Splunk Search

Community Activity

Dynamic lookup - how to remove entries? Hello,I have following issue:I have VPN GW used to remote connecting of users, this GW sends log to Splunk. I would l... by lukasmecir Path Finder in Splunk Search 07-08-2020 0 2	0	2
Search for IP Addresses more efficient using wildcards or CIDR ranges Hello I'm looking to run a search in a Firewall log index for connections to a know IP range and trying to decide whi... by andylee53 New Member in Splunk Search 07-08-2020 0 3	0	3
Search Data 1 Minute Ago I have data that has _time from 18:00:20-18:00:52 and I set my current time to 18:01 so it should search the 18:00 ti... by mathiasy123 Path Finder in Splunk Search 07-08-2020 0 10	0	10
Error with Search Scheduler Hi Splunk users, After I successfully deployed a Splunk standalone, I see this error message reg Searches skipped: ... by mufthmu Path Finder in Splunk Search 07-08-2020 0 1	0	1
Question about replace(X,Y,Z) function I'm kind of new in Splunk and found one syntax of replace when I read the official document. Here is the link https:/... by Scott_Wang Explorer in Splunk Search 07-07-2020 0 4	0	4
Extract multiple name value pairs from a field Hello,I have a field that contains the string below. a) There can be fewer/more than the 4 events listed below. b) V... by jbax Engager in Splunk Search 07-07-2020 0 3	0	3
Inconsistent behavior with eval after stats I have this query that matches two types of events, sending a request and receiving an answer. My goal is to take the... by randeepbydesign Engager in Splunk Search 07-07-2020 0 2	0	2
Splunk users won't update in Ldap authentication I can't assign roles to and can't see new users in Splunk search head for last 2 weeks. We have LDAP auth.A part of t... by dunyaelbasan Path Finder in Splunk Search 07-07-2020 0 4	0	4
If I use an automatic lookup to overwrite field values, can it be configured to overwrite only if a match exists? Hello all, The question is self explanatory I think. I've seen similar questions that are resolved with an eval, but... by andrewtrobec Motivator in Splunk Search 07-07-2020 0 4	0	4
compare timestamp splunk and timestamp logs HelloI noticed a lot of the events not the same timestamp as Splunk. Can you tell me how I can compare the date of th... by dfall Loves-to-Learn in Splunk Search 07-07-2020 0 1	0	1
How to do RIGHT OUTER JOIN with Lookup table? Events stream has ID field in every record. There is a lookup table with a small subset of IDs.The task is to calcul... by pm771 Communicator in Splunk Search 07-07-2020 0 2	0	2
rex command to extract [2020-07-07 12:40:01+0200] workspace_sandbox RUNNING pid 17159, uptime 21 days, 21:43:58 i have this line of log but ... by sphiwee Contributor in Splunk Search 07-07-2020 0 5	0	5
Preciso tirar duplicação de um tabela usando o DEDUP Estou com este comandoindex = raw_maximo GR_RESP = STATUS "OPERACAO MAINFRAME"! = Cancelado \| contagem de estatística... by Marcosecpinheir New Member in Splunk Search 07-07-2020 0 1	0	1
Lookup table help Hello all,Looking for some help integrating a lookup table into my failed login search. What I am trying to achieve i... by tkerr357 Observer in Splunk Search 07-07-2020 0 2	0	2
Not showing data for a particular sourcetype Events are not getting generated after the date 15th June, 2019 for the following query.index=webmethods_prd sourcety... by pratapa Explorer in Splunk Search 07-07-2020 0 16	0	16
splunk and task manager hello i begin with splunk and i have Something complex to need i need to index the data coming from the Windows task... by jip31 Motivator in Splunk Search 07-07-2020 0 2	0	2
Genesys log sourcetype Anyone come up with a custom sourcetype for Genesys Application logs. ? by Stav Loves-to-Learn Lots in Splunk Search 07-06-2020 0 0	0	0
Replace entire string if it contains partial string Can anyone tell me how I would replace entire strings if they contain partial strings. As a basic example, in my sear... by darls15 Explorer in Splunk Search 07-06-2020 0 2	0	2
Extract numeric values with in a field We have a field called number and the field number has both alpha and numeric values like "number=AVAILABLE=25 USD;" ... by iamsplunker Communicator in Splunk Search 07-06-2020 0 1	0	1
How to "UnZip" the result of `timechart count by`? My base query:index=... sourcecode=... \| timechart span=1m count as number by name useother=f In the result I hav... by pm771 Communicator in Splunk Search 07-06-2020 0 1	0	1
How to extract values from a JSON like string? I am having data like this in my Splunk and I wanted to extract the value of status which is Active.How can I do it w... by kotig Path Finder in Splunk Search 07-06-2020 0 6	0	6
How to get SPL to exclude results that do not contain a string in multiple fields? I am trying to tune an alert but need to only exclude if 2 of three fields do not contain a string. My goal is too t... by byeb1264 Explorer in Splunk Search 07-06-2020 1 2	1	2
How to add several maps to a dashboard? Hello, Trying to add several maps to a dashboard. One map for each continent, except North America. How do I lock a d... by genesiusj Builder in Splunk Search 07-06-2020 0 1	0	1
Why I am getting avg() alway empty? Hi everyone,I am unable to calculate average of the given values. However, I am getting values corresponding to min()... by Kazi1 Explorer in Splunk Search 07-06-2020 0 4	0	4
How to get custom search command to run local on search head I'm trying to use the python sdk to build a custom search command. In my commands.conf, I have "chunked = true" set. ... by scottsavareseat Path Finder in Splunk Search 07-06-2020 1 3	1	3