Splunk Search

Community Activity

Failed Login to Locked out account I am trying to identify an event that fires when a login has been attempted to a previously locked account. I am not ... by mihall Path Finder in Splunk Search 06-03-2020 1 8	1	8
How to create an area chart that displays an average of data over time, using timechart and stats commands? I am trying to make an area chart which shows the average size of the parsing queue over time. I would like to add a ... by DEAD_BEEF Builder in Splunk Search 06-03-2020 0 0	0	0
Streamed search execute failed because: Error in 'rex' command: regex="TextData=(?P.);NTCanonicalUserName" has exceeded configured match_limit, consider raising the value in limits.conf. Trying to extract the actual query sourcetype=extendedevent EventClass=QUERY_END \| rex "TextData=(?P.);NTCanonica... by dpatiladobe Explorer in Splunk Search 06-03-2020 0 2	0	2
How do I pass an input parameter to the search string of another input? I have multiple inputs in the dashboard. The first input is for various environments (hard coded). And the second inp... by srizan Path Finder in Splunk Search 06-03-2020 0 3	0	3
String matches I have an events for each device with multiple checks as below and i want to find the device count which has "Pass" o... by dustintroop Explorer in Splunk Search 06-03-2020 0 3	0	3
How to build an alert based on status code? Hi,i have 10 stats codes from 200 to 210, i need to set up an alert. That alert will look at the last 10 mins, if a s... by vemurisurya Path Finder in Splunk Search 06-03-2020 1 18	1	18
Two overlays, using different time span I have the following timechart, that I display in a column chart, where I use the average value as an overlay. timech... by robingg New Member in Splunk Search 06-03-2020 0 0	0	0
Modifying x-axis format I am trying to re-format the x-axis time to read cleaner. Here is my spl:index="servers" source="/var/log/secure" act... by user789 New Member in Splunk Search 06-03-2020 0 5	0	5
How to identify drops in traffic with bucket and streamstats? Hi guys, I am making a really cool alert to identify drops in traffic. At the moment I am searching over a 10 minute ... by tomjones101 Explorer in Splunk Search 06-03-2020 0 9	0	9
To check logs and the status Hi, I would like to run a search,which gives me the list of host with status' - normal,warning and critical Where Cri... by prettysunshinez Explorer in Splunk Search 06-03-2020 0 2	0	2
Problems with average duration Hi,folks. I trying timechart the average duration but the I'm not get the average values for all spa's of times. The ... by mattheuslima Explorer in Splunk Search 06-02-2020 0 1	0	1
How to extract only one value in a regex search? How do I get only the value that is before the ms? Remember that this log is multiline, each statement is an event. ... by leandrodematosp New Member in Splunk Search 06-02-2020 0 2	0	2
Splunk query issue Dear All, I have two columns Id and relationalId below is the sample of it. Id CorrelationalId 1 2 2 3 ... by santosh11 New Member in Splunk Search 06-02-2020 0 4	0	4
Questions about inclusion and exclusion in relation to field extraction? Hello, I have two questions that are quite confusing to me, can you please explain this to me in layman terms? Field ... by hjainreddy New Member in Splunk Search 06-02-2020 0 2	0	2
Using timechart command isn't working for renaming. Hello,When using timechart without a BY this works. index IN (idx) AND host IN (server) AND source IN (ssl_ac... by genesiusj Builder in Splunk Search 06-02-2020 0 7	0	7
How to Top 10 table from Index-A and match hostnames in index-B? Hi, I am trying to get the top 10 table from Index-A to have corresponding asset information from Index-B as additio... by munisb Explorer in Splunk Search 06-02-2020 0 3	0	3
Is it possible to use wildcards in tag definitions? Hi, is it possible to use a wildcard in the field value pair settings? This way doesn't work for me: field value pair... by HeinzWaescher Motivator in Splunk Search 06-02-2020 2 3	2	3
Unable to get the correct min and max values. I'm a newbie as far as Splunk is concerned with modest regex skills. We have events with the following patterns fall... by maverick2701 Engager in Splunk Search 06-02-2020 1 2	1	2
Can you explain the syntax of the foreach command beyond what's in the Docs? Hi, I'm trying to understand the syntax of foreach, I've had a look at the documentation, but it's just too difficult... by mahbs Path Finder in Splunk Search 06-02-2020 0 8	0	8
Issue with real-time searches for metadata running because of ui-prefs.conf settings. When we launch Splunk Home or Search page, there is this metadata that runs in real-time eating up our resources avai... by simranrathi123 Engager in Splunk Search 06-02-2020 0 0	0	0
Error when trying to add token to limit table results in a search? I recreated the dashboard using the report search and have the search returning all of the table results. I have an i... by 3618475 Engager in Splunk Search 06-02-2020 0 3	0	3
CEF app, Create output group button missing in New CEF Output step during CEF output app creation We are trying to use the CEF App, to create a new Output App to be deployed to our two indexers. However during the "... by cku1 Engager in Splunk Search 06-02-2020 0 1	0	1
multisearch Dear, couple hours i am trying to get: i have one log with no similar way of words in one line... because of that i ... by vmicovic2 Explorer in Splunk Search 06-02-2020 0 17	0	17
How to separate fields and create a pie chart of status count? Hi Splunkers, Please guide us on the requirement below: Input: server, env, req no, input field,status host-1,PROD,16... by thaara Explorer in Splunk Search 06-02-2020 0 6	0	6
How to create a search that compares two log files and displays results in a table format? I have below 2 log files with 4 identical columns and in that, status is different: Status1.log host1,PROD,1666680,mo... by thaara Explorer in Splunk Search 06-02-2020 1 11	1	11