Splunk Search

Discussions

Thread Info

Help combining 2 searches

I am attempting to do this search: host = pesweb* "payment via manually entered card" | stats count by users My data ...

by Path Finder in

Splunk 6.0.1 Login page customization

Can someone tell me what file to modify to customize the login page after upgrading to verson 6.0.1? It used to be ve...

by New Member in

Latest 6.1.1 lookup attribute definition UI for data models broken?

With latest 6.1.1 installation, the UI for adding a lookup attribute to the data model seems not working any more. No...

by Explorer in

dbconnect timestamp

I've a DBconnect on a MSSQL My Timestamp in the DB looks like this : 2013-04-04 15:24:36.7170000 I've defined t...

by Builder in

REGEX for authentication logs

I have authentication logs like below: ,AUTHN_METHOD_FOO,123!@#123!@#123!@#asdfgdvfd,123!@#123!@#123!@#asdfgdvfd,1...

by Motivator in

regex stops at first match

I've got a regex that seems to stop at first occurence per line. I am using the 'field extraction' function. My regex...

by Explorer in

Splunk parse url path value (not query parameter)

www-pcm-com/p/Logitech-Keyboards/product~dpno~8146199~pdp.gbhdbgh How can i get the value 8146199 (which will alwa...

by Engager in

correlate two seperate searchs

What is the most efficient way to correlate results from two separate searches? I can perform two searches, but only ...

by Communicator in

where clause works only with reverse logic

I have a search that returns a list of dealers, the types of vehicle and the report file uploaded to corporate. In th...

by Builder in

Chart grouped event over time with specific matching events

I am currently trying to show a graphical representation of the number of times an a specific thing happens x number ...

by Engager in

How to eliminate results from a search?

I am searching my new weblogs and it is filled with data like: db.ConnectionProvider (ConnectionProvider.java: 202) -...

by Path Finder in

Inner Search between values

Hi Folks, I have a problem with the search source="source" | rex field= ...| eval value= (part of regex command)...

by Explorer in

Compute some stats without discarding full results

I have logs of conversations, identified by a common field (a unique ID) and an end-marker. Some conversations get ab...

by Engager in

eval returning null value for a looked up field

I have a query which I need to chart with an overlay with a static baseline figure (maxiops) which is retrieved by lo...

by New Member in

Information collected from AD change monitor as lookup

Hello All, Currently we're using a script to dump AD into a .csv for referencing device inventory and user account...

by Path Finder in

Calculate the "month" after first appearance

Hi, I'm doing an analysis about users whose first event was in January 2014. I want to know, what they did in mont...

by Motivator in

Need help in mapping fields by using list()

I have a several multivalued fields fetched from different sourcetypes and I'm using list() to print the values. Prob...

by Contributor in

How to retrieve latest log using aplunk query

We need to create a splunk alet to get the total number of products processed as part of Job execution. But below thr...

by New Member in

input.conf concat host to host_regex value

Hi trying to work out if I can prefix the value returned by host_regex with the actual server name as some of the log...

by New Member in

Use lookup to retrieve query value

Good evening. I have a query that currently does what I need it to do, searching on a particular value, "foo". Thi...

by Path Finder in

Make chart value ranges and show the number of hits in that range

I have a database with two values (time and fees). It shows the fees that someone pays and the time in seconds each t...

by Engager in

Passing checkbox values to timechart

Hi i am using checkboxes module with sideview. I have to pass the values that i select in checkbox drand display grap...

by Explorer in

Search app specific to index in 6.x

Hi, I need abc search app created which is specific to index=abc I don't want to do this as user/role based. Want ...

by Explorer in

splunk6 iplocation and geostats

Hi, Is internet access required for using Splunk6 iplocation and geostats commands?

by Champion in

Subsearch only returns 1 value

The search below produces multiple values for c_ip index=proxy* | fields c_ip s_op d_ip r_host d_port cs_bytes cs...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help combining 2 searches

Splunk 6.0.1 Login page customization

Latest 6.1.1 lookup attribute definition UI for data models broken?

dbconnect timestamp

REGEX for authentication logs

regex stops at first match

Splunk parse url path value (not query parameter)

correlate two seperate searchs

where clause works only with reverse logic

Chart grouped event over time with specific matching events

How to eliminate results from a search?

Inner Search between values

Compute some stats without discarding full results

eval returning null value for a looked up field

Information collected from AD change monitor as lookup

Calculate the "month" after first appearance

Need help in mapping fields by using list()

How to retrieve latest log using aplunk query

input.conf concat host to host_regex value

Use lookup to retrieve query value

Make chart value ranges and show the number of hits in that range

Passing checkbox values to timechart

Search app specific to index in 6.x

splunk6 iplocation and geostats

Subsearch only returns 1 value

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...