Splunk Search

Community Activity

What I did wrong here with makeresults command Hello experts,I am trying to create a custom macro, from that it will returns a result depends on the argument I pass... by thinhdinh Path Finder in Splunk Search 07-09-2020 0 3	0	3
Checking mvexpand Memory Usage Hi All,We are trying to get the memory usage of mvexpand command so that we can set the max_mem_usage_mb in the limit... by alvin_sulendra New Member in Splunk Search 07-09-2020 0 0	0	0
Local Documentation: Is it possible to have a local copy of what is at docsCheckerBaseURL? Is it possible to have a local copy of what is at docsCheckerBaseURL by NocSystems Engager in Splunk Search 07-08-2020 2 7	2	7
How to use iplocation to search for instances of a specific city or region? Hello, I am trying to use iplocation to search for instances of a specific city or region for example: * iplocation... by mgp173455 Loves-to-Learn in Splunk Search 07-08-2020 0 3	0	3
How to add DATE to a timestamp without a date We have some log files with name like this: logs_2020-06-30.logs. A sample events looks like this: 2020-07-01 12:01:5... by season88481 Contributor in Splunk Search 07-08-2020 0 1	0	1
transforms.conf INGEST_EVAL cannot get current time Hi everyone, I am trying to add a field for the current OS time. Here is my props.conf and transforms.conf #props.co... by season88481 Contributor in Splunk Search 07-08-2020 0 2	0	2
How to create custom command in python to write result SPL to CSV file? Hi splunker, I would like to create a python custom commands to write results of SPL commands in a CSV file. this is ... by raindad85 New Member in Splunk Search 07-08-2020 0 1	0	1
Statistical analysis of failed logins I have been trying to look at statistical figures for failed login attempts over a 30 day period for each user by the... by maxywalker1 Explorer in Splunk Search 07-08-2020 0 4	0	4
Co-relation Search between two data sources Mighty Splunk people... I'm having a problem creating an alert for following scenario: Data source 1: index=mail sou... by swaguzari Engager in Splunk Search 07-08-2020 0 5	0	5
Finding ip's not in a inputlookup Hi All,I appreciate that there are tons of answers on this but I am having issues getting it to work!I have a csv nam... by realtimetechnol Explorer in Splunk Search 07-08-2020 0 1	0	1
'Empty' a csv on a daily basis Hi all,I have a dashboard where users can add comments to a .csv lookup file. The comments are only related to the d... by timrich66 Communicator in Splunk Search 07-08-2020 0 2	0	2
How to compare and match timestamp of one field with the latest timestamp of other field before calculating duration ? Hi All,I am currently getting following results from my search query - time1 tim... by ak9092 Path Finder in Splunk Search 07-08-2020 0 6	0	6
How to sum all the Latest events for the specific field How to sum all the Latest events for the specific fieldExample:Raw data of the event: Client=XXXXX,CreationTime=3/19/... by Boopalan New Member in Splunk Search 07-08-2020 0 0	0	0
Dynamic lookup - how to remove entries? Hello,I have following issue:I have VPN GW used to remote connecting of users, this GW sends log to Splunk. I would l... by lukasmecir Path Finder in Splunk Search 07-08-2020 0 2	0	2
Search for IP Addresses more efficient using wildcards or CIDR ranges Hello I'm looking to run a search in a Firewall log index for connections to a know IP range and trying to decide whi... by andylee53 New Member in Splunk Search 07-08-2020 0 3	0	3
Search Data 1 Minute Ago I have data that has _time from 18:00:20-18:00:52 and I set my current time to 18:01 so it should search the 18:00 ti... by mathiasy123 Path Finder in Splunk Search 07-08-2020 0 10	0	10
Error with Search Scheduler Hi Splunk users, After I successfully deployed a Splunk standalone, I see this error message reg Searches skipped: ... by mufthmu Path Finder in Splunk Search 07-08-2020 0 1	0	1
Question about replace(X,Y,Z) function I'm kind of new in Splunk and found one syntax of replace when I read the official document. Here is the link https:/... by Scott_Wang Explorer in Splunk Search 07-07-2020 0 4	0	4
Extract multiple name value pairs from a field Hello,I have a field that contains the string below. a) There can be fewer/more than the 4 events listed below. b) V... by jbax Engager in Splunk Search 07-07-2020 0 3	0	3
Inconsistent behavior with eval after stats I have this query that matches two types of events, sending a request and receiving an answer. My goal is to take the... by randeepbydesign Engager in Splunk Search 07-07-2020 0 2	0	2
Splunk users won't update in Ldap authentication I can't assign roles to and can't see new users in Splunk search head for last 2 weeks. We have LDAP auth.A part of t... by dunyaelbasan Path Finder in Splunk Search 07-07-2020 0 4	0	4
If I use an automatic lookup to overwrite field values, can it be configured to overwrite only if a match exists? Hello all, The question is self explanatory I think. I've seen similar questions that are resolved with an eval, but... by andrewtrobec Motivator in Splunk Search 07-07-2020 0 4	0	4
compare timestamp splunk and timestamp logs HelloI noticed a lot of the events not the same timestamp as Splunk. Can you tell me how I can compare the date of th... by dfall Loves-to-Learn in Splunk Search 07-07-2020 0 1	0	1
How to do RIGHT OUTER JOIN with Lookup table? Events stream has ID field in every record. There is a lookup table with a small subset of IDs.The task is to calcul... by pm771 Communicator in Splunk Search 07-07-2020 0 2	0	2
rex command to extract [2020-07-07 12:40:01+0200] workspace_sandbox RUNNING pid 17159, uptime 21 days, 21:43:58 i have this line of log but ... by sphiwee Contributor in Splunk Search 07-07-2020 0 5	0	5