Splunk Search

Community Activity

Trend of latest value per user I appologize if this has been asked and answered. I tried searching the forum but couldn't find the answer (if might... by macd0170 New Member in Splunk Search 08-31-2020 0 6	0	6
How to extract container name and ID from a log using regex? (Item Id: 45) Container Name: Abc Admin Accounts (Container Id: 19) suid=1 need to extract Container name & Container... by pavanmishra0102 Engager in Splunk Search 08-31-2020 0 2	0	2
Combining search based on field value Hello all,I have two search strings that pull information - one pulls all the blocked emails and the second pulls the... by thampton New Member in Splunk Search 08-31-2020 0 1	0	1
Problems with subsearch and returning multiple fields Hello I'm trying t run the following search: Using subsearch I collect from DNS logs the source IP address and the d... by reinoheinanen Explorer in Splunk Search 08-31-2020 0 4	0	4
Splunk query to identify an anomaly for increase in frequency of errors in logs Need help with Splunk query to identify an anomaly for increase in frequency of errors in logs. Historic data to comp... by VS0909 Communicator in Splunk Search 08-31-2020 0 3	0	3
How can I search for list of UF's and to which index they are sending data to ? Hi, Want to find universal forwarders and to which index they are sending data to ?We have cmd to list all the UF. Ne... by AK007 Engager in Splunk Search 08-31-2020 0 2	0	2
how to fetch the key values from double pipe separator Hi Team,I am having a logging with double pipe separator (\|\|) and need to get the key values from logs. Log pattern:... by iamlucky92 Observer in Splunk Search 08-31-2020 0 1	0	1
Linux Equivalent commmand in Splunk I have below command in Linux -grep "login?" access.log access.log.1 \| grep https \| cut -d, -f3 \| sed 's/"wafip"://g'... by Samiksha1008 Observer in Splunk Search 08-31-2020 0 3	0	3
REGEX help .. I am still learning .... To all:Still learning about REGEX ... I looked at RUBULAR.COM and REFEX101.com to figure out how to pull out the Use... by Stephen11 Explorer in Splunk Search 08-30-2020 0 2	0	2
Get login duration from WinEventLogs I've got tons and tons of logs.What I want is login durations from the wineventlogs by usernames. Each event has the ... by Cstone1 Engager in Splunk Search 08-30-2020 0 2	0	2
How to find anomalies for requirement - Needed to detect the errors in Java ? I would like to get the errors by class/exception/ExceptionMessage field (java based application errors) by week over... by venkatsm New Member in Splunk Search 08-30-2020 0 4	0	4
automatic lookup based on condition Hi, My CSV(test_csv_lookup) looks like this: ---index; value1, 1.1.1.1---- here is my automatic lookup LOOKUP-field_e... by mahe90 Explorer in Splunk Search 08-30-2020 0 1	0	1
Field values Ghjsourcetype=access_combined \| eval action = if(isnull(action) OR action="", "Unknown", action) \| timechart span=4... by obularajud16 Explorer in Splunk Search 08-29-2020 0 5	0	5
How to extract the daily value from a log in JSON format and create table? Hi, I have a Splunk log which logs messages in the following JSON format - @timestamp: 2020-08-28T11:24:27.289-04... by shirsho13 Engager in Splunk Search 08-29-2020 0 2	0	2
linechart y-axis decimal to scientific notation Hi Is it possible convert, in linechart visualization, y-axis from decimal in scientific notation? Thanks by splunk6161 Path Finder in Splunk Search 08-29-2020 0 3	0	3
Problem replicating config (bundle) to search peer hican someone help me with this error message?will it be because of this file and its size? can i delete it? by splunkcol Builder in Splunk Search 08-29-2020 0 7	0	7
Give results by email and days of the week on one row with Yes, No or Null for the past week I am trying to get the data into a chart from an index were a user may answer a question daily. This is what I need t... by CSULeigh Explorer in Splunk Search 08-29-2020 0 2	0	2
Multiple Base searches in a dasboard I have some dashboards in Splunk and I would like to use basesearch so that they load a little faster, I don't have m... by leandromatperei Path Finder in Splunk Search 08-29-2020 0 2	0	2
Question regarding small buckets warning So I'm getting the notice regarding small buckets on an index, 100% small buckets on one particular index. Now this i... by ernest825 Engager in Splunk Search 08-29-2020 0 3	0	3
Base search query for different dashboard Hello Everyone,I am new to base search and need some help from you.The query is taking a while, I would like to creat... by leandromatperei Path Finder in Splunk Search 08-29-2020 0 1	0	1
time coversion Can some one help me to convert the time format ( hh:mm:ss:nnn) which in string ( example 0:00:00.041) into seconds... by infotork Explorer in Splunk Search 08-28-2020 0 2	0	2
"mstats" Across Multiple Indexes Hello Everyone, I have metrics in different metric indexes but I want to perform a timechart count on these, adding a... by michaelsplunk1 Path Finder in Splunk Search 08-28-2020 0 0	0	0
I'm trying to determine if by date_time stamps if we are getting the logs we should be getting Hello,I'm trying to determine if we are getting all the TrendMicro logs by comparing what's in Splunk and what's in T... by clunde New Member in Splunk Search 08-28-2020 0 3	0	3
The maximum number of concurrent historical searches on this instance has been reached. I'm getting this message on the Indexer Master for my Cluster when I open the Monitoring Console. On which server s... by gregbo Communicator in Splunk Search 08-28-2020 2 9	2	9
How to get Success, In Progress and Failure Count from this data I have this kind of data, Event IDEvent StepStatus 1001SUCCESS 1002SUCCESS 1003FAILURE 1004FAILURE 1005SUCCESS 1006FA... by agar1122 New Member in Splunk Search 08-28-2020 0 1	0	1