Splunk Search

Community Activity

Need Minutes and hours conversion Hi, I am trying this cmd index="wineventlog" host IN (*) EventCode=6006 OR EventCode="6005" Type=Information\| transa... by priya1926 Path Finder in Splunk Search 12-20-2021 0 2	0	2
Failed to find Windows Event Log HelloI'm trying to injest event from this Microsoft event viewer:[WinEventLog://Microsoft-Windows-TerminalServices-Cl... by g_paternicola Path Finder in Splunk Search 12-20-2021 0 7	0	7
Need help on Queries Combination. Hi,Search 1: It is used to findout the server healthindex=win sourcetype="xmlwineventlog" host=Prod_UI_*\| eval Status... by jackin Path Finder in Splunk Search 12-19-2021 0 1	0	1
Using OR with regex Hello,Is it possible to user OR with regex?For example i have search \| regex something="", and I need \| regex somethi... by bosseres Contributor in Splunk Search 12-19-2021 0 2	0	2
Generete event after 3 consecutive failure Hi,I need an help with splunk search query where in an incident need to be generated for a log backup failure after 3... by nanoo1 Loves-to-Learn Everything in Splunk Search 12-19-2021 0 13	0	13
Use subsearch to gather ip addresses for use in another type off search? Playing around to find a way to gather IP-Addresses from one type of search, to gather other type of information abou... by einars Engager in Splunk Search 12-19-2021 0 2	0	2
How to find several terms in all _raw ? Hi,I want to find specific strings in all event in order to classify them into two values, like "if there is "A" or "... by mah Builder in Splunk Search 12-19-2021 0 1	0	1
How can I find delta between events using transaction command? I could retrieve the list of the transactions as a single event below. Transactions start with "Dashboard Load:" and... by limalbert Path Finder in Splunk Search 12-18-2021 0 3	0	3
Need help in creating alert when new QID is published from qualys I would like to create an alert when new QID from qualys is published. For that I'm using FIRST_FOUND_DATETIME field... by martin61 Engager in Splunk Search 12-17-2021 0 1	0	1
Failed Login Query Hello,I am trying to write a query that will display failed logins (Account_Name, Host, Count).First Queryindex=winev... by Mmilaham Loves-to-Learn in Splunk Search 12-17-2021 0 3	0	3
Scatter plot with text values and colour I'm trying to plot the following as a scatter chart:The y-axis should be the namespace. Namespace is a small set of s... by alex_collins_in New Member in Splunk Search 12-17-2021 0 1	0	1
Sum column a x times with different columns in a single query e.ghow to get sum of below in single querysum(val_2) by applicationsum(val_2) by val_1Query Result(single query)colum... by rajg369 Explorer in Splunk Search 12-17-2021 0 3	0	3
using 2 stats queries in one result I have tried multiple ways to do this including join, append but in each case all I get is one column result being di... by jdepp Path Finder in Splunk Search 12-17-2021 2 6	2	6
How to calculate time for a given day of week? How to perform calculations on a given day of week? Specifically, I want to compare a given time value, say given_da... by yuanliu SplunkTrust in Splunk Search 12-17-2021 0 5	0	5
Are there inherited properties/restrictions when using collect to copy from one index to another? We were presented with a situation where non-admin users needed access to Splunk license data from the _internal inde... by fatsug Builder in Splunk Search 12-17-2021 0 2	0	2
How to forward data in multisite cluster Hello splunkers,i need to understand the best way to forward my data in multisite indexer cluster for Disaster Recove... by marco1987 Explorer in Splunk Search 12-17-2021 0 2	0	2
DBxquery help HI All,I have a DB querry, need a help in date filter. \| dbxquery connection="ITDW" shortnames=true query="SELECT G... by jerinvarghese Communicator in Splunk Search 12-17-2021 0 0	0	0
how to define a generic sourcetype regex for service status Hi, I have a script which can pull the service status for each of the service,I have defined it to be a common source... by ashraf_sj Explorer in Splunk Search 12-17-2021 0 2	0	2
Regex extract all matched field values per event Hi Splunk Community,I have run into an interesting scenario where I need to write a field extraction that will parse ... by d_T New Member in Splunk Search 12-17-2021 0 1	0	1
Create a search who return status ok, or 200 Hello,I'm working in Splunk enterprise with the search queries.I use a Website monitoring app for my website.I run a ... by Redjon_27 New Member in Splunk Search 12-17-2021 0 1	0	1
search results expiring Hi at all,I noted a strange thing:in a splunk 8.2.2 with ES 6.6.2, the customer scheduled some daily reports with a t... by gcusello SplunkTrust in Splunk Search 12-17-2021 0 0	0	0
Calculate time difference between two events Hi All, I am using the below search to calculate time difference between two events ie., 6006 and 60056006 is event s... by priya1926 Path Finder in Splunk Search 12-16-2021 0 2	0	2
How to display the latest event as a result? Search query :1 index="main" earliest=06/01/2019:00:00:00 latest=now \| stats first(status) by src destination port ... by kartm2020 Communicator in Splunk Search 12-16-2021 0 21	0	21
How to get the forwarder IP address reproting to splunk Hello, Can i please know how to get the all forwarders IP addresses that a reporting to splunk without use of intern... by kteng2024 Path Finder in Splunk Search 12-16-2021 0 7	0	7
How to project alphanumeric values on y axis in timechart? I have a requirement for having start and stop times with there status be projected over time as a line graph.I have ... by samindam Observer in Splunk Search 12-16-2021 0 1	0	1