Splunk Search

Community Activity

Regex help Required Hi All,We are planning to ingest the SQL login success and failure logs into Splunk. So in the logs there are lot of... by anandhalagaras1 Contributor in Splunk Search 08-12-2020 0 5	0	5
Getting the error ImportError: splunklib.modularinput I'm running Cisco AMP events input on Splunk 8 on python 2.7.17 and received the following error after configuring th... by uhaq Explorer in Splunk Search 08-12-2020 0 0	0	0
Cisco eStreamer eNcore Add-on for Splunk v3.6.8 - Error in two EXTRACTs Cisco eStreamer eNcore Add-on for Splunk v3.6.8 has two EXTRACTs with errors in them. EXTRACT-extract_src and EXTR... by chris_barrett SplunkTrust in Splunk Search 08-12-2020 2 1	2	1
case: defaulting to "value" rather than NULL Hi, I'm using an "eval myvar=case(...)" like the one in the splunk documentation: ... \| eval description=case(error ... by zza2009 Engager in Splunk Search 08-12-2020 3 4	3	4
Search for text in log containing say, "non contact" but not just "contact" I have logs that say both contact and non contact. I would like to distinguish them in a search with the complete "no... by here2infinity Explorer in Splunk Search 08-12-2020 0 1	0	1
How to get index of a particular letter in string How can i find index of last occurrence of letter in value of a field string splunk_user microsoft_good_task god_pa... by ma_anand1984 Contributor in Splunk Search 08-12-2020 0 6	0	6
What should be my condition that will trigger the alert action, for a search string below Hello,I have a search string like below, where it is fetching data from stage and giving out aggregates of Trades for... by Snehaan Explorer in Splunk Search 08-12-2020 0 16	0	16
How to calculate average for the data which will get changed based on time interval ? I have below kind of data.App Name StatusApp1 0App2 0App3 0App4 ... by georgear7 Communicator in Splunk Search 08-12-2020 0 4	0	4
Using lookup to filter out fields from current searches against lookup fields Hello Splunk members!I currently have a search that produces "Users" connecting to certain "hosts" whereas the status... by MJA411 Explorer in Splunk Search 08-12-2020 0 0	0	0
How to convert the output of tostring or convert a duration field? I have a search that returns the diff of two times, but the user wants it in "1 day 5 hours and 23 minutes" format no... by jameswatts Explorer in Splunk Search 08-12-2020 0 3	0	3
Search That Looks Back in Time and Checks Fields I need assistance building a search that looks back in time 5 minutes to check and see if fields are present. If so ... by jodros Builder in Splunk Search 08-11-2020 0 6	0	6
How to use the existence of a preceding event in timechart? I have an index where each event has unique EventID and Status fields.Each event is progressing through multiple inte... by pm771 Communicator in Splunk Search 08-11-2020 0 2	0	2
How can my dashboards switch over to the next day at 12AM ETC rather than 12AM UTC? All of our Splunk users, including members of our Leadership Team are currently in the US/Eastern time zone. All of t... by adnankhan5133 Communicator in Splunk Search 08-11-2020 0 3	0	3
Getting authentication error when session login fails in Azure Databricks. Hi All, I am trying to access Splunk from inside the Azure Databricks instances. I have requirements to run queries f... by sbuxplat Observer in Splunk Search 08-11-2020 0 0	0	0
wanted to populate mutiseect token with if else condition in panel HiI have a dashboard, my requirement is like when a user will select a value Splunk in a multi-select, my pannel quey... by bapun18 Communicator in Splunk Search 08-11-2020 0 6	0	6
Removing Object from Json Array Currently I have splunk injecting AWS logs showing NACL's. Each event has an array that is called network_acl_entries... by stoneyhrm Observer in Splunk Search 08-11-2020 0 1	0	1
Regular expression only one value Dear, I need to identify some duplicate events that are right after the "Call-ID:", however in Splunk I am not getti... by leandromatperei Path Finder in Splunk Search 08-11-2020 0 1	0	1
REGEX HELPING PLEASE struggling to extract underlined items as RUN NAME by trevorkubheka New Member in Splunk Search 08-11-2020 0 4	0	4
How to force today's date column to display if no data generated for today's date? I currently have the following SPL query that generates a table, and appears as follows:Service IDResource NameTransa... by adnankhan5133 Communicator in Splunk Search 08-11-2020 0 1	0	1
Need Help to pull the logs in the below format Hi Community,I was trying to pull the logs in the following format _time, src, dest, src_port, dest_port by using st... by mputtam Path Finder in Splunk Search 08-11-2020 0 1	0	1
Set "latest" search time to 7 days after "earliest" Hi all,I'm trying to set the search period such that "earliest" is a specific day, and "latest" is 7 days after that.... by wu_weidong Path Finder in Splunk Search 08-11-2020 0 1	0	1
How to get stats count to include zero count by time? Hi,I have a lookup file like this -users:User1User2User3User4...I need to count the events by user:index=myindex \| st... by lukas Loves-to-Learn in Splunk Search 08-11-2020 0 2	0	2
wql query not returning any events [WMI:Services] Hello,Below query in wmi.conf file is not returning any events . But other queries are working.Please do suggest if a... by dkgs Communicator in Splunk Search 08-11-2020 0 0	0	0
Join SPL result to a single line? Hi, The following SPL returns records to me as shown below. index="uf_basickpi" host!=DS-* (sourcetype="CPU" counte... by wbolten Path Finder in Splunk Search 08-11-2020 0 2	0	2
How to produce stats with based on a field clientId Hi, I am stuck at a query problem. So what i need to do is join some events and get the result and for that I am usin... by shashank_24 Path Finder in Splunk Search 08-11-2020 0 5	0	5