Splunk Search

Community Activity

How to group values HiI have a field name called report_name, it can have a number of status values associated with it, i.e. status=a or ... by becksyboy Contributor in Splunk Search 11-10-2020 0 2	0	2
Event count before and after a specified time I am looking to count the number of events that occur before and after a specified time (8am) each day to give a tabl... by jboustead Explorer in Splunk Search 11-10-2020 0 1	0	1
DNS Logs field extraction (flags) Hello Splunkers,I'm actually trying to extract the "flags" field in the DNS logs.Meanwhile, the TA provided by Splunk... by kvnpichon Path Finder in Splunk Search 11-10-2020 0 2	0	2
Search hosts, Windows updates Hello! I am new in Splunk Search. I am using this query to find all hosts to which a specific update was installed:s... by ivan123357 Explorer in Splunk Search 11-10-2020 0 6	0	6
How do you allow automatically match against lookup file multi-value field Hello experts - I'm scratching my head trying to figure out if there's something at the low level configuration side ... by splunker1981 Path Finder in Splunk Search 11-09-2020 0 1	0	1
User agent - Difficult in extracting Field Hi I am trying to extract field from the user agent details like ( Operating system, Software, Software version, Soft... by jaibalaraman Path Finder in Splunk Search 11-09-2020 0 5	0	5
sourcetypes Is there a way to tell which method a sourcetype is using to get data into splunk? For example, suppose I look at the... by verifi81 Path Finder in Splunk Search 11-09-2020 0 2	0	2
Event-data within retention time is missing HiFor a given index with retention of 91 days configured, we find some hosts having events for the full 91 days.Some ... by ufotech Explorer in Splunk Search 11-09-2020 0 3	0	3
How to resolve high increase in forwarders reporting errors, including "Failed to checkpoint" for channel='security'? We discovered that in early April, around the 7th, we had a HUGE increase in forwarders reporting this error: ERROR E... by jcleary47 Path Finder in Splunk Search 11-09-2020 3 4	3	4
Blacklist lookup - search query I have a blacklist.csv file that looks like the following,namedescriptionvpnVPN was found.puttyPutty was found. I... by astackpole Path Finder in Splunk Search 11-09-2020 0 2	0	2
Time duration between two events from timestamp mentioned in the event. Hi there, I have a requirement where i need time duration between two events in ms.Events look like this Event A: Pro... by Fury Loves-to-Learn Lots in Splunk Search 11-09-2020 0 10	0	10
Javascript: How to cancel a search mid run? Hello, I am trying to write a simple SPA using JS on the Search Head. I have a page where objects are generated dyn... by bmacias84 Champion in Splunk Search 11-09-2020 0 2	0	2
Nested Search Question OK I have been reading most of the morning and I have to just be missing something very simple.To explain what I am t... by mmccaugh9472 Observer in Splunk Search 11-09-2020 0 4	0	4
UNIX time for the first day of the month of last month I am querying Nessus imported data and I would like to find old vulnerabilities still present today.More precisely, e... by jacortijo Explorer in Splunk Search 11-09-2020 0 3	0	3
queries that used datamodels HiThere is any option to get a list of acceleration data model and what rules / reports / queries) using each of the ... by havatz Explorer in Splunk Search 11-09-2020 0 1	0	1
resolve IP to name I want to be able to see the host name in search results rather than IP. In this case, the "host" I am looking for is... by gburtz New Member in Splunk Search 11-09-2020 0 1	0	1
Search query using REST in JSON format? Hello, I am trying to do a search query using JSON. It works if I use the normal form format, but not JSON.Working ... by locobiker Loves-to-Learn in Splunk Search 11-09-2020 0 0	0	0
Join multiple lookup table to get result in single table Hi,This is the case scenario:when I run this search query:index = "global" productIDI get the following result:{ "pro... by basics Explorer in Splunk Search 11-09-2020 0 3	0	3
Count of API calls over X time_taken, only if average time_taken is over a threshold Hi, I currently have a query that returns the a chart of API's whose calls average over a specific time limit (uniqu... by pzhou07920 Explorer in Splunk Search 11-09-2020 0 4	0	4
How do you calculate the growth of each Index on a monthly basis? We have a requirement to show the data growth of each index on a monthly basis. I tried with the below query from _in... by akarivaratharaj Communicator in Splunk Search 11-09-2020 0 10	0	10
timechart conditional result Hello, i have objects with names that all carry a unique and constant "Software-Signature" with them.This signature i... by light_of_sirius Explorer in Splunk Search 11-09-2020 0 2	0	2
Dashboard As Per below screenshot, i getting results the difference between last week host and this week host count. But i wa... by uagraw01 Motivator in Splunk Search 11-08-2020 0 2	0	2
Search result from different App Hi , Is it possible to get the search result from a specific app to my own application?Example:The result of the APP_... by jadengoho Builder in Splunk Search 11-08-2020 0 2	0	2
Extracting multiple values for single field I'm trying to extract multiple values for a single field. I've got the beginnings of the regex sorted to extract it, ... by ebs Communicator in Splunk Search 11-08-2020 0 3	0	3
Charting diff of events with running total I have some firewall session state logs which get sent to Splunk every minute. The session state events contain a uni... by rtadams89 Contributor in Splunk Search 11-08-2020 0 2	0	2