Splunk Search

Community Activity

need to add 45 days in a field i have a field "add_time" with the values as "05-27-2020 08:57:34.024" i want to create a field which will show 45 da... by vinitpathri Path Finder in Splunk Search 06-03-2020 0 4	0	4
how to search for AWS non-active users with active secret keys? I would like to search for AWS non-active users, who have not logged in or using their Access Key ID for more than 60... by englab New Member in Splunk Search 06-03-2020 0 0	0	0
Can I transfer training course credits from one Splunk account to another? I recently left a company where I had taken some Splunk training through the Splunk account the company gave me.I now... by sbuchenberger New Member in Splunk Search 06-03-2020 0 3	0	3
How to format search for year to date (YTD) and syntax for operators I am currently grabbing a date (openDate, actualenddate) and using strptime in order to reformat it to Splunk's expec... by tmaltizo Path Finder in Splunk Search 06-03-2020 0 4	0	4
How do I loop through a list of regular expression patterns stored in a KV store in a search? I am new to Splunk. The cluster command gives me results that I am looking for and some. I would like to filter th... by govardha Path Finder in Splunk Search 06-03-2020 0 0	0	0
Stats count by when field exists, otherwise use another I am trying to create a dashboard that graphs the parsing queue size for a HF by ingest_pipe. I noticed that most of... by DEAD_BEEF Builder in Splunk Search 06-03-2020 0 3	0	3
need to use Group By here in my result my data Name spent income A 10 20 B 20 40 C 30 60 A 40 8... by shivareddysompa Explorer in Splunk Search 06-03-2020 0 5	0	5
Failed Login to Locked out account I am trying to identify an event that fires when a login has been attempted to a previously locked account. I am not ... by mihall Path Finder in Splunk Search 06-03-2020 1 8	1	8
How to create an area chart that displays an average of data over time, using timechart and stats commands? I am trying to make an area chart which shows the average size of the parsing queue over time. I would like to add a ... by DEAD_BEEF Builder in Splunk Search 06-03-2020 0 0	0	0
Streamed search execute failed because: Error in 'rex' command: regex="TextData=(?P.);NTCanonicalUserName" has exceeded configured match_limit, consider raising the value in limits.conf. Trying to extract the actual query sourcetype=extendedevent EventClass=QUERY_END \| rex "TextData=(?P.);NTCanonica... by dpatiladobe Explorer in Splunk Search 06-03-2020 0 2	0	2
How do I pass an input parameter to the search string of another input? I have multiple inputs in the dashboard. The first input is for various environments (hard coded). And the second inp... by srizan Path Finder in Splunk Search 06-03-2020 0 3	0	3
String matches I have an events for each device with multiple checks as below and i want to find the device count which has "Pass" o... by dustintroop Explorer in Splunk Search 06-03-2020 0 3	0	3
How to build an alert based on status code? Hi,i have 10 stats codes from 200 to 210, i need to set up an alert. That alert will look at the last 10 mins, if a s... by vemurisurya Path Finder in Splunk Search 06-03-2020 1 18	1	18
Two overlays, using different time span I have the following timechart, that I display in a column chart, where I use the average value as an overlay. timech... by robingg New Member in Splunk Search 06-03-2020 0 0	0	0
Modifying x-axis format I am trying to re-format the x-axis time to read cleaner. Here is my spl:index="servers" source="/var/log/secure" act... by user789 New Member in Splunk Search 06-03-2020 0 5	0	5
How to identify drops in traffic with bucket and streamstats? Hi guys, I am making a really cool alert to identify drops in traffic. At the moment I am searching over a 10 minute ... by tomjones101 Explorer in Splunk Search 06-03-2020 0 9	0	9
To check logs and the status Hi, I would like to run a search,which gives me the list of host with status' - normal,warning and critical Where Cri... by prettysunshinez Explorer in Splunk Search 06-03-2020 0 2	0	2
Problems with average duration Hi,folks. I trying timechart the average duration but the I'm not get the average values for all spa's of times. The ... by mattheuslima Explorer in Splunk Search 06-02-2020 0 1	0	1
How to extract only one value in a regex search? How do I get only the value that is before the ms? Remember that this log is multiline, each statement is an event. ... by leandrodematosp New Member in Splunk Search 06-02-2020 0 2	0	2
Splunk query issue Dear All, I have two columns Id and relationalId below is the sample of it. Id CorrelationalId 1 2 2 3 ... by santosh11 New Member in Splunk Search 06-02-2020 0 4	0	4
Questions about inclusion and exclusion in relation to field extraction? Hello, I have two questions that are quite confusing to me, can you please explain this to me in layman terms? Field ... by hjainreddy New Member in Splunk Search 06-02-2020 0 2	0	2
Using timechart command isn't working for renaming. Hello,When using timechart without a BY this works. index IN (idx) AND host IN (server) AND source IN (ssl_ac... by genesiusj Builder in Splunk Search 06-02-2020 0 7	0	7
How to Top 10 table from Index-A and match hostnames in index-B? Hi, I am trying to get the top 10 table from Index-A to have corresponding asset information from Index-B as additio... by munisb Explorer in Splunk Search 06-02-2020 0 3	0	3
Is it possible to use wildcards in tag definitions? Hi, is it possible to use a wildcard in the field value pair settings? This way doesn't work for me: field value pair... by HeinzWaescher Motivator in Splunk Search 06-02-2020 2 3	2	3
Unable to get the correct min and max values. I'm a newbie as far as Splunk is concerned with modest regex skills. We have events with the following patterns fall... by maverick2701 Engager in Splunk Search 06-02-2020 1 2	1	2