Splunk Search

Community Activity

DB Connect rising column combination of two columns I don't have a single column to configure as rising column in DB Connect. But I have two columns one of which is date... by pradeepkumarg Influencer in Splunk Search 03-02-2016 1 9	1	9
How to compare two columns from two searches and display the values that only exist in the 2nd column? Hi all, I'm fairly new to splunk so I hope you can help me. I have two searches that retrieve two columns of taskids... by btd0000 Engager in Splunk Search 03-02-2016 0 1	0	1
Receiving error ⚠ The lookup table 'windows_event_descriptions' does not exist. It is referenced by configuration 'source::(MonitorWare\|NTSyslog\|Snare\|WinEventLog\|WMI:WinEventLog)...'. ? Receiving multiple pop-ups when trying to run a search: The lookup table 'windows_event_descriptions' does not exist... by himapate Explorer in Splunk Search 03-02-2016 1 2	1	2
How to write the regex to convert an entry in my sample DNS logs to a readable URL format? Our DNS server logs' date in the following format: 02.03.2016 13:57:08 027C PACKET 0220AFE8 UDP Snd 10.10.10.160 ... by lakromani Builder in Splunk Search 03-02-2016 0 3	0	3
Convert time from AM/PM to 24 Hour format index=* "please type serach keyword" host=xyz* \| rex field=_raw "^(?:[^ \n]* ){2}(?P\d+:\d+):\d+\s+\w+\s+\w+:\s+\w+\s... by chandra61446 New Member in Splunk Search 03-02-2016 0 6	0	6
Optiv Threat Intel: "Error in 'dnslookup' command: Cannot find program 'dnslookup' or script 'dnslookup'." I have downloaded and installed OPTIV on my search head. It is installed in /opt/splunk/etc/apps. When the dashboar... by john_glasscock Path Finder in Splunk Search 03-01-2016 0 1	0	1
How to set alerts to use the batch mode search? In need of search string examples for: Desired outcome: Alert that shows N events in M amount of time or the lack of... by svishnevskaya_s Splunk Employee in Splunk Search 03-01-2016 0 3	0	3
How to troubleshoot why pivot finalizes before end of search and results are incomplete?d We have created a data model and we use this to create pivots. Since yesterday, we observed that the results of the p... by rsawant Explorer in Splunk Search 03-01-2016 3 3	3	3
How to filter the Userid to show once per minute? In the index for siteminder called cams_prod, there are traced filed with the type smtrace. Using these trace files... by moiezuddin Explorer in Splunk Search 03-01-2016 0 8	0	8
join question here is my search - \| dbquery "TQOMA" "SELECT "System", "%busy" FROM TQSTDBO.CPUVMSUM where "System" LIKE '%ntx%'" b... by mark_chuman Path Finder in Splunk Search 03-01-2016 0 3	0	3
I am able to extract a field using rex and sed in a search, but why is the field not extracted correctly configuring the regex in props.conf? Hello Splunkers I am currently using the following regex+sed to make one of my extracted fields usable. Trying to ... by splunker1981 Path Finder in Splunk Search 03-01-2016 0 7	0	7
How do I plot events returned from my search on a scatter graph over time? Hi helpful people, I wish to plot login events on a scatter graph. I would like to show when logins have occurred an... by SecureIA Path Finder in Splunk Search 03-01-2016 0 4	0	4
How to capture the click event on a Splunk map? Using the regular map in Splunk, I'm currently showing points on the map read from a CSV file. When I click on the po... by smhsplunk Communicator in Splunk Search 03-01-2016 0 1	0	1
How to convert values in milliseconds to seconds and minutes? Hi all and thanks in advance, I am trying to get statistics for a value that is given in milliseconds, so I would ne... by jperezes Path Finder in Splunk Search 03-01-2016 1 14	1	14
How to compare values between two different groupings (multivalue fields) to see what percentage of values are similar? I'm looking to compare two groups of values from a data sample like this. Group, User Group1, User1 Group1, User2 G... by stevepraz Path Finder in Splunk Search 03-01-2016 0 4	0	4
How to edit my search to change the output of certain strings in results? Hi Helpful People, I have a table which tells me perfectly well who is logged in to systems. My results show the wor... by SecureIA Path Finder in Splunk Search 03-01-2016 0 2	0	2
Why is my regex for SEDCMD in props.conf not removing repeated dashes when parsing data? My developers are adding dashes --- in their logs all over. Sometimes 1.. sometimes 10 dashes. Makes them look really... by daniel333 Builder in Splunk Search 02-29-2016 0 2	0	2
How can I write a timechart search with transaction to compare sessions over time (John the Ripper logs)? Few days ago, a developer has added to John the Ripper the ability to timestamp every line of logs, allowing me to fe... by patpro Path Finder in Splunk Search 02-29-2016 0 7	0	7
How to show the recipient or To field from Ironport logs in a Splunk search? I can only view the recipient or To in the email from the Event Actions --> Show Source page. I want to show it in th... by rockyrc New Member in Splunk Search 02-29-2016 0 2	0	2
How to add a form for user input on a dashboard to only run panel searches for data from certain hosts? I have a dashboard using multiple sources and I would like to replace the fixed host input ( host=prdo*) with manual ... by raindrop18 Communicator in Splunk Search 02-29-2016 0 9	0	9
How do I edit my real-time search to add a value to events that are missing a certain field? Hi We have the search below which gives us the count of all our URLs in events in real-time, but we have a few even... by splunker9999 Path Finder in Splunk Search 02-29-2016 0 1	0	1
How to refer to JSON array object in a Splunk search? Hi, I have a JSON data in following format. How can I access individual element of the array? { [-] LICENSES:... by caagrawal New Member in Splunk Search 02-29-2016 0 1	0	1
How to anonymize data using REGEX in transforms.conf for an undefined number of characters? Hi, I would like to anonymize data (data is file system path) using REGEX. I succesfully managed to hide data like I... by SirHill17 Communicator in Splunk Search 02-29-2016 0 17	0	17
How do I edit my search to convert a string to a numeric value to display a graph? Hi! I'm indexing XML data containing free memory values and get a nice stats table, but not be able to show that as ... by Sr59 Explorer in Splunk Search 02-29-2016 1 12	1	12
How to run an app individually on individual servers on a Search Head Cluster environment? hi We have a situation whereby we have to run an app (a script within an app) individually on each Servers of Search ... by koshyk Super Champion in Splunk Search 02-29-2016 0 5	0	5

