Splunk Search

Community Activity

CEF app, Create output group button missing in New CEF Output step during CEF output app creation We are trying to use the CEF App, to create a new Output App to be deployed to our two indexers. However during the "... by cku1 Engager in Splunk Search 06-02-2020 0 1	0	1
multisearch Dear, couple hours i am trying to get: i have one log with no similar way of words in one line... because of that i ... by vmicovic2 Explorer in Splunk Search 06-02-2020 0 17	0	17
How to separate fields and create a pie chart of status count? Hi Splunkers, Please guide us on the requirement below: Input: server, env, req no, input field,status host-1,PROD,16... by thaara Explorer in Splunk Search 06-02-2020 0 6	0	6
How to create a search that compares two log files and displays results in a table format? I have below 2 log files with 4 identical columns and in that, status is different: Status1.log host1,PROD,1666680,mo... by thaara Explorer in Splunk Search 06-02-2020 1 11	1	11
Using fieldformat and rename Hey there, I'm trying to do two things and it looks like I can't. I have some fields with ugly names like "Current_Su... by tyleraball Engager in Splunk Search 06-02-2020 5 9	5	9
Link to search in new tab Hi Team, Link to search on a new tab for raw events when we click on a particular value in the line chart? Is it po... by manish_singh_77 Builder in Splunk Search 06-02-2020 0 8	0	8
Two evals in one query , query not returning results Hi All, I have the following query with 5 source types and 2 evals in one query, common field between source types i... by msrama5 Explorer in Splunk Search 06-02-2020 0 1	0	1
Streamstats change state count Hi below is my sample data- Date source State 29-05-20 01:00:00 abc ... by ips_mandar Builder in Splunk Search 06-02-2020 0 4	0	4
How to extract two values from a string using regex? I'm requesting help constructing a regular expression for the following: I need to extract two values from the string... by pc1234 Explorer in Splunk Search 06-02-2020 0 4	0	4
Remove host name in Account_Name field When people RDP into a server, the results I am getting into splunk is Account_Name=Sever1$ Account_Name = jdoe. Whe... by Becherer Explorer in Splunk Search 06-02-2020 0 1	0	1
How do I change field names (extracted field name) to field values? I have a json structure that contains an object map: { "correlation_id": "f9535d13-f75b-4dd7-8c39-1e77b1559afe", ... by vasugazula New Member in Splunk Search 06-01-2020 0 1	0	1
Extracting a field thats not recognized My rawdata from log is below METHOD="POST" URI="CALLOUT-LOG" USER_ID_DERIVED="00532000004sefcAAA" EVENT_TYPE="ApexCa... by venkatachalamvi New Member in Splunk Search 06-01-2020 0 2	0	2
Filter out events based on other events WITHOUT using JOIN/Subsearch I have a index named Events Example events: AccountCreated { "AccountId": 1234, "EventName": "AccountCreated", ... by joseftw Explorer in Splunk Search 06-01-2020 0 6	0	6
Help regex for masking Hi, Can someone please help me regex a password field to mask data? I've been trying to figure out how to mask the pa... by mishutts Explorer in Splunk Search 06-01-2020 0 3	0	3
How to extract a key and value from the json data? Hi all, I am not able to extract the below-given value from the JSON file fields are "initiator": test_abce, "re... by hrs2019 Path Finder in Splunk Search 06-01-2020 0 2	0	2
How can i make my chart overlay use the same axis? I have my search query being as such where I am displaying the tickets, flowing in and out. Now, i want to put a line... by tarini_r New Member in Splunk Search 06-01-2020 0 0	0	0
What if Same input (Modular Input) is rescheduled and first one is still running...? What if Same input is rescheduled and first one is still running.. option A -> First one stops, Second one Starts op... by manan_amin Explorer in Splunk Search 06-01-2020 0 0	0	0
How to use timechart command across time ranges I have a query in splunk index = * STATUS_CODE earliest=-2mon@mon latest=-1mon@mon \| fields STATUS_CODE \| rex field=_... by sudeep5689 Explorer in Splunk Search 06-01-2020 0 1	0	1
How to use timechart span I have a query in splunk index = * STATUS_CODE earliest=-2mon@mon latest=-1mon@mon \| fields STATUS_CODE \| rex field=_... by sudeep5689 Explorer in Splunk Search 06-01-2020 0 1	0	1
use inputlookup to get data HelloI'm running this query: index=prod eventtype="csm-messages-dhcpd-lpf-eth0-listening" OR eventtype="csm-messages-... by sarit_s Communicator in Splunk Search 06-01-2020 0 2	0	2
new column Rank Based on events ComputerName Events Rank ABC 320 1 BCD 229 2 CDE 120 3 need to create rank Column based on ... by shivareddysompa Explorer in Splunk Search 06-01-2020 0 5	0	5
splunk query help index=ABC Check!=D \| stats count by Device Check I am using this query and getting Device and Related Checks repor... by surekhasplunk Communicator in Splunk Search 05-31-2020 0 1	0	1
how to create index of new device data source in splunk enterprise ? and how to create its fields by extracting fields using regex? Greetings!! how to create index of the new device data source in Splunk enterprise 7.2.6 in Linux? and how to create ... by pacifikn Communicator in Splunk Search 05-30-2020 0 2	0	2
Get last two http status for every subpage Hello, I need to query all last two http status for every page (extracted from URI) For example for this log: ip_addr... by ezoteriusz Engager in Splunk Search 05-30-2020 0 1	0	1
How to change colors on bars of a chart according to column values? I want to apply different colors on different bars according to my Column values.My column values are: A,B,C. These w... by nagar57 Communicator in Splunk Search 05-30-2020 0 4	0	4