Splunk Search

Community Activity

Why is Restrict Search Terms not working I want to restrict a given role's access to the data in Splunk by using 'Restrict search terms' under access controls... by dflodstrom Builder in Splunk Search 07-15-2020 2 4	2	4
Splunk Query to find changes in ip address and url Hi Guys,I am trying find changes in office 365 ip address and URL using SPL by comparing results from today to yester... by asahni Loves-to-Learn in Splunk Search 07-14-2020 0 0	0	0
How do you get a timechart to display local time in Visualization? I have the following query: host=PRODPLEX NOT "C:\\WINDOWS\\system32" \| timechart span=1m sum(deltatasks) The Ev... by tonyclifford Engager in Splunk Search 07-14-2020 0 3	0	3
After extracting a field with rex, what is the most efficient way to call stats on a specific value within this field? Hi, any help with this would be appreciated! rex field=msg.message "loc=(?<place>\d+)" \| search place="16" \| stats co... by pred15 Engager in Splunk Search 07-14-2020 0 3	0	3
How to filter events using lookup table? I've tried to follow others posts as well as the documentation here and I've come up empty. I have a bunch of device ... by bvan Explorer in Splunk Search 07-14-2020 0 5	0	5
Need help to comparing two pieces of information from two different hosts how can I compare information from two different hosts?For exemple, On a host I have the name, number and phone calls... by murilocepeda Engager in Splunk Search 07-14-2020 0 1	0	1
Filter Email Address Country of Origin Using Lookup Assume I have a simple search that lists in a table the email addresses of those who recently sent an email:index=ema... by griffins Explorer in Splunk Search 07-14-2020 0 2	0	2
IP address separating from 1 source I have a list of ip address that come from 1 source, I want a query to list the ip address separately and make them t... by Ephrem32 Explorer in Splunk Search 07-14-2020 0 1	0	1
Unable to get return results from inputlookup I am unable to get additional columns from a CSV I have referenced in an SPL query that I have written. In the CSV t... by willadams Contributor in Splunk Search 07-14-2020 0 1	0	1
Listing all saved searches from all apps via REST without correlation searches Hi All,So, I know I can get a list of all enabled saved searches by doing:\| rest count=0 /servicesNS/-/-/saved/search... by karadikid Explorer in Splunk Search 07-14-2020 0 3	0	3
Database Records Hi @gcusello ,Following is the query that used to return database records but now it is not working.dbquery wmsewprd ... by rahul2gupta Path Finder in Splunk Search 07-14-2020 0 1	0	1
How do i correlate events using subsearch from two sources based on two different conditions? Hello Splunker,I have a below scenario where i am struggling to come up with search query, and would like to ask your... by Sunil2020 Explorer in Splunk Search 07-14-2020 0 2	0	2
events results time in milliseconds hi,i sent Splunk value, for example x=1. after 10 milliseconds i send again x=2 etc.when i search for x. i see in the... by erez10121012 Path Finder in Splunk Search 07-14-2020 0 9	0	9
Why `where match(...)` but not `search match(...)`? What is the difference between `... \| when match(a,b)` and `...\| search match(a,b)`?Why in such cases `when` works an... by pm771 Communicator in Splunk Search 07-14-2020 0 1	0	1
reset_on_change, reset before, reset after what is the major difference of these in streamstats command. I could understand why these function are used as I get... by tara12121007 New Member in Splunk Search 07-13-2020 0 0	0	0
How to get results from last 1 week and last 3 week for the exact time frame of the search I am new to Splunk, I am trying to get results in the below pattern. Any help is appreciated.Lets say I am doing sear... by achittela Loves-to-Learn in Splunk Search 07-13-2020 0 2	0	2
Stats include all fields \| stats sum(Score) AS TotalScore, values(value1) AS value1, values(value2) AS value2, values(value3) AS value3, by Us... by tmontney Builder in Splunk Search 07-13-2020 0 2	0	2
Using CSV field as time I have a CSV file with a column labeled published. Timestamp values in that field are listed like so: 2020-07-01T01:1... by bvan Explorer in Splunk Search 07-13-2020 0 2	0	2
Why is the save button greyed out when attempting to modify a report/search? Hello, I am new at this and I have been emailed some search examples to meet an objective. I copied and pasted the s... by infra2sec Path Finder in Splunk Search 07-13-2020 0 2	0	2
Get a Server Error running certain searches and unable to saving a report or alert for any search Hi,We are using Splunk Enterprise 8.0.4.1 with a Search head and two indexing cluster.As a splunk administrator, I a... by mfeigel Observer in Splunk Search 07-13-2020 0 4	0	4
Eval statement based of 1 field using If I have a bunch of storage clusters that we monitor, 60% of the envrioment uses normal GB, the other 40% uses GiB. I... by codedtech Path Finder in Splunk Search 07-13-2020 0 3	0	3
Use an intermediate universal forwarder Hi at all, I need to send logs from many Universal Forwarders to an Indexer Cluster using an Intermediate Forwarder. ... by gcusello SplunkTrust in Splunk Search 07-13-2020 0 4	0	4
Search using MAP COMMAND I have dropdown which has to execute the two different searches based on token picker I am trying to implement the me... by ssadanala1 Contributor in Splunk Search 07-13-2020 0 1	0	1
Cluster Command Based on Multiple Fields Can the cluster command cluster based on more than one field? I know we can change which field to cluster by, but can... by michaelsplunk1 Path Finder in Splunk Search 07-13-2020 0 2	0	2
Comparing multiple values for a result HI All,need your help in below query. I use below query to get below output.Query : index=nw_syslog\| rex field=_raw "... by jerinvarghese Communicator in Splunk Search 07-13-2020 0 3	0	3