Splunk Search

Community Activity

Is there a way to APPEND events based on a field value from main search? I have a use case where a user will input a username and Splunk should return results for that username. But, there a... by jedatt01 Builder in Splunk Search 01-27-2016 0 8	0	8
How to calculate the difference between the counts from multiple searches? How do calculate the difference between the count of the following searches. Tried to use the eval, but does not retu... by athorat Communicator in Splunk Search 01-27-2016 0 4	0	4
How do I write the regex to extract the date portion of this search result? I'm new to the Splunk community. I'm trying to extract the date portion of this search result M91040FA7104_Tue Jan 2... by stocksltd New Member in Splunk Search 01-27-2016 0 1	0	1
Is it possible to know the amount of data passing through an ASA firewall I would like to identify data ex filtration through my Cisco ASA firewalls. Is this possible? Can you provide a sam... by fdarrigo Path Finder in Splunk Search 01-27-2016 0 1	0	1
How to edit my timechart search to show the individual count of 2 strings in one chart? We are trying to create a Timechart showing the number of occurrences of 2 strings. Here is the search: index="prod... by dl-it-serveradm Engager in Splunk Search 01-27-2016 0 1	0	1
Compare 2 indexes and 2 fields of IP addresses with different field name (result wanted: Are there similar/like IP's?) So I have 2 separate indexes with both having ip-addresses as events. On index A the ip-addresses are under ipaddr fi... by strangelaw Explorer in Splunk Search 01-27-2016 0 3	0	3
How to extract a JSON object which is in double quotes? Hi, I've a JSON object logged into splunk in double quotes. What to do to extract the JSON object using spath. How do... by Kukkadapu Path Finder in Splunk Search 01-27-2016 0 3	0	3
Why is my stats command with timechart producing null values for a field? My stats command is working, but when I pump it into timechart, it shows null values for fraction: index=ide \| stats... by brian38401 New Member in Splunk Search 01-27-2016 0 1	0	1
Why is a small percentage of our IIS Advanced Logs being parsed mid-line, causing them to have incorrect field extractions? We are scraping IIS advanced logs using Splunk Universal Forwarder and Indexers on v6.2.2. We've discovered that a s... by jberd126 Path Finder in Splunk Search 01-27-2016 0 9	0	9
How to write a search to find the count of parameters in a POST over a period of time? Hi, We were asked to analyze the parameter usage. It is a POST with JSON body. The target is a set of 30 parameters.... by lstruman New Member in Splunk Search 01-27-2016 0 1	0	1
Extracting some Values that Match RegEx on the Fly I have data that includes computer names in my environment, the computer names follow a certain pattern which is usua... by Makinde New Member in Splunk Search 01-27-2016 0 12	0	12
Detecting Simultaneous Sessions I have an inhouse written app that outputs an audit log in the form of: DateTime,Username,Activity,SessionID So I'l... by Warme1980 Engager in Splunk Search 01-27-2016 1 2	1	2
automatic lookups Hi, I configured a lookup that works fine, if I explicitly use the lookup statement in my search, but I want the fie... by a212830 Champion in Splunk Search 01-27-2016 0 4	0	4
Streamed search execute failed because: Error in 'surrounding': Too many events (> 10000) in a single second. Even though I have overwritten what I believe is this limit in limits.conf, btool is showing, [show_source] max_coun... by splunk_zen Builder in Splunk Search 01-27-2016 0 4	0	4
How do I rename fields in my Splunk search result set? index=xxx earliest=-7d@d latest=@d ( sourcetype="FirstSourceType" ResponsePayLoad="xxx" ActivityStep="rs" (Response... by pawnalmighty Engager in Splunk Search 01-27-2016 0 2	0	2
Splunk DB Connect 1: How to use "timechart avg()" in a dbquery search? This search works fine: "DBOMA" "SELECT "Time" , "Virtual_Machine" , "ready" FROM DBSTDBO.CPUBYVM where "Virtual_Mac... by mark_chuman Path Finder in Splunk Search 01-27-2016 0 4	0	4
Help with trimming characters Hi, Having some issues here. I have the following values in a field named populace The values are encased in a < a... by TheJagoff Communicator in Splunk Search 01-27-2016 0 7	0	7
Why am I getting inconsistent search results? I have configured Kepware IDF for Splunk and am ingesting data over TCP:51112. The source_type I have set ('opc') is... by cmisztur Explorer in Splunk Search 01-26-2016 0 3	0	3
How do I add fields to output from predict I need to locate and alert on counts that are not within predicted bounds. It seems simple enough using predict, but... by chengka Explorer in Splunk Search 01-26-2016 0 2	0	2
Is it possible to search cold bucket data only for a given index? Hello, I modified my cold bucket location, and I want to perform some test queries for data residing in cold buckets ... by mendesjo Path Finder in Splunk Search 01-26-2016 0 5	0	5
Time and Date in two different places within my events Here is part of what my events that are in xml format look like: Blockquote``_id="1767282" _uuid="0D981036-9B9C-484... by jpelletier_splu Splunk Employee in Splunk Search 01-26-2016 0 2	0	2
Creating new fields and setting values for fields retrieved on search. I put the key value pairs of the log message into the content body whenever i create new events throught the splunk's... by misteryuku Communicator in Splunk Search 01-26-2016 0 2	0	2
How to put a function on the lookup field from a lookup table? Hi, My event results have a field "name" and it has lower case values (e.g. 'mike_lee'). But in my lookup table, th... by xiangtaner Path Finder in Splunk Search 01-26-2016 0 4	0	4
How to easily replace a character in a token value ? Hello, I have a token "user" representing the name of a user. This name can contain "(" or ")". When I am using this... by ctaf Contributor in Splunk Search 01-26-2016 0 15	0	15
Subtracting value if another field value matches Hi all, Im running two searches one returns a number called "difference" and a field called "code2", the other searc... by raby1996 Path Finder in Splunk Search 01-26-2016 0 3	0	3