Splunk Search

Community Activity

Lookup table help Hello all,Looking for some help integrating a lookup table into my failed login search. What I am trying to achieve i... by tkerr357 Observer in Splunk Search 07-07-2020 0 2	0	2
Not showing data for a particular sourcetype Events are not getting generated after the date 15th June, 2019 for the following query.index=webmethods_prd sourcety... by pratapa Explorer in Splunk Search 07-07-2020 0 16	0	16
splunk and task manager hello i begin with splunk and i have Something complex to need i need to index the data coming from the Windows task... by jip31 Motivator in Splunk Search 07-07-2020 0 2	0	2
Genesys log sourcetype Anyone come up with a custom sourcetype for Genesys Application logs. ? by Stav Loves-to-Learn Lots in Splunk Search 07-06-2020 0 0	0	0
Replace entire string if it contains partial string Can anyone tell me how I would replace entire strings if they contain partial strings. As a basic example, in my sear... by darls15 Explorer in Splunk Search 07-06-2020 0 2	0	2
Extract numeric values with in a field We have a field called number and the field number has both alpha and numeric values like "number=AVAILABLE=25 USD;" ... by iamsplunker Communicator in Splunk Search 07-06-2020 0 1	0	1
How to "UnZip" the result of `timechart count by`? My base query:index=... sourcecode=... \| timechart span=1m count as number by name useother=f In the result I hav... by pm771 Communicator in Splunk Search 07-06-2020 0 1	0	1
How to extract values from a JSON like string? I am having data like this in my Splunk and I wanted to extract the value of status which is Active.How can I do it w... by kotig Path Finder in Splunk Search 07-06-2020 0 6	0	6
How to get SPL to exclude results that do not contain a string in multiple fields? I am trying to tune an alert but need to only exclude if 2 of three fields do not contain a string. My goal is too t... by byeb1264 Explorer in Splunk Search 07-06-2020 1 2	1	2
How to add several maps to a dashboard? Hello, Trying to add several maps to a dashboard. One map for each continent, except North America. How do I lock a d... by genesiusj Builder in Splunk Search 07-06-2020 0 1	0	1
Why I am getting avg() alway empty? Hi everyone,I am unable to calculate average of the given values. However, I am getting values corresponding to min()... by Kazi1 Explorer in Splunk Search 07-06-2020 0 4	0	4
How to get custom search command to run local on search head I'm trying to use the python sdk to build a custom search command. In my commands.conf, I have "chunked = true" set. ... by scottsavareseat Path Finder in Splunk Search 07-06-2020 1 3	1	3
How to run a search on a config file contents We see lots of alerts right now. So I thought I would develop a dashboard that quickly searches through the alert co... by chris94089 Path Finder in Splunk Search 07-06-2020 0 1	0	1
How to create a dashboard showing timelines of stats count for last 24 hours across multiple devices? Good morning! I noticed today that a couple of my devices stopped sending logs to Splunk a couple of hours ago. I wan... by rogueakula Explorer in Splunk Search 07-06-2020 0 4	0	4
replace String issue Hello!I’m trying to replace product codes with product names like\| replace “A1” with “Apple”, “A2” with “Grape”, “A3”... by maxmukimov Explorer in Splunk Search 07-06-2020 0 2	0	2
How to exclude multiple values from a field in search? Here is my search: index=database action_id="CR" OR action_id="AL" database_name= "test" NOT (server_principal_name =... by rnikam1412 Loves-to-Learn Everything in Splunk Search 07-06-2020 0 1	0	1
How to get event count from current hour and previous hour by sourcetype and server/host The goal is to compare the events from this hour vs the past hour. And then display a table by sourcetype, host, perc... by catherineang New Member in Splunk Search 07-06-2020 0 5	0	5
Use timepicker earliest and latest as epoch time I have the same problem as in the link below: [https://answers.splunk.com/answers/336929/how-can-i-get-time-picker-e... by christoffertoft Communicator in Splunk Search 07-06-2020 0 12	0	12
Masking an email address at the search head level Good afternoon,I am trying to Masking an email address at the search head level I have tried using Rex and sed but ca... by joe06031990 Communicator in Splunk Search 07-06-2020 0 3	0	3
how to only check events from the latest source file I have a boat load of log files, whose name contains the timestamp, like this : /DATA/show_cpu.2016101908.gz /DATA/s... by gent79 Observer in Splunk Search 07-06-2020 0 4	0	4
Timechart using Subsearch to set Span I'm trying to use a Subsearch to set the span parameter in timechart - other posts have suggested something like this... by moogmusic Path Finder in Splunk Search 07-06-2020 0 4	0	4
Query question between 2 indexes Hi Guys,Can i check how can i craft the query given the following condition.I have 2 indexes IndexA and IndexB with t... by christay New Member in Splunk Search 07-06-2020 0 1	0	1
Searching in an index ingested from database tables Dear Splunkers,I am trying to achieve below and would like to ask for help in suggestions, solutions or pointers for ... by Sunil2020 Explorer in Splunk Search 07-06-2020 0 4	0	4
How to extract from multivalue field result Hi,Below is the result from my transaction command. How do I extract only one date from the multiple dates below?I o... by Noob_splunker Explorer in Splunk Search 07-05-2020 0 5	0	5
Chart will not show all the values from my search. Doing a search that has a wide range of return values... and the largest one will not display on my chart! I have 7 e... by joesrepsolc Communicator in Splunk Search 07-04-2020 0 4	0	4