Splunk Search

Discussions

Thread Info

Modify default field extraction for spaces

We are successfully ingesting Websense logs into Splunk but the user field is recorded in LDAP context and has spaces...

by Engager in

Graphing windows system from uptime to downtime

I have a query that provides windows startup, ending and duration - however I was looking for a way to graph this? ...

by Path Finder in

How to force graph to include recent "zero" values?

So I have this basic search for a line graph visualization: (search goes here) | timechart count Let's say I'v...

by Builder in

Combining fields with mvcombine

Hi folks, I'm trying to merge events that share a common keyword value, with the mvcombine. The problem is it just...

by Communicator in

Format Stats Column Data

So I'm running this search string here: index = git | rename Data.payload.head_commit.modified{} as FilesModified ...

by Path Finder in

How to filter Windows Security Event Logs containing machine name as username?

Hello everyone, I´m trying to filter some Windows Security Event Logs that contains the machine name as the userna...

by Explorer in

Substring of multivalues out ot multivalue field

I'm trying to produce a multivalue field out of another multivalue field in my data model, and that's proven to be qu...

by Engager in

REGEX to remove a word from indexing

Anybody can answer to simple question? How to remove from indexing host= d:\TEST.log just "<TD>" combination? What sh...

by Explorer in

How to return result for users whose name contain and do not contain underscore

My Splunk is 5.0.5. I constructed a rex to extract user from free-hand logs. In some logs, user is null. This skews m...

by SplunkTrust in

Macro and Comment Fields

Is it possible to add a comment field in a Macro so that it is displayed in a search? For example, if a macro contain...

by Communicator in

SplunkES - How does the correlation search results goto 'notable' index ?

How does the results of the correlation events go to "notable" index ? Is there any configuration file for this ? ...

by Motivator in

Increasing TIMESTAMP by adding seconds.

Hi, I have a proxy log that logs the time the query was executed and also give the duration in seconds. "11/Jan...

by Path Finder in

Regex Field extraction question

Hello, I am trying to extract a field and I have an error in my REGEX. The line looks like this: 6/26/2014 13:0...

by Path Finder in

How do i find the most common events in my search?

As a splunk user, i want to find the most common events in my search results. How would I accomplish this? I am tryin...

by Builder in

Concatenate events from FTP log to produce UserID list of successful logins

My goal is to create a search that produces a report of ftp users that have logged in (successfully) in the past 7 da...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Modify default field extraction for spaces

Graphing windows system from uptime to downtime

How to force graph to include recent "zero" values?

Combining fields with mvcombine

Format Stats Column Data

How to filter Windows Security Event Logs containing machine name as username?

Substring of multivalues out ot multivalue field

REGEX to remove a word from indexing

How to return result for users whose name contain and do not contain underscore

Macro and Comment Fields

SplunkES - How does the correlation search results goto 'notable' index ?

Increasing TIMESTAMP by adding seconds.

Regex Field extraction question

How do i find the most common events in my search?

Concatenate events from FTP log to produce UserID list of successful logins

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

BotS member needed !

To set up alert using saved search and map command

How to compare 2 lookups and highlight any changes...

How to change pie chart font color from within Spl...

Users with the same roles, in the same app, and sa...