Splunk Search

Community Activity

	Finding events that do not contain a specific string We have some issues with line breaking such that we have events that often consist of multiple logical events, or the... by teedilo Path Finder in Splunk Search 04-19-2021 0 2	0	2
	How to get the "COD SERIE CEI" which has no events between now and 2 hours ago? Hi, guys!I have an event table, which has a field called "COD SERIE CEI". I need to get the "COD SERIE CEI" which has... by raultav Engager in Splunk Search 04-19-2021 0 3	0	3
	How do I extract a field from my raw stdout log data using rex? Can you please help with extracting the fields from the below sample log. I am unable to escape the "'// &" '" in the... by rseri17 Explorer in Splunk Search 04-19-2021 0 6	0	6
	How To Exclude Results From One Search Where a Field Value Matches the Field Value of Another Search Hello!I have two searches that return separate data but have a common field. I am trying to filter my first search by... by Traer001 Path Finder in Splunk Search 04-19-2021 0 1	0	1
	field extraction with Regular expression giving inconsistent results Hey there,I created a field extraction from UI,using regular expression method,where regular expression got created ... by ayadav38 Engager in Splunk Search 04-19-2021 0 1	0	1
	count over time with open/close events Hello Splunkers,I would like to create a timechart for status. The data only comes when there's an update, so general... by sudo_su Engager in Splunk Search 04-19-2021 0 2	0	2
	ARIMA convert integer machine learning I'm trying to run this query below: (index=A sourcetype=jobs_info JOB_NAME IN (ACQUA)) OR (index=B sourcetype=FIRE) ... by nsantiago17 Explorer in Splunk Search 04-19-2021 0 2	0	2
	SPL - Creating a list using two time stamp entries Hi all, I am trying to create a fourth column which would display all values between a given time range in the single... by jacobmcn67 New Member in Splunk Search 04-18-2021 0 1	0	1
	Multiple same fields in one event with different data I have this XML data in one event but there are multiple transactions with same fieldnames . We need to display them ... by mariannedave Explorer in Splunk Search 04-18-2021 0 2	0	2
	Comparing 2 Atrributes in different indexes I have stored data in 2 indexes. One Index has a attribute which can be a substring of the second index _raw event da... by shinobu Explorer in Splunk Search 04-18-2021 0 2	0	2
	Splunk is not able to idetnify transforms.conf lookup configuration Hi,I have a csv file uploaded in the location /opt/splunk/etc/apps/search/lookups/. My transforms file is in /opt/spl... by surejsajeev Explorer in Splunk Search 04-18-2021 0 1	0	1
	Match records based on a WHERE condition defined in a lookup table Hello,Suppose I have raw records like this: user=blabla,org_L1=12345,org_L2=777,department=7890 user=testtt,org_L1=34... by edoardo_vicendo Builder in Splunk Search 04-17-2021 0 2	0	2
	Splunk Backup I am facing problems with restoring splunk. I require the searches, indexed data and users created on one installati... by lohit Path Finder in Splunk Search 04-17-2021 0 6	0	6
	How are AWS logs get ingested into Splunk Enterprise or ES? How are AWS logs get ingested into Splunk Enterprise or ES? Please advise the steps. by SamHTexas Builder in Splunk Search 04-17-2021 0 2	0	2
	Search for user additions to Active Directory privileged groups I would like to run a query for any user additions to privileged Active Directory groups. I am storing the AD groups ... by jlph Loves-to-Learn in Splunk Search 04-17-2021 0 1	0	1
	Tstats with Sparkline limiting values I am working on statsing firewall data into a sparkline. However, when I run the search, the sparkline caps out at 1... by biers04 Explorer in Splunk Search 04-16-2021 0 0	0	0
	Expand search based on chart Hi,Is there a way from a dashboard perspective that I present a chart from 2 big groups and if I click on the legend ... by aquinojason Path Finder in Splunk Search 04-16-2021 0 5	0	5
	Filtering Lookup Results Hi, Below is a result of a lookup command, how do I exclude the other information if I based in on BusinessUnit, For ... by aquinojason Path Finder in Splunk Search 04-16-2021 0 4	0	4
	Search for usage and login attempts for list of users I recently started learning Splunk . Could you help me!!Have list of users and particular looking for search query t... by Sathya0Q Engager in Splunk Search 04-16-2021 0 1	0	1
	I have an index searching with event and getting one line string, I need to display it as 2 fields using Regex or rex Example:My search is index=* source=xyzI am getting an event with plenty of lines in string formatI want to display... by sumandevops Engager in Splunk Search 04-16-2021 0 9	0	9
	Search Input based on a inputlookup Hi, I am trying to do the following:1. Using this \| inputlookup Application.csv where BusinessUnit = BU1, it will fil... by aquinojason Path Finder in Splunk Search 04-16-2021 0 2	0	2
	Rounding a Calculated Field Greeting Splunkers:Referring to: eval - Splunk Documentation where:round(X,Y)Returns X rounded to the amount of decim... by jason_hotchkiss Communicator in Splunk Search 04-16-2021 0 2	0	2
	How to fillnull json value pair in a subpath ? Hello,I'm faced today with something I do not understand.Here the structure of my event (JSON structured) : { dateRep... by emallinger Communicator in Splunk Search 04-16-2021 0 2	0	2
	Where do I find a list of orphaned searches, Reports and Alerts so they an be deleted or disabled? Where do I find a list of orphaned searches, Reports and Alerts so they an be deleted or disabled? For the purpose of... by SamHTexas Builder in Splunk Search 04-16-2021 0 4	0	4
	How to remove results of one query from a second query I'm currently trying to find workstations that haven't been logged into by a human over a period of time.My first que... by pgawron2 Loves-to-Learn in Splunk Search 04-16-2021 0 9	0	9