Splunk Search

Community Activity

Send Alert if # does not = 4 What i am trying to do is send an alert if Alive_Iwalls does not equal 4. This will tell me if all of the firewalls a... by taylormade2169 Engager in Splunk Search 01-03-2014 1 2	1	2
IF DNS searched then lookup IP to allow search on IP in index I have an App that allows users to enter IP addresses and find if the connections between source and destination have... by Snazter57 New Member in Splunk Search 01-03-2014 0 2	0	2
search head not working in a cluster I've set upt a cluster in a lab environment - replication factor of 2 using RHEL 6.4. All looks good from the master ... by pil321 Communicator in Splunk Search 01-02-2014 0 2	0	2
Splunk Lookups Return Error Even When Permissions Are Global I created a lookup and it was created under a specific app and I pointed it to a particular sourcetype. When setting... by aelliott Motivator in Splunk Search 01-02-2014 2 7	2	7
regex field extraction; same source, variably different fields I've got input from a syslog source, that looks like this: 2012-10-10 04:04:52[connection-5] AUTH: User xxx authenti... by gsawyer1 Engager in Splunk Search 01-02-2014 0 5	0	5
How to remove sourcetype from this search? Hi, This is one of the canned correlation searches included in Splunk Enterprise Security. How can I exclude events... by echojacques Builder in Splunk Search 01-02-2014 0 4	0	4
finding peak and low times from timechart I want to tabulate peak period and low periods for my web transactions. The following search works but not very effic... by kunadkat Explorer in Splunk Search 01-02-2014 1 5	1	5
How to use Rex Command in Python/C# SDK Hi, I have a CLI query which works perfectly on Splunk Web terminal and the same thing I want to replicate it using ... by harshal_chakran Builder in Splunk Search 01-02-2014 0 1	0	1
Report on users that excessively browse the internet We currently have our web filtering logs forwarded to Splunk. I have been asked to provide a report that doesn't just... by jowilliams New Member in Splunk Search 01-02-2014 0 5	0	5
Combine two regular expressions into one I want to combine two regular expressions.Please help me. \b(2013)[- /.](0[1-9]\|1[012])[- /.](0[1-9]\|[12][0-9]\|3[01]... by dangerdx New Member in Splunk Search 01-02-2014 0 7	0	7
Onetime regex search Hi, I'm struggling with doing a regex search. I want to search the whole log files for credit card information. Sin... by Avarion New Member in Splunk Search 01-02-2014 0 4	0	4
Real Time Searches Any disadvantages if we are running real time searches and alerting using those, currently we are testing few functio... by nikhilmehra79 Path Finder in Splunk Search 12-31-2013 0 2	0	2
fieldformat not working? I'm using fieldformat (Splunk 5.0.5, search head in a cluster, if that matters) in order to change how the time is di... by bojanz Communicator in Splunk Search 12-31-2013 0 4	0	4
change lookup macth_type Hi I have a list of words in a lookup table and i would like to return the events of a search that match any of the ... by jonthanze Explorer in Splunk Search 12-31-2013 0 2	0	2
Alt key to add NOT no longer works on fields in V6 We've just upgraded to V6, and one of the first things I've noticed is that you can't use the Alt-Click to add the NO... by ashleyherbert Communicator in Splunk Search 12-30-2013 5 1	5	1
Conversion from string to date I am having a field deliveryExpiry (String type) in my log and I want to compare whether the expiry is before the cur... by c_sahil New Member in Splunk Search 12-30-2013 0 4	0	4
Creating a multivalue field from a result? Hey everyone, So this feels like something I should be able to do with the standard search language, but I am failin... by dshpritz SplunkTrust in Splunk Search 12-27-2013 3 4	3	4
searchmatch with macro expansion Hello & merry xmas to all, I would like to create a macro-expansion using searchmatch (eval-command) such that the a... by klee310 Communicator in Splunk Search 12-27-2013 0 2	0	2
Conflicting Event count in Search App based upon time range I executed this search on my data, over two different time ranges: "malware" \| timechart count The time ranges wer... by rahulgopal Explorer in Splunk Search 12-27-2013 0 4	0	4
Javascript or HTML5 in app setup pages? Someone just asked me if it was possible to have something like a slider on the app setup page for entry of data. So... by phoenixdigital Builder in Splunk Search 12-26-2013 0 1	0	1
Using lookup tables and searching it twice We have a user lookup table that contains information such as username, email, and managername. I can do a lookup to... by rmorlen Splunk Employee in Splunk Search 12-26-2013 0 2	0	2
How to add percentage on statistic field? Hello, My search: index=test sourcetype=traffic \| stats sum(A) as A sum(B) as B sum(C) as C sum(D) as D \| transpose ... by appleman Contributor in Splunk Search 12-25-2013 0 2	0	2
Subsearch results display in different columns with same field by differenet timerange sourcetype=xxx earliest=-1d@d latest=-0d@d \| stats count by host \| append [search earliest=-2d@d latest=-1d@d \| stats... by rossikwan Path Finder in Splunk Search 12-25-2013 0 4	0	4
How to get index time in subseconds ? Hi Splunkers, I want to know the index time lag in subsecond order by following command. index=main \| eval index_la... by sunrise Contributor in Splunk Search 12-25-2013 0 2	0	2
What is pulldown_type? Hi! I would like to know what pulldown_type option (props.conf) affects in splunk. Are there any description in the ... by yuwtennis Communicator in Splunk Search 12-25-2013 1 1	1	1