Splunk Search

Community Activity

metadata doesn't return correct events due to specific date HiI have several file in "myindex", when I set date "yesterday" I expect show just yesterday files , but it return ol... by indeed_2000 Motivator in Splunk Search 10-31-2021 0 0	0	0
Looking for date wise Incidents resolved count by each user i am trying to pull incidents resolved by each user in date wise . can any one help me how to form the below table wi... by Gousa New Member in Splunk Search 10-31-2021 0 1	0	1
Why would I want a replication factor of 2 and a searchable of 1? What would recovery look like? All, Setting up an index cluster of 3 nodes soon and sizing some disks. Feels like you would always want areplication... by dpwtheitguy Loves-to-Learn Lots in Splunk Search 10-30-2021 0 1	0	1
combine three charts into one Hi Dear Splunkers,I have three searches that display the output into a Dashboard in three different panel, but I want... by cbrs New Member in Splunk Search 10-29-2021 0 1	0	1
Automatic lookup query Hi,Just a query, I have some manual lookups in some of my dashboards, if I create an automatic lookup will this break... by joe06031990 Communicator in Splunk Search 10-29-2021 0 2	0	2
Getting a time series Ratio of data from two different sources I have two different data files which are related by a single named field. Lets call that field common_field. From... by echambervisa Observer in Splunk Search 10-29-2021 0 4	0	4
Filtering multi-value (or array) field with multi-value input Hi I tried searching all over but can't seem to find a good approach to do this. Basically, I have a multiselect inpu... by moomber Observer in Splunk Search 10-29-2021 0 0	0	0
export results to csv What's the easiest way to export Splunk search results to a CSV file that I can open in Excel? by Justin_Grant Contributor in Splunk Search 10-29-2021 6 13	6	13
Regex not working on splunk for the expression which works well on regex 101 i have data as below : Request-all-Headers = Accept - / Authorization - Bearer m6CsheaxrlMKIBH3vZ0EXk5G3rw6 Conten... by Shariq Explorer in Splunk Search 10-29-2021 0 7	0	7
How to include the previous and/or following event after the search string appears? Hi, I would like to include the event just before or just after the search string appears. Basically like grep -A 1 o... by echalex Builder in Splunk Search 10-29-2021 0 6	0	6
Is there a way to zoom at highest count in timechart automatically after it has been loaded? Hi! I have a panel in dashboard that uses timechart. I want to make it zoom at highest count or count>0 automatically... by GustavMahler Explorer in Splunk Search 10-29-2021 0 0	0	0
Windows Events - Why does SRC_IP for an Active Directory Server appears different in different events? Folks, Need some assistance to understand why Splunk is reporting different IP's for the same hostname ( Active Dir ... by neerajs_81 Builder in Splunk Search 10-29-2021 0 3	0	3
Field extraction from a Windows log Hi Splunkers, I have prepared a regex extraction using regex101 site, and now trying to extract "Failure Reason" as p... by vagnet Explorer in Splunk Search 10-29-2021 0 5	0	5
How do you use timewarp in specific? Let's say I have this query index = x \|stats count as Total, sum(AMMOUNT) as TAmmount BY MERCHANT, SUBMERCHANT I wan... by phamxuantung Communicator in Splunk Search 10-29-2021 0 2	0	2
Extract count of each value of a field and create a timechart from it using stats I have a field "skill" which takes multiple values:I want to extract the count of each of the values of skill and sto... by priyangshupal Engager in Splunk Search 10-29-2021 0 4	0	4
Insert Timerange picker value in query Hi, I want to insert Timerange picker value like $time$ in my query for a Dynamic input. Requesting help with the que... by noman377 Explorer in Splunk Search 10-29-2021 0 2	0	2
SPL: Use regex replacement string multiple times Hello *,I am looking for an SPL that reads the first part of a string via regex and replaces all occurrences of a cer... by _Tom Explorer in Splunk Search 10-29-2021 0 3	0	3
Match IP address with IP in Lookup table and alert Hello, We are using ES and we have a lookup file downloaded which has a mix of standalone ip's and CIDRs/Subnets/. ... by neerajs_81 Builder in Splunk Search 10-29-2021 0 5	0	5
Error: Cannot expand lookup field due to a reference cycle in the lookup configuration OK, this is oddSearch: index=myindexWorks and returns a field "Name", happily listing all values of Name as expectedH... by anapp Explorer in Splunk Search 10-29-2021 0 2	0	2
rex field? - extraction Hi,I want to extract the following term from this message: (MaRSEPbac, [MaRSEPbac_Old2], [MaRSEPbac])that means the s... by André Engager in Splunk Search 10-29-2021 0 3	0	3
rename row1 after transpose hi team, as titled, how to rename 'row1' to 'number' after transpose. I tried rename and replace, but doesn't work. by cheriemilk Path Finder in Splunk Search 10-28-2021 0 2	0	2
Extracting Account Name: Oct 28 20:08:57 XXX.XXX.com Microsoft-Windows-Security-Auditing[4]: EventID: 4663 An attempt was made to access an ob... by wkbevill Engager in Splunk Search 10-28-2021 0 2	0	2
Why is this "earliest" not working? index=myindex \| eval createdepoch = strptime(created, "%Y-%m-%d")\| eval _time = createdepoch\| search earliest=-90d@d ... by zachsisinst Explorer in Splunk Search 10-28-2021 0 1	0	1
Convert point in time events to timeseries with Data points I have the following data. That I am trying to convert to a time series by Type with the last Status brought forward.... by SplunkNs231 Engager in Splunk Search 10-28-2021 0 1	0	1
rex operation -- Regex: syntax error in subpattern name (missing terminator) Hi,I'm continuously receiving the error Regex: syntax error in subpattern name (missing terminator) when attempting t... by apalmier New Member in Splunk Search 10-28-2021 0 2	0	2