Splunk Search

Community Activity

How to create inventory that matches user to the devices they have logged into? Hello All, I am looking for a solution to establish a kind of IT inventory, based on logins. Is there any working sol... by Yokova New Member in Splunk Search 08-05-2020 0 1	0	1
how to use transaction to Group multiple events with field values in a specific order hello , i have many logs like:"_time1 user=A eventid =45""_time2 user=A eventid=46""_time3 user=A eventid=48""_time4 ... by qiuxiaoping New Member in Splunk Search 08-05-2020 0 5	0	5
How to perform Rolling Percentiles (e.g. P90) over a time period? I need help on doing cumulative percentiles, such as p90, over a period of time. This is different from rolling avera... by splunkuserCA1 Path Finder in Splunk Search 08-05-2020 0 3	0	3
Compare value of row'1', column'1' with row'n', column'n' and if matched then diff=(Size_In_MB_new-Size_In_MB) I want to compare (OWNER)(TABLE_NAME) to (OWNER_New)(TABLE_NAME_New). And once the value matched then want to find di... by RajanRaj New Member in Splunk Search 08-05-2020 0 1	0	1
SPLUNK architecture Hi, I am very new to SPLUNK and inherited an environment without much documentation. Can anyone help with the followi... by Jeronimo317 Explorer in Splunk Search 08-05-2020 0 1	0	1
count Events per minute but only for same users Hi Splunkers, some examples from our logs.. [Time:11:03:01] [Function:upload] [User:aaa][Time:11:03:10] [Function:upl... by summerura Explorer in Splunk Search 08-05-2020 0 1	0	1
How to check whether splunk is receiving logs from particular IP Hi Guys, Syslog is sent to forwarder IP through TCP 514 port. I am unable to receive those syslog in forwarder or ind... by alexspunkshell Contributor in Splunk Search 08-05-2020 0 2	0	2
Stats StatusCode error Rate Hi There,Need help to find the status code error rate where status code is >400.I have below Query to time chart t... by dpdwibedy Explorer in Splunk Search 08-05-2020 0 4	0	4
Time duration filter Hi All, Need help in getting the data for those Downtime > 15 mins. below is the query am using. index=opennms "uei.... by jerinvarghese Communicator in Splunk Search 08-05-2020 0 3	0	3
How to query alerts by a specific personal domains? Hello,I'm trying to put a query together to monitor/view emails being sent externally to a personal domain. i.e. john... by brc55 Explorer in Splunk Search 08-05-2020 0 3	0	3
src_ip, with all dest_ips and dest_ports The following search is not giving me what I want.. sourcetype="sidewinder" action="blocked" direction="internal" \| ... by mcbradford Contributor in Splunk Search 08-05-2020 0 6	0	6
How to add final total count of results without adding another column? I can't seem to figure out a way to add a bottom row for a total count of results (records) to the end of the results... by splunkin11 Path Finder in Splunk Search 08-04-2020 0 10	0	10
Timechart issue I have created a dashboard panel that shows all the users with failed logins in the form of a timechart I'm trying t... by rkris Explorer in Splunk Search 08-04-2020 0 2	0	2
How to create a search for date compare to get the exact output? I am trying on date compare but i am unable to get the exact output The condition for Date Compare: if(First_Date.bef... by renuka Path Finder in Splunk Search 08-04-2020 0 2	0	2
How to perform a field extraction on a field from a lookup table? Hi, How to perform a field extraction on a field from a lookup table? I'm trying to add another field so the data mod... by dkorlat Explorer in Splunk Search 08-04-2020 0 5	0	5
Self Join and override Values Need some help with a querySample Data: { id: “123”, start_time: “2020-08-01 15:00:00”, end_time: “2020-08-01 16:0... by akshaysaraf Explorer in Splunk Search 08-04-2020 0 2	0	2
Difference of values using single value with percentage I would like to put together a graph with the difference of values as a percentage, so I can use the single value a... by leandromatperei Path Finder in Splunk Search 08-04-2020 0 1	0	1
Using subsearch result as a variable Hello,This is my first post, so I apologize if I'm lacking in some sort of post etiquette or other guidelines. I'm tr... by ethanmwk Loves-to-Learn Lots in Splunk Search 08-04-2020 0 5	0	5
Escaping the double-quotes when ingesting data? Hi, I'm attempting to deal with data coming from a query run by the Splunk DB Connector. It pulls all the data in fi... by marrette Path Finder in Splunk Search 08-04-2020 1 7	1	7
Count the total no of values in multivalue field - json response HI, I need to get the count of all the packages from the json body and display the total no of packages available for... by vijaysubramania Path Finder in Splunk Search 08-04-2020 0 9	0	9
EXTRACT-field regex in props.conf not extracting multiple values for the match. Hi There,Thank you for stop by and helping.I've a regex which extracts all URLs and domains from given field, this re... by bhupalbobbadi Path Finder in Splunk Search 08-04-2020 0 2	0	2
How to custom sort by column headers I have a table that shows the number of logs by severity over each host. I want to be able to rearrange the severity... by DEADBEEF Path Finder in Splunk Search 08-04-2020 0 1	0	1
Showing in a table results missing in a query from a set Hi,I’m trying to perform a query in Splunk that not sure if it’s even possible… I have my query over data with a form... by oribit Observer in Splunk Search 08-04-2020 0 5	0	5
Splunk Ad-hoc search getting auto-cancelled randomly My Ad-hoc searches getting auto-cancelled randomly.I am running them with admin privileges.There's no problem with RA... by sagaraverma Loves-to-Learn Everything in Splunk Search 08-04-2020 0 6	0	6
Replace string to replace entire Message field with another message for specific EventCode?? My query searches for (Eventcode=509 OR EventCode=118) and generates output (host, Time, EventCode, Task category, Me... by priya0709 Path Finder in Splunk Search 08-04-2020 0 4	0	4