Splunk Search

Community Activity

Group count percentage by key We have 5 host and 3 on west 2 on east, and each of them take x% of request, the stats we have right now looks like:h... by xiangli9 Observer in Splunk Search 07-20-2020 0 1	0	1
How to format a custom time field Hello, I have a search running that shows the custom "Sign-on_Time" field in a table. I want to format it to a more r... by aaroncherian Path Finder in Splunk Search 07-20-2020 0 8	0	8
Search not retuning all values from a array search HIIm trying to get data from an object containing an array, and my search returns some of the results but i cant see ... by brytox New Member in Splunk Search 07-20-2020 0 1	0	1
Detect Brute Force auth success after multiple failures Hi,I'm trying to detect brute force activity by detecting multiple auth failures followed by success. I started with... by gnoriega Explorer in Splunk Search 07-20-2020 0 5	0	5
[SmartStore] How is the Replication of Summary bucket managed in Splunk Smartstore? there has been a huge spike in the number of uploads, resulting in many more failed uploads from throttling than we ... by rbal_splunk Splunk Employee in Splunk Search 07-20-2020 0 1	0	1
How to convert string into percentage I want to convert a column of text values into percentage.STATUSontimelateontimelate by shravanikarale Loves-to-Learn Lots in Splunk Search 07-20-2020 0 3	0	3
Join multiple fields and change their name Hi everyone,I have some data with a lot of fields.Some fields represent the same data, but with different field names... by Itai5468 New Member in Splunk Search 07-20-2020 0 1	0	1
Restrict search to a role using a search restriction is not working Hi All.I have a local instance on my laptop for demo purposes, so no complex deployment on this machine.I have create... by MLGSPLUNK Path Finder in Splunk Search 07-20-2020 0 15	0	15
calculating field percentages before stats command index= base search \| stats count, avg(ElapsedTime) as duration, by requestName, LogType, errorMessage, HttpStatus, i... by amerineni Loves-to-Learn in Splunk Search 07-19-2020 0 3	0	3
command="predict", Too few data points: 0. Need at least 1 (too many holdbacks (0) maybe?) Hello,I have tried the following command to forecast recipient using predict command and Forecast time series assista... by Janani_Krish Path Finder in Splunk Search 07-19-2020 0 2	0	2
How to compare events from two sources to find outliers in data? Hi, I'm trying to compare events from two sources to show where the outliers are (they "should" be the same but we k... by bcusick Communicator in Splunk Search 07-19-2020 0 9	0	9
How to create a single query that can show Internal AND External users all in one table. All users are located under POP_Address. If the POP_Address = 192.168.* or 172.16.*, etc, we consider them to be inte... by mztopp Explorer in Splunk Search 07-19-2020 0 3	0	3
Table containing url, total requests, error responses Seems pretty simple, but it's kicking my butt so here I am. I've tried more variations than I'd like, but I have a to... by oompaloompa Loves-to-Learn Lots in Splunk Search 07-19-2020 0 11	0	11
How to track memory/cpu usage per search execution (on Search Head/Indexer)? Hi I am looking for a way to track memory/cpu usage per search execution on search head and indexer. I thought I co... by melonman Motivator in Splunk Search 07-19-2020 1 4	1	4
Extract a Particular value from a already extracted field Hi Team, I have extracted a field which contains some response. From that response in that field I need only certain ... by sen8sen Engager in Splunk Search 07-19-2020 0 6	0	6
Search and display results of a single field among two sourcetypes Hello, I have a sourcetype called "signons" and it has a field called "Session_ID" and "System_Account"In my search, ... by aaroncherian Path Finder in Splunk Search 07-18-2020 0 4	0	4
Source IP not plotting on cluster map I'm trying to plot source IP Addresses (src_ip) from web events on a cluster map but it does not seem to work. It on... by dcraven02 New Member in Splunk Search 07-18-2020 0 2	0	2
rex I'm trying to extract this line from my linux logs in splunk using rex but I'm not sure how to extract itTCP 191.174... by rkris Explorer in Splunk Search 07-18-2020 0 2	0	2
using eval results of a search with my base search I'm currently trying to use the results of my eval fields in my base search For example, I would like for my search t... by payton_tayvion Path Finder in Splunk Search 07-18-2020 0 3	0	3
Alert when certain event occurs outside of time period of other event I have an event that logs the following . . startTime: 2020-07-17T17:48:46Z endTime: 2020-07-17T17:52:27Z . . I ca... by tbrown Path Finder in Splunk Search 07-17-2020 0 1	0	1
Optimizing Query with Join to with out join I have the below query which seemingly working okay. I was looking things that I can use to optimize the below query ... by durgave Engager in Splunk Search 07-17-2020 0 3	0	3
Parse nested json array without direct key-value mapping Hi, I have a json that looks like the following - {<!-- -->"id": "123","uri": "http://xyz.com/api","method": "POST","headers"... by rashmeet Explorer in Splunk Search 07-17-2020 0 5	0	5
foreach variable and search I have variables that I am trying to use to get in a search with a foreach loop...for example.. I have customers: a,... by raychamber Explorer in Splunk Search 07-17-2020 1 13	1	13
Alert for specific PC I have an alert for excessive login failures configured to fire off when a PC reports greater than normal login attem... by CaptainThoadar Engager in Splunk Search 07-17-2020 0 1	0	1
Search results might be incomplete: the search process on the peer After spending two days reading almost all forum posts related to this error message, including translating questions... by splunkcol Builder in Splunk Search 07-17-2020 0 1	0	1