Splunk Search

Community Activity

how to calculate time delta how to calculate the device’s uptime value e.g time delta means time between (uptime < 1800) up to next (uptime < 18... by sanjeev Explorer in Splunk Search 07-16-2020 0 5	0	5
Calculate time difference between multivalue fields Hi , I have a data from search in below formatName provider1IN provider1OUT provi... by ayush1234 New Member in Splunk Search 07-16-2020 0 5	0	5
Time part is discarding I have a timestamp variable EmailSendAt=2020-07-15 05:52:13.186 , Whenever I am usingstats value(EmailSendAt) as tim... by sheshanath Loves-to-Learn Lots in Splunk Search 07-16-2020 0 3	0	3
COM Component monitoring in windows server How to COM+ components of windows server in splunk? by Ajay Observer in Splunk Search 07-16-2020 0 0	0	0
Windows Server Up time How to know/search windows server uptime? by Ajay Observer in Splunk Search 07-16-2020 0 0	0	0
Help with creating an index search based on the _time value (beginner) Beginner here, I'm trying to run a search on unique logins for a web-based application. The current logs, however, do... by Bassik Path Finder in Splunk Search 07-16-2020 0 28	0	28
Datamodel summariesonly Why are we seeing logs from year ago even we use sumarriesonly=t\| tstats summariesonly=t earliest(_time) as Earliest... by jadengoho Builder in Splunk Search 07-15-2020 0 0	0	0
Splunk Search String Hi! I'm new to splunk, I'm just learning it now because I need to understand the splunk search string given to me by ... by Deniserity Engager in Splunk Search 07-15-2020 0 2	0	2
Display only few sentences and show all with arrorw when you click Hi Splunkers, my search is like that and it makes table with data and error message. But error message includes like... by summerura Explorer in Splunk Search 07-15-2020 0 3	0	3
Need to change the _time to log event time Hi ,I need to replace value of _time with special extracted log time event. I am using this search but its not workin... by rashi83 Path Finder in Splunk Search 07-15-2020 0 2	0	2
Splunk - Alerting if ip address/ url changed over last 24 hours Hi Guys,I am trying find changes in office 365 ip address and URL using SPL by comparing results from today to yester... by asahni Loves-to-Learn in Splunk Search 07-15-2020 0 0	0	0
How to create a Splunk alert upon any new table entry Hi. I have a splunk table which tracks all the plugin version available to install for each plugin. Please note that... by rsantkumar Observer in Splunk Search 07-15-2020 0 3	0	3
Using TimeWrap for specific time window. Hello Everyone, I am trying to count the events for the window 8PM(Day1) to 6AM(Day2) for last 3 days so that I can ... by rajatsinghbagga Explorer in Splunk Search 07-15-2020 0 1	0	1
Passing Value from Subsearch to Parent Search I am fairly new to Splunk and only have the basics under my belt at best. I'm having trouble proving out the followin... by jstocker New Member in Splunk Search 07-15-2020 0 2	0	2
Search speed up Hi everyone, silly question but I'm not much practical with Splunk queries. How to speed up a search that is currentl... by paxo Loves-to-Learn Lots in Splunk Search 07-15-2020 0 16	0	16
Define & use variable in same search Hello, fellow splunkers!I am trying to find a search string where I could define a variable & then use it in the same... by Filomenka Explorer in Splunk Search 07-15-2020 0 7	0	7
Can you exclude specific files from the Splunk file validation? After upgrading to Splunk 6.5.1 we began receiving an error message in the GUI stating "File Integrity checks found 1... by RJ_Grayson Path Finder in Splunk Search 07-15-2020 0 9	0	9
Filtering by OS I have the outcome of my search results but I want to filter by only OS. I was able to get all the results but need ... by johnfrias New Member in Splunk Search 07-15-2020 0 4	0	4
I see a list of generic names under "savedsearch_name" on search heads, but where are these searches actually saved? Hello On my search heads, I am able to find searches that are named "search1", "search2" etc: savedsearch_name sear... by tkwaller Builder in Splunk Search 07-15-2020 3 4	3	4
Comparing two fields from events with fields from a list Lookup Hello.Again, these lookups ). The hardest thing about queries.The request itself is the identification of users who l... by nalia_v Loves-to-Learn Everything in Splunk Search 07-15-2020 0 0	0	0
Why is Restrict Search Terms not working I want to restrict a given role's access to the data in Splunk by using 'Restrict search terms' under access controls... by dflodstrom Builder in Splunk Search 07-15-2020 2 4	2	4
Splunk Query to find changes in ip address and url Hi Guys,I am trying find changes in office 365 ip address and URL using SPL by comparing results from today to yester... by asahni Loves-to-Learn in Splunk Search 07-14-2020 0 0	0	0
How do you get a timechart to display local time in Visualization? I have the following query: host=PRODPLEX NOT "C:\\WINDOWS\\system32" \| timechart span=1m sum(deltatasks) The Ev... by tonyclifford Engager in Splunk Search 07-14-2020 0 3	0	3
After extracting a field with rex, what is the most efficient way to call stats on a specific value within this field? Hi, any help with this would be appreciated! rex field=msg.message "loc=(?<place>\d+)" \| search place="16" \| stats co... by pred15 Engager in Splunk Search 07-14-2020 0 3	0	3
How to filter events using lookup table? I've tried to follow others posts as well as the documentation here and I've come up empty. I have a bunch of device ... by bvan Explorer in Splunk Search 07-14-2020 0 5	0	5