Splunk Search

Community Activity

Filter windows events in Splunk Hello Can someone write here the steps and what files do i have to edit in order filter windows events ? Tnx by vad34 Path Finder in Splunk Search 12-31-2015 0 15	0	15
How to break xml in search time Hi, I need to index whole file data into splunk for a reason and i need to break that while searching. I understood ... by sdaruna Explorer in Splunk Search 12-30-2015 0 3	0	3
How to change the order the transaction command process the opened txn? Hi everyone! I'm trying to use a transaction to group logs that match the following business-logic: all triggered a... by sttang88 New Member in Splunk Search 12-30-2015 0 2	0	2
I added a field to all my events so I could search for specific results, but why can't Splunk read the custom field values? I added a field cluster to all my events, so that I can search for results in a Hadoop cluster specified. I edited in... by muellernc Engager in Splunk Search 12-30-2015 0 3	0	3
Group results by field I am trying to group a set of results by a field. I'd like to do this using a table, but don't think its possible. Si... by zamkov Explorer in Splunk Search 12-30-2015 0 4	0	4
How would I generate a Report to Display any delta (By ID, by _time) in FIeld X greater than Y? So a sample of the data I'm working with is as follows TImestamp \| ID \| Amount 2015-12-30 09:50:45 \| 1 \| 28668 201... by chburnett New Member in Splunk Search 12-30-2015 0 2	0	2
table order with eval I've got a search that does a \|table prior to doing an \|eval for ldapfilter. The search results are displayed in a se... by mikesangray Path Finder in Splunk Search 12-30-2015 0 2	0	2
How to set the Background Color of a Chart? Hi, We want to represent two Criticality Zones for an attribute on a Chart. Based on a Critical Threshold Series (w... by SwatiApte Path Finder in Splunk Search 12-30-2015 1 2	1	2
Limit on number of OR conditions in a search query Hi, I would like to know if there is a limit to the number of OR conditions that we can include as part of a search ... by keerthana_k Communicator in Splunk Search 12-30-2015 0 5	0	5
how to remove last character of a field value from the search results how to remove last character of a field value from the search results by muthvin New Member in Splunk Search 12-30-2015 0 3	0	3
How do I combine two searches and only return results from Search2 that are missing from Search1? Hello Splunkers, I am running two separate searches, both of which are running fine. The results of these two search... by lbogle Contributor in Splunk Search 12-29-2015 0 1	0	1
How to add search peers in a search head cluster? Is there a trick to adding search peers with a search head cluster? I have to add 20 new indexers very soon and I don... by daniel333 Builder in Splunk Search 12-29-2015 0 3	0	3
How to write a search to match Event 3 with Event 1 and match Event 4 with Event 2? Hello All, Need help in building a search. Below is my log file events format: Event 1 -- RequestType1 Event 2 -- R... by bharathkumarnec Contributor in Splunk Search 12-29-2015 0 2	0	2
Merge two indexes (ids with proxy) for more alert depth correlation I have two indexes for ids (suricata) and proxy (Cisco WSA), I'd like to correlate when splunk finds an IDS alert and... by JSkier Communicator in Splunk Search 12-29-2015 0 5	0	5
How to write a search to find which user did a sudo to root for the last 2 days on Linux servers? Would it be something like: sourcetype="/var/log/secure" eventtype="su_authentication" by sandyganti13 New Member in Splunk Search 12-29-2015 0 2	0	2
How to count how many times a field value has changed from one to another? Hi, In my data I have a "Status" field. The status can be in one of 3 states: Connected, Connecting, Disconnected. I ... by anphan1992 Engager in Splunk Search 12-29-2015 0 1	0	1
Trouble Joining Firewall and DHCP logs by IP address Hello All, been banging the head against the desk for awhile on this one; tried join, transaction, and a few other th... by tjr1775 Path Finder in Splunk Search 12-29-2015 3 9	3	9
How to update a lookup periodically? Hi All, I'm wondering what would be the best way to download the latest CSV from http://cyberthreatalliance.org/cryp... by CYBR_AH Explorer in Splunk Search 12-29-2015 0 3	0	3
How to troubleshoot why I'm missing events in my search results? Hi, I have an issue with a search, that I also use as an alert, which is not finding current events: So the searc... by omuelle1 Communicator in Splunk Search 12-29-2015 0 2	0	2
JSChart Drilldown - Show drilldown table when page loads I would like to know if there is a way to perform and inline drilldown from a JSChart to a Table but have the table s... by plarkin01 Explorer in Splunk Search 12-29-2015 0 2	0	2
How to make a search run or populate a dropdown if condition is met using simple xml? So I have a dropdown called Repository, that populates a search and another dropdown called Namespace that has set ch... by dreamwork801 Path Finder in Splunk Search 12-29-2015 0 8	0	8
How to search the count of both fail and total numbers from a data model? I want to get fail number and total number from one data model, but I cannot figure out how to do this. My search is ... by HedyLu New Member in Splunk Search 12-29-2015 0 2	0	2
How to retrieve time\date after distinct count search? Hi, My search is: mysearch \| stats dc(Errorcode) as Errors By Name I want to get results for 2 options: optio... by abovebeyond Communicator in Splunk Search 12-28-2015 0 3	0	3
How to change the chart label size in Simple XML in Splunk 6.3? Hi I want to change chart label size in Simple XML. I find in Splunk 6.2 there is one option that can be used : <... by zhulongshiny Engager in Splunk Search 12-28-2015 0 1	0	1
Can Splunk Web Console through IPv6 Do anyone know how to enable Splunk Web to be access via IPv6 address schema? Can dual-stack (IPv4 and IPV6) access ... by hcwong Engager in Splunk Search 12-28-2015 0 3	0	3