Splunk Search

Community Activity

Mask sensitive info with SEDCMD I am attempting to mask sensitive information using SEDCMD. However, it does not seem to take effect.I've run btool, ... by geoffmoraes Path Finder in Splunk Search 10-30-2020 0 4	0	4
Line Chart Overlay based on previous month and previous month-1 Hi,I would like to compare the data of the previous month to the month before (i.e. now its October, so the default s... by ronaldtanhj Path Finder in Splunk Search 10-30-2020 1 13	1	13
sequential or execution in join (or simulating join) Hi,I'm in Splunk since August after 20 years working in SQL, a lot of new things and I need help.I've a daily cron jo... by jgm1977 Engager in Splunk Search 10-30-2020 0 1	0	1
search query - categorizing results based on a field Hi, bit new to splunk, looking for suggestions on one of my search queries:Here's some sample events that I receive{<!-- -->"... by milanpatel7 New Member in Splunk Search 10-29-2020 0 0	0	0
Creating Field from Inputlookup Hello.I'm trying to create a field for all events in a search. The field is a value from a inpulookup. There is no sh... by TooManyQuestion Explorer in Splunk Search 10-29-2020 1 4	1	4
Error in 'eval' command: The expression is malformed. An unexpected character is reached at ') , user)'. Help Please I have a search running fine by itself, index=indexA user=ABC123 \| where isnotnull(USER_NAME_FROM_ACEE) \| table USE... by samlinsongguo Communicator in Splunk Search 10-29-2020 1 2	1	2
UX question about login page community.splunk.com Hi All, one question related to community.splunk.com login page.. so on the login page, we get username textbox, afte... by inventsekar SplunkTrust in Splunk Search 10-29-2020 0 6	0	6
Adding avg and changing min to minutes Ill start off i am newer to splunk.... I am using the following search index=server source="WinEvent" EventCode=1234... by eb1929 Explorer in Splunk Search 10-29-2020 0 1	0	1
I can`t get more than 10.000 results in a join command Hi, I would like to know if there is some way to create a query where I can get more than 10.000 results when I used ... by jjofret Explorer in Splunk Search 10-29-2020 0 1	0	1
How to line up 2 reports Hello Splunk Community,I have 2 reports trying to combine into 1. The fields are different to each other. Say Report ... by iamsplunker Communicator in Splunk Search 10-29-2020 0 3	0	3
Is there a way to do a NOT IN search something like; [search index= myindex source=server.log earliest=-360 latest=-60 " by riotto Path Finder in Splunk Search 10-29-2020 0 10	0	10
How to pass a field value from one search to another search? Hi All,I'm extremely new to Splunk and have been tasked to do the following:Perform a query against one host (Server1... by hillsw19 Explorer in Splunk Search 10-29-2020 1 4	1	4
WinEventLog input xmlRegex modifier -- When did THIS become available? I've been on the struggle bus with WinEventLog blacklist entries this week and stumbled upon the new xmlRegex modifie... by dstaulcu Builder in Splunk Search 10-29-2020 0 2	0	2
Splunk Alert Create alert based on count over past time frame Hi Splunk Community I need some assistance with a Splunk alert, the search result provides exactly what I require but... by Pmeiring Explorer in Splunk Search 10-29-2020 0 1	0	1
How show 0 when not result I need show any value in every minute, but I only get value > 0Search:\| tstats count WHERE index=XXXXX C_TXN_A IN (1,... by Luninho Explorer in Splunk Search 10-29-2020 0 2	0	2
How to set a backup TCPOUT group in Outputsconf Hi,From my understanding, the param `defaultGroup` under the stanza `[tcpout]` in `outputs.conf` can be set to a comm... by morethanyell Builder in Splunk Search 10-29-2020 0 5	0	5
need help in order to compare 2 columns and display one related field Hi, I'm Alex from Franceas almost everyone here, I need some splunk guru ^^fields computer and user are in index1, co... by maz38 New Member in Splunk Search 10-29-2020 0 7	0	7
Join two indexes based on substring match Hi,I am struggling with joining two indexes based on substring match.I have following indexes :index1 :having followi... by ved08514 Explorer in Splunk Search 10-29-2020 0 11	0	11
How to use events only from 'active' host? I have 2 different data set:1. host and prevStatus field with IDLE value2. server (same values as host) and server st... by JykkeDaMan Path Finder in Splunk Search 10-29-2020 1 1	1	1
Join by time range Hi all, Possible to join 2 search results like following? Set 1:_time field1field2field3 (common field) Set 2:_time ... by stwong Communicator in Splunk Search 10-29-2020 0 3	0	3
If I use more than 6 times append command in query the Chart command shows incorrect result I ran the below query,index=s sourcetype=S_1 \| search Gene="dow" OR Gene="x" OR Gene="ari" OR Gene="lia" OR Gene="SX"... by nivethainspire_ Explorer in Splunk Search 10-29-2020 0 4	0	4
Regex replace field text Hello everyone,I was wondering if this kind of search is possible. I want to replace the text from my search which lo... by g_paternicola Path Finder in Splunk Search 10-29-2020 0 4	0	4
ML query to detect categorial outlier per field per day comparing with other day statistics Hello All,I am trying to find categorial outlier for all the emails sent from our environment with respect to its cou... by Janani_Krish Path Finder in Splunk Search 10-29-2020 0 0	0	0
Missing calculated field Hi,In the logs being ingested Splunk isn't automatically pulling out the action field, so I'm trying to create one fo... by ebs Communicator in Splunk Search 10-28-2020 1 5	1	5
search strptime function using %Z and tz database time zones Greetings,Quoting fromhttps://docs.splunk.com/Documentation/Splunk/7.2.6/SearchReference/Commontimeformatvariables, ... by kscher Path Finder in Splunk Search 10-28-2020 0 2	0	2