+ searches/r... by KevinRF Engager in Splunk Search 03-14-2016 0 6	0	6
Removing events from "parent" source using ID Hey, Our tool has a root, parent and child jobs which we are monitoring using Splunk. For a short example: Job JobI... by PanKokos Path Finder in Splunk Search 03-14-2016 0 5	0	5
How to count mixed NULL/NOT NULL result sets Let's say I got a table as search result like this: Object Name \| Field_A ... by Sebastian2 Path Finder in Splunk Search 03-14-2016 0 2	0	2
Lookup when format is not equal. I already have a CSV file for an other app that uses mac to IP/Name. Format is like this: mac,ip,host_name 6067.209... by lakromani Builder in Splunk Search 03-13-2016 0 2	0	2
Using a lookup file in a subsearch I have an original search to identify some vulnerabilities in my network, one of the fields in the search string is t... by Makinde New Member in Splunk Search 03-13-2016 0 4	0	4
Multivalue delimited field extraction I am extracting fields from tabular data containing headers with entries in props.conf like the following: EXTRACT-c... by bfontneau Explorer in Splunk Search 03-13-2016 1 5	1	5
Field extraction from lines with different fields from same source I have a source from which I am collecting logs via syslog. My challenge is that the log files send by same source co... by ashabc Contributor in Splunk Search 03-12-2016 0 4	0	4
Anomalies Command All, Just started looking at Anomalies command. Re-read the doc a few times and played with the command some but I... by daniel333 Builder in Splunk Search 03-12-2016 0 1	0	1
Using Stats Average and Count to Display my Results Hi All, I have a search string that reports three fields, Server name, Vulnerability and Severity (in numbers from 1... by Makinde New Member in Splunk Search 03-12-2016 0 1	0	1
Dynamic table - Create three tables in one Hi, I have three reports, each with a different index. And I wanted to join them in the same table. Example: I hav... by renanprado96 Path Finder in Splunk Search 03-12-2016 0 4	0	4
How to create a stats table with field values based off of other fields in same stats table? Hello! I am sure my wording is way more complicated than what I want. Basically, the end result being a stats table a... by cmeyers Explorer in Splunk Search 03-12-2016 0 2	0	2
Lookup File Issues Hello I have multiple Questions about Lookup Files. Can you upload a lookup file into Splunk and search fields in th... by Makinde New Member in Splunk Search 03-11-2016 0 6	0	6
How to search by variable created within a join query? I want join/combine two searches by their common value to compare transaction success/failure rate at both places. i ... by akonduru New Member in Splunk Search 03-11-2016 0 5	0	5
How to implement a Serial Number decoder in Splunk Enterprise? Hello, I am a trying to implement Serial Number decoding in Splunk in anyway possible. For eg. I have 100 test units... by abhijitp Path Finder in Splunk Search 03-11-2016 0 9	0	9
Eval Case Statement Help I would like to put a case statement under the values in the attached image. I tried something along the lines of eva... by jhayIV Engager in Splunk Search 03-11-2016 0 2	0	2
How to get Total Sum of Error Type Counts per day? I'm trying to add a column to the right of OTHER, which sums up the entire row counts of each errorType per day. So f... by mhamano Explorer in Splunk Search 03-11-2016 0 1	0	1
Listing hosts that haven't been locked for 24 hours I'm new to splunk, and logical switch statements have me a bit confused. I'd like to produce a list of hosts that ha... by mbrownec Explorer in Splunk Search 03-11-2016 0 3	0	3
Table query I cannot seem to find the right query for getting the following (table): Time \| field 1 \|... by ltalhouarne Engager in Splunk Search 03-11-2016 0 1	0	1
Change reference date When we use "-3d@". Data is captured from now until 3 days ago. How to set a different date? Not "now". For example,... by renanprado96 Path Finder in Splunk Search 03-11-2016 0 4	0	4
rex every first event in the pair Hello splunkers! I have event in this format: id_param1,id_value1,id_param2,id_value2,...,id_paramX,id_valueX for... by ryastrebov Communicator in Splunk Search 03-11-2016 0 2	0	2
Using Check box How can i use something like checkbox?? I want to index multiple values based on the number of checkbox selected? H... by nmr5316 New Member in Splunk Search 03-11-2016 0 4	0	4
Make search faster Hello I have the following search: index=test sourcetype=Perfmon:* \| lookup khi_threshold_id counter AS counter ob... by tgdvopab Path Finder in Splunk Search 03-11-2016 0 4	0	4
DB Connect 1.2.2 - Cannot connect to MSSQL - Connection Reset Upgraded from DB Connect 1.0 and started getting these error messages: 2016-03-08 22:41:35.033 monsch1:ERROR:Schedul... by ejharts2015 Communicator in Splunk Search 03-11-2016 0 1	0	1
REGEX format to remove unwanted log data using specific text with quotes and spaces I have a log that sends ( eventtype=dlp level=notice vd="PERIM" filteridx=0 filtertype=none filtercat=none severity=m... by srunyon New Member in Splunk Search 03-11-2016 0 7	0	7