Splunk Search

Community Activity

Multiple Firewall Denies followed by an allow from the same source IP I'm looking for a way to create a splunk query (and then into a real time alert) when the below conditions are met. ... by bhymel5 Engager in Splunk Search 12-24-2015 2 2	2	2
How to find first and last occurence of a value in a field when that value in the field gets changed? We have a requirement to count the total number of unscheduled outages in a month. The scenario is as follows: 1) W... by Arminder_Bhalla New Member in Splunk Search 12-24-2015 0 3	0	3
Change color scheme for test environment It doesn't look like there's an easy way to change the colors, etc. for splunk, but it would be very helpful to ident... by mikesangray Path Finder in Splunk Search 12-24-2015 0 2	0	2
search results sum count by date? Hi, Im trying to sum results by date: CreatedDate ------ count 2015-12-2 ------ 1 2015-12-1 -----... by abovebeyond Communicator in Splunk Search 12-24-2015 0 6	0	6
What are the differences between the lookup and inputlookup commands? Is there any reason why this command would work: \| inputlookup myfile \| search SERIAL_NO "1234" \| table X, Y, Z An... by sel105 New Member in Splunk Search 12-24-2015 0 5	0	5
lookup 正規表現 lookupコマンドについて確認させてください。実現したいこと： CSVでシスログのホワイト・リストを作成し、シスログ参照時にCSVのホワイトリストのステータスを参照し、messageが「ignore」については表示しないように... by raku_sp New Member in Splunk Search 12-23-2015 0 6	0	6
Query to capture distinct source IP who triggered multiple signatures Dear Experts, I require help to create the query. I am creating the rule if single(unique) source triggered distinc... by sumit29 Path Finder in Splunk Search 12-23-2015 0 5	0	5
How to combine two field extractions into 1 with regex? I read in the best practices that if possible, combine two field extractions in to 1. This will improve the efficienc... by kamal_jagga Contributor in Splunk Search 12-23-2015 0 6	0	6
Renaming _time field causes an unwanted result Good Morning all. I'm experiencing a strange behavior when I try to rename _time's field. My goal is to run a search... by nik_splunk Path Finder in Splunk Search 12-23-2015 6 7	6	7
Large Lookups, Max number of look up rows? Any Gurus have experience with a large lookup table? For example my lookup table seems to be 3 GB worth of line that... by clyde772 Communicator in Splunk Search 12-23-2015 3 2	3	2
How to write a search with an outer join to only return results from index=A that are not found in index=B? I'm looking for the join syntax for an outer join in Splunk that is not "all of A and all of B that's in A". Rather,... by jonbelanger Explorer in Splunk Search 12-23-2015 0 11	0	11
Compare count of unique values over two different time periods Please forgive my ignorance, I am newbie to Splunk. I am trying to depict a unique count of users over two different... by kennyja Explorer in Splunk Search 12-23-2015 0 1	0	1
Limit an Apps Search Context I'm hoping to create apps for each of our departments that only allow them to search specific data from splunk. This... by rdevine Path Finder in Splunk Search 12-23-2015 0 3	0	3
How to combine two of the same type of message string and show table data? I have one index as foo. In this index there are messages like Bar Baz Hello...., Bar Baz Blah..., Bar Hi.... I want ... by anirban_nag Explorer in Splunk Search 12-22-2015 0 1	0	1
How do I create a stacked bar chart with my data set? Hi Guys, I have the following data set that i retrieve using a search : host calltype count pc4b... by dantu Explorer in Splunk Search 12-22-2015 0 4	0	4
Pie chart labels blank (except "Other") I have some pie charts on a dashboard: <dashboard> <label>Mail Gateway Summary</label> <row>` <chart> ... by FunPolice Path Finder in Splunk Search 12-22-2015 0 3	0	3
strptime/strftime not working Hi, I am a newbie to splunk and would like to know how to solve the following problem. I have a SharePoint dump whic... by kavu_vr Engager in Splunk Search 12-22-2015 1 11	1	11
How to perform calculations based on rex extracted fields? index=aap_prod sourcetype="HDP:PROD:OOZIE" \| rex "TOKEN\[\] APP\[(?<JobName>[^\]])" \| rex "ACTION\[[^\@](?<Actio... by athorat Communicator in Splunk Search 12-22-2015 0 12	0	12
Have to remove the last section of IP addresses before getting a stats count for each one? Hi, I have a list of IPs, and I want to create a chart showing traffic from them, but I also want a version which ex... by ewanbrown Path Finder in Splunk Search 12-22-2015 0 2	0	2
How to count by Week not using Splunk Timestamp Problem I want to be able to create a timechart that outlines the company's incident count by week. The issue I hav... by mjd555 Path Finder in Splunk Search 12-22-2015 0 8	0	8
How would you retrieve the latest indexed set of data with non-unique records? Example provided. Example data; (This is one run of a DBX dump input to an index.) ComputerName1, Application1, _time1 ComputerName1, ... by mcrawford44 Communicator in Splunk Search 12-22-2015 2 6	2	6
Check Point: Linking events together to produce a results set I am looking to build a dashboard where a user can submit a session number & retrieve the entire history of a session... by nbonner Explorer in Splunk Search 12-22-2015 0 4	0	4
Is it possible to use ".exe" as an External Lookup? Hi, Is it possible to use ".exe" as an External Lookup? Everything I make a lookup in a search I receive the follow... by madsurfer Explorer in Splunk Search 12-22-2015 0 1	0	1
Help with regex to extract time in milliseconds Hi, Can someone help me extract the time in MS from the following log line? Dec 15, 2015 9:35:08 PM org.apache.cata... by aniketb Path Finder in Splunk Search 12-22-2015 0 3	0	3
Is there a way to keep specific logs for a longer retention time for historical searches? Is there a way in Splunk to tag some specific logs and keep them for longer retention time? So for example, I want to... by daniel_augustyn Contributor in Splunk Search 12-22-2015 0 2	0	2