Splunk Search

Community Activity

search all event after specific string Hi1-I want to search result return everything after specific event till now.for example: index=main \| search "start ... by indeed_2000 Motivator in Splunk Search 07-07-2021 0 2	0	2
Splunk REST API with NodeJs: trouble getting started creating a search job I'm new to this, and would appreciate any help from someone who uses NodeJs with Splunk. I can successfully query pas... by mattee1283 New Member in Splunk Search 07-07-2021 0 0	0	0
How can I calculate counts for active Qualys vulnerabilities I am ingesting Qualys data via the Qualys Technology Add-on for Splunk (v1.8.7). To reduce daily volume, I have chose... by ejwade Contributor in Splunk Search 07-07-2021 0 2	0	2
subtracting 2 timestamps and then evaluating if that result is longer than 1 hour I have two timestamps that are in this format within my log events:start: 2005-07-05T04:28:34.453494Zend: 2005-07-05T... by samnew4598 Explorer in Splunk Search 07-07-2021 0 2	0	2
How to write rex with sed mode so that it shows/extracts all unique numbers with specific digits masked ? Hi, novice splunker here. How could I search or extract all the unique numbers while keeping certain digits masked? ... by user290317 Explorer in Splunk Search 07-07-2021 1 5	1	5
New lookup is not working Hi team,I already worked with the lookup feature of splunk, tables, definitions and automatic lookup, and is working ... by gustavoortega New Member in Splunk Search 07-07-2021 0 2	0	2
How to overwrite the indexer data. Is there any possibility to over write the index data ,for example the data is indexing by the below query.\| inputlo... by vinod743374 Communicator in Splunk Search 07-07-2021 0 4	0	4
How to combine multiple searches in same alert HI,I have 3 searches that give results for errors and journey length. I wanted to add all these searches together and... by SG Path Finder in Splunk Search 07-07-2021 0 0	0	0
How to combine multiple searches in same alert HI,I have 3 searches that give results for errors and journey length. I wanted to add all these searches together and... by SG Path Finder in Splunk Search 07-07-2021 0 0	0	0
Fill in 0 for timechart with missing values I'm generating a chart with event count by date. The problem is for dates with no events, the chart is empty. I wan... by the_wolverine Champion in Splunk Search 07-07-2021 5 7	5	7
How to use regex to filter out logs? Hi community,I have the need to exclude AIX logs containing a certain field value.This is the regex the parser is usi... by martaBenedetti Path Finder in Splunk Search 07-07-2021 0 5	0	5
Best way of making base search Hello everyone! I need some help with figuring out how to make this base search the best way without hitting the 500.... by N-W Explorer in Splunk Search 07-06-2021 0 6	0	6
Splunk Fundamentals Module 5 Lab In Module 5 Lab #8, I am asked to perform a search using the "fail* AND password" command over ALL TIME. The search r... by Floyd22 Engager in Splunk Search 07-06-2021 0 0	0	0
Show hosts that stop reporting logs Hello, I have many windows machines sending logs through the agent to index = mainWith what query can I monitor eith... by splunkcol Builder in Splunk Search 07-06-2021 0 3	0	3
Search hangs on "TcpOutbound" error A scheduled search is hanging when it approaches around 28% completion. In search.log, the following message appears ... by mh393 Loves-to-Learn in Splunk Search 07-06-2021 0 0	0	0
Tstats and stats return difference result Why do I use "tstats" and "stats" but return different results??? I need an explanation.I use Splunk version 8.2.0 by hoangpt Explorer in Splunk Search 07-06-2021 0 5	0	5
Splunk App for Unix and Linux props.conf fields are not calculated Hi,Given the below system architecture on a single server: 1. When I pass the OS data generated by the Splunk addon (... by nouraali Explorer in Splunk Search 07-06-2021 0 0	0	0
Index bz2 files take too much time Hi I have a directory that contain 60 bz2 files. Totally 27 GBAfter 24 hours still index processing not completed!How... by indeed_2000 Motivator in Splunk Search 07-06-2021 0 2	0	2
domain accounts search csv Hi,i have been looking but cant seem to make much sense of it all. im new to splunk.im trying to create a search and ... by japonter Explorer in Splunk Search 07-06-2021 0 4	0	4
Rename fields in source Hello  I have splunk getting data from a folder everyday.Recently the files changed the name of the fields.Here is a... by Joannna Explorer in Splunk Search 07-06-2021 0 2	0	2
Duration between two events with conditions Hi guysIm pretty new to Splunk and do not know how to create the search I need.We are forwarding events from our Faul... by pgraf Observer in Splunk Search 07-06-2021 0 3	0	3
Nutanix Hi All,We configured logs of a nutanix cluster to be pushed to splunk. Inside splunk, I can see logs that shows that ... by splunknewbie81 Engager in Splunk Search 07-06-2021 0 1	0	1
Why is my lookup not working, but inputlookup is working? My lookup is named FutureHires and \| inputlookup FutureHires shows that the lookup is being pulled in correctly. Howe... by katzr Path Finder in Splunk Search 07-06-2021 0 6	0	6
Need help to create alert for a huge number of events Dear Splunkers, Hello. I am new to Splunk and have task to create alert for following scenario:Each minute we receive... by Gene Path Finder in Splunk Search 07-06-2021 0 1	0	1
Splunk Config Files Location Hi everyone, We are currently looking a config file(s) that consist of the details below, instead of running executab... by mnestaz Engager in Splunk Search 07-06-2021 0 2	0	2