Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
pyi

How to write a search to extract an IP address after a line within a Windows security event?

Hello, I have the following: 11/20/2014 11:04:58 AM LogName=Security SourceName=AD FS 2.0 Auditing EventCode=501 ...
by pyi Engager in Splunk Search 11-20-2014
0 1
0
1
JdeFalconr

How to create a search to predict license violations?

I'm trying to use commands like predict and trendline to write a search that will alert on a predicted license violat...
by JdeFalconr Explorer in Splunk Search 11-20-2014
2 3
2
3
masonmorales

REGEX/Props.conf - Extracting the same field from multiple places in the same sourcetype?

I have one sourcetype that has a common field, but it's located at different places in the event depending on the mes...
by masonmorales Influencer in Splunk Search 11-20-2014
3 2
3
2
shantu

Why curl command for CSV output of top 20 error messages using regex returns error " -bash: syntax error near unexpected token `(' "?

I'm trying to use the REST API to export an aggregation of the top 20 error messages in my log4j formatted logs. I wa...
by shantu Explorer in Splunk Search 11-20-2014
0 2
0
2
jo_za_b_m

How to write a transaction search where startswith has the same value as endswith?

Hello, I am kind of new to Splunk and unfortunately I ran out of Ideas how to solve the problem i'm facing. I need t...
by jo_za_b_m Engager in Splunk Search 11-20-2014
1 3
1
3
smashedpumpkins

Why regex in search query is now failing, but used to work for months prior?

Today or sometime in the last week a query of mine stopped working. It worked before and should work now. The followi...
by smashedpumpkins Explorer in Splunk Search 11-20-2014
0 3
0
3
edookati

How to write a search to get a table of eventstats perc95 and avg by a certain field?

I need a table which gives me both perc95(response_time) and avg(response_time) by service_name I am using the below ...
by edookati Path Finder in Splunk Search 11-20-2014
1 2
1
2
r2r2

Monitoring logons of domain users (EventCode 4624)

Hello! I have logs from Domain Controller Active Directory in Splunk and try to configure monitoring of user logons ...
by r2r2 Explorer in Splunk Search 11-20-2014
1 8
1
8
hlarimer

Calculations off of results of two stats searches

I have 2 searches: index=av_log sourcetype=sophos_threat_events | dedup ComputerName FullFilePath | stats count by T...
by hlarimer Communicator in Splunk Search 11-19-2014
0 7
0
7
Bhuavana

Timechart dynamic drilldown

Hi, I have a timechart as my first dashboard to display all the exception types over the time and below query is use...
by Bhuavana Explorer in Splunk Search 11-18-2014
0 1
0
1
hlarimer

How to overlay two searches on the same chart in Splunk 6.1 or 6.2?

I have 2 searches and would like to overlay them on the same chart. The first creates a stacked column chart: index...
by hlarimer Communicator in Splunk Search 11-18-2014
1 3
1
3
ateterine

Finding multiple events for same user

Ok, so title might not say exactly what I'm looking for but here is my scenario. a. We have users who received error...
by ateterine Path Finder in Splunk Search 11-18-2014
0 3
0
3
yoho

Building transactions with randomly ordered events

I have a log file with repeating patterns looking like this. Notice there are only 3 distinct field names and pay att...
by yoho Contributor in Splunk Search 11-18-2014
0 6
0
6
brettcave

ordering of fields in a transaction (mvfind bug?)

I am trying to determine the sequence of pageviews that a visitor visits. I have the following query: eventtype="Ana...
by brettcave Builder in Splunk Search 11-18-2014
0 4
0
4
icyfeverr

The Lovely Transaction Command

When using the transaction command, I am getting unexpected results. Search: sourcetype=abc source="/u/spool/zlogs/a...
by icyfeverr Path Finder in Splunk Search 11-18-2014
0 12
0
12
feickertmd

Convert epoch time from drilldown parameter

I have set up a drilldown to jump from a timechart graph to another dashboard. <link> <![CDATA[ ...
by feickertmd Communicator in Splunk Search 11-18-2014
0 3
0
3
diggin

How to pass the counts from two panels into a third panel to get a percentage of the whole and use a speed meter?

I am wanting to add a panel to a dashboard which shows a percentage of total vulnerable hosts to total hosts in the e...
by diggin New Member in Splunk Search 11-18-2014
0 5
0
5
bcarr12

Manipulating fields within a transaction

What would be the best way to go about manipulating fields within a transaction? For example, let's say I have the f...
by bcarr12 Path Finder in Splunk Search 11-18-2014
0 2
0
2
Notinocrunch

Is it possible to extract the name of the day and month from an event date field in the format dd/mm/yyyy?

Assuming all my eventdate fields are in the following format: dd/mm/yyyy i.e 12/06/2014 Is it possible to work with...
by Notinocrunch New Member in Splunk Search 11-18-2014
0 3
0
3
clayton_bell_ag

How to configure Splunk to extract key value pairs for a particular sourcetype with JSON log data?

How do I tell splunk that a particular source_type should have specific extract command parameters applied so as to c...
by clayton_bell_ag Engager in Splunk Search 11-18-2014
1 1
1
1
guilmxm

how can I query against a time range if i have renamed datetime to _time?

Hi, Thanks you so much for this very great application that opens Splunk to many information system reality! This Ap...
by guilmxm Influencer in Splunk Search 11-18-2014
0 2
0
2
cwl

earliest=0 is not overriding the time range selected in dropdown menu

When I did a search like "index=_internal earliest=0" + "Last 15 minutes" in drop down menu I could not see below mes...
by cwl Contributor in Splunk Search 11-18-2014
0 2
0
2
mohitab

How to search for the first record for each group of data for a field?

Data: I have CSV data indexed containing sensory information. The structure is timestamp, Flight_ID, lon, lat, alt. ...
by mohitab Path Finder in Splunk Search 11-18-2014
0 5
0
5
cruschke_bde

How to search for hosts that are not forwarding data of a specific source or sourcetype?

I am running a lot of Splunkforwarders and use source=system sourcetype=foo for some custom Solaris OS metrics. All t...
by cruschke_bde Explorer in Splunk Search 11-18-2014
1 4
1
4
nishan_perera

How to count each tupple values by day of the week

I got a query like this, %asa deny OR denied | eval dest_port = if(isnum(dest_port),dest_port,00)| eval denyTuppleVa...
by nishan_perera Explorer in Splunk Search 11-17-2014
0 6
0
6
Top Labels
Get Updates on the Splunk Community!

Event Series: Telemetry Pipeline Management

Balancing Scale and Spend: Gaining Control Over High-Volume Metrics in Splunk Observability Cloud As ...

Kick the Tires Before You Commit: A Hands-On Tour of the Splunk Observability Cloud ...

Evaluating an enterprise observability platform usually goes like this: fill out a form, get a free trial with ...

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...
Top Solution Authors
View All