Get Updates on the Splunk Community!

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

In today’s data-heavy environment, organizations are caught in a data distribution dilemma. As data volumes ...

GA: New Data Management App in Splunk Platform

Streamlining Data Management: Introducing a unified experience in Splunk Managing data at scale shouldn’t feel ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Splunk Search

DB Connect rising column combination of two columns

How to compare two columns from two searches and display the values that only exist in the 2nd column?

Receiving error ⚠ The lookup table 'windows_event_descriptions' does not exist. It is referenced by configuration 'source::(MonitorWare|NTSyslog|Snare|WinEventLog|WMI:WinEventLog)...'. ?

How to write the regex to convert an entry in my sample DNS logs to a readable URL format?

Convert time from AM/PM to 24 Hour format

Optiv Threat Intel: "Error in 'dnslookup' command: Cannot find program 'dnslookup' or script 'dnslookup'."

How to set alerts to use the batch mode search?

How to troubleshoot why pivot finalizes before end of search and results are incomplete?d

How to filter the Userid to show once per minute?

join question

I am able to extract a field using rex and sed in a search, but why is the field not extracted correctly configuring the regex in props.conf?

How do I plot events returned from my search on a scatter graph over time?

How to capture the click event on a Splunk map?

How to convert values in milliseconds to seconds and minutes?

How to compare values between two different groupings (multivalue fields) to see what percentage of values are similar?

How to edit my search to change the output of certain strings in results?

Why is my regex for SEDCMD in props.conf not removing repeated dashes when parsing data?

How can I write a timechart search with transaction to compare sessions over time (John the Ripper logs)?

How to show the recipient or To field from Ironport logs in a Splunk search?

How to add a form for user input on a dashboard to only run panel searches for data from certain hosts?

How do I edit my real-time search to add a value to events that are missing a certain field?

How to refer to JSON array object in a Splunk search?

How to anonymize data using REGEX in transforms.conf for an undefined number of characters?

How do I edit my search to convert a string to a numeric value to display a graph?

How to run an app individually on individual servers on a Search Head Cluster environment?

Unlocking Unified Insights: New Gigamon Federated Search App for Splunk

GA: New Data Management App in Splunk Platform

Announcing Modern Navigation: A New Era of Splunk User Experience

Datamodel summaries not visible

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

Splunk Search

Join the Conversation