Splunk Search

Community Activity

How to know the number of accounts that do have not login in over 30 days in application1 but have login in application2 How to know the number of accounts that do have not login in over 30 days in application1 but have login in applicat... by moiezuddin Explorer in Splunk Search 02-03-2015 0 4	0	4
How to dynamically put today's date in the source field of an xml input value? Hi Team, How do I dynamically put today's date value in the source field of an xml input value? I have the search b... by Bhuavana Explorer in Splunk Search 02-03-2015 0 1	0	1
timechart 2 different fields in one search I seem to be having issues with time charting, i want to get a trend over time for more then one field. I have tried ... by sbattista09 Contributor in Splunk Search 02-02-2015 0 4	0	4
Is there any way to pre-calculate the difference between two fields and keep this delta as a new field for future searches? Data: departure_time1, departure_time2, arrival_time1, arrival_time2 All the fields are in string. My searches... by mohitab Path Finder in Splunk Search 02-02-2015 0 1	0	1
Why am I getting "Invalid regex with multiple repeats" trying to parse my data? A sample row that I want to parse: <134>Feb 2 07:06:48 github-intuit-com github_access: 10.168.0.5 - - [02/Feb/2015... by abdee172 New Member in Splunk Search 02-02-2015 0 2	0	2
Not getting top 50 values Hi, I am trying to get top 50 404s by uri and the corresponding referers by their count. For example, if uri1 is th... by xvxt006 Contributor in Splunk Search 02-02-2015 0 7	0	7
What is regex to extract the "http_user_agent" field from proxy logs when the content value is AND is not available? There is a field in my Bluecoat Proxy logs that is not extracting correctly. Here are portions of the two losable lo... by hartfoml Motivator in Splunk Search 02-02-2015 0 1	0	1
How to correlate fields from two different sourcetypes spawning across multiple hosts? Hello Guys, I have a problem in correlating fields spawning across multiple hosts and different sourcetypes. Here i... by AbhinandGokul New Member in Splunk Search 02-02-2015 0 5	0	5
Why is my search showing 2 values for the same hour? I am using the search below to compare this week vs last week same hour counts, but in the results, for some of the h... by xvxt006 Contributor in Splunk Search 02-02-2015 0 6	0	6
How can I make Splunk stop searching after it finds a set number of results? Hey there! I have a query that will always only return one result. This result will be different depending on the in... by rlough Path Finder in Splunk Search 02-02-2015 1 2	1	2
How to write the regex for host_regex for my sample data? I need some help building regex for host_regex. Please and thank you! /opt/splunk/SFTP/SYSTEM/daftm44de_sec.14-08-2... by omgwut56k Path Finder in Splunk Search 02-02-2015 0 1	0	1
Adding data with oneshot on gemeric_single_line Currently using oneshot to index data into splunk (bash) Is there a way to add a option for data to be in gemeric_sin... by nyp_kwyc Explorer in Splunk Search 02-02-2015 0 3	0	3
How to search multiple value on the same field I have a regex that searches for different types of value on a field: \| regex _raw="FIELD=(value1\|value2\|value3)" H... by BunnyHop Contributor in Splunk Search 02-02-2015 2 6	2	6
controlling access to dashboard and search capability I think this is a typical Splunk use case wherein, we want to give access to users who can only VIEW dashboards but s... by splunkears Path Finder in Splunk Search 02-02-2015 2 10	2	10
How to combine two different search results in a single visualization? Hello, I'm having trouble combining two different search results, from different source type into one visualization... by kenvanderheyden Path Finder in Splunk Search 02-02-2015 0 1	0	1
Optimize a search without using join Hello, Hope you can give an solution to my concern. There were different sourcetypes under a single index and they h... by jonathan_yan5 Explorer in Splunk Search 02-01-2015 0 2	0	2
How to create a stacked bar chart to compare denied and permitted traffic for the top 30 denied IP addresses from firewall logs? I have firewall logs where I'd like to count the top 30 denied IP addresses and from that, create a stacked bar chart... by simon_lavigne Path Finder in Splunk Search 02-01-2015 0 1	0	1
Problem with field extraction Hello I am having some pretty weird issues with field extraction on 6.2. When I perform this search: 65932 It re... by nyp_kwyc Explorer in Splunk Search 02-01-2015 0 3	0	3
How to get field values from search result using python script My test script splunk.auth.getSessionKey('admin','admin') my_job = splunk.search.dispatch('search index=* source =... by ronak Path Finder in Splunk Search 02-01-2015 0 1	0	1
Quota=0 bytes for 3 days. How do i reenable search ? Hi I have been using trial version and it expired during Christmas. Now i had expected to use the free version inste... by lhdk New Member in Splunk Search 02-01-2015 0 5	0	5
How to setup multivalued fields? Hi guys, I have a problem for which I've seen lots of answers but none worked for me. I have to say that I am a begin... by achitan Explorer in Splunk Search 02-01-2015 1 3	1	3
How can I get eventstats to recognize a renamed field? Hi, I've been having some trouble grouping same fields from multiple sources when the field names are different. I h... by rlough Path Finder in Splunk Search 01-31-2015 0 1	0	1
Masking Sensitive Data Ok Splunkers...... I have 1 search-head, 2 indexers, 1 Deployment server Here is the event (sourcetype=mysourcetype... by dperry Communicator in Splunk Search 01-31-2015 0 6	0	6
why can't I use join to return all suited value? hi, all: I want to link the two parts.The first is a csv file, the second is an index. The fileld name that i wan... by pingpangbubai Explorer in Splunk Search 01-31-2015 0 3	0	3
Get the Time difference from the logs to display in "%d/%m/%Y %H:%M:%S" format Hi All, I have a csv file, as following: ` FINISH_DATE START_DATE 30/09/09 19:51:16 30/09/09 19:... by harshal_chakran Builder in Splunk Search 01-30-2015 0 2	0	2