Splunk Search

Community Activity

Regex and Windows XML log events Hi everyone, I was attempting to utilize this dashboard, but am having difficulty populating the user accounts. ht... by mysicksi Path Finder in Splunk Search 05-22-2020 0 2	0	2
How to get the 10 min values of a column by another column? I am trying to do something like this: \| stats limit=10 min(Speed) by customer or \| sort customer, speed \| head(... by alexandrerichar Explorer in Splunk Search 05-22-2020 0 4	0	4
when the machine was build or when the machine started communicating to Splunk I got regular question from auditors. we have 100 machines,Machine1Machine2....Machine100 and auditor asked to run/se... by brpsingara Explorer in Splunk Search 05-22-2020 0 2	0	2
Count of url hits for particular set of users i have set of users x,y,z and few url regex a,b,c. I need to know how many time these users hit the url regex in cha... by aditya22 New Member in Splunk Search 05-22-2020 0 12	0	12
Can you use tstats to get daily index or indexer volume? Just wondering if its possible to get data volume / size from TSTATS. I know you can do something like this to get c... by Glasses Builder in Splunk Search 05-22-2020 0 3	0	3
How are the lookups updated after entering them in a blacklist? good morning My question is the following, currently working in a cluster environment and these files for splunk... by efaundez Path Finder in Splunk Search 05-22-2020 0 5	0	5
Is there SPL's worst practice? I've seen a lot of join, transaction and append SPLs.Using timechart to show percentage of each time, it's hard. but ... by to4kawa Ultra Champion in Splunk Search 05-22-2020 1 23	1	23
what is the best method to learn and understand the search commands in splunk? I am pretty new to splunk and challenging myself to understand splunk. I am new to splunk and from construction background. challenging myself to do something new. How can you learn, unde... by fortoh New Member in Splunk Search 05-22-2020 0 2	0	2
drilldown of pie chart by business unit I'm currently trying to build a dashboard that would drill down by site name. Here's an example of the site name: AB... by payton_tayvion Path Finder in Splunk Search 05-21-2020 0 2	0	2
Juniper firewall search time field extraction not working "sometimes" Hello, I need help fixing an issue with search time field extractions in juniper fw logs (very chatty). The issue i... by Jarohnimo Builder in Splunk Search 05-21-2020 0 6	0	6
How to search for numbers appearing only after letters in a field? I have a field called CARDFILOGO and I want to search it for ones that start with "JU" and end in numbers. I do not w... by PDXKiel Path Finder in Splunk Search 05-21-2020 0 8	0	8
How to create a search to get number of events for HTTP status code? Hi All, I have the logs below and need to get an HTTP status code count. 10.176.242.7 - app [21/May/2020:16:09:01 +... by rajawccm16 Engager in Splunk Search 05-21-2020 0 1	0	1
Issue with eval in Dashboard XML Source Hey all, Cause of the Y2K bug we recently did an upgrade of our Splunk environment to version 8.0.1 - after this upg... by MERBAG Explorer in Splunk Search 05-21-2020 0 3	0	3
Geo Stats: Change color of description popup in geo stats I have used the geostats command to show the number of blackouts and brownouts by country and have set the pie chart ... by hawifaris Loves-to-Learn in Splunk Search 05-21-2020 0 4	0	4
want to use append instead of join Hello everyone, I just want to use append instead of a join. My code is index="yut" sourcetype="test" cd IN(*) ... by hrs2019 Path Finder in Splunk Search 05-21-2020 0 3	0	3
Sending entity names in the email triggered from Correlation Searches. Hi Team, I have a KPI with split by entity say "Ent1". I have made a correlation search using this KPI and in the tr... by veerendra_modi Loves-to-Learn in Splunk Search 05-21-2020 0 2	0	2
eval or rex help Message="Internal event: Function ldap_search entered.SID: S-1-5-18Source IP: 127.0.0.1:25855Operation identifier: 68... by keyu921 Explorer in Splunk Search 05-21-2020 0 5	0	5
How to show the whole text in a table column while hovering on it ? I want to display the text of a column of a table in one line. After hover to it, it should show whole the descriptio... by patra966 Path Finder in Splunk Search 05-20-2020 0 0	0	0
Help building regex for searches based on cs_username field. I'm having no luck building a regex to match cs_usernames. What I'm looking for are two separate searches both base... by Vfinney Observer in Splunk Search 05-20-2020 0 2	0	2
Timechart glich with column VALUE Got a cenario where timechart returned me a column named 'VALUE' where I don't have a value=VALUE in my logs as part ... by gorosco Engager in Splunk Search 05-20-2020 0 2	0	2
srchMaxTime default unit in authorize.conf Hello guys, is it OK to use srchMaxTime = 9000, it looks like it does 9000 seconds? In authorize.conf doc it asks f... by splunkreal Motivator in Splunk Search 05-20-2020 0 2	0	2
How to return a single value from a subsearch into eval Part 2 I found a different answer article with an example of what I'm trying to do, but I can't get it to work on my end. I... by hollybross1219 Path Finder in Splunk Search 05-20-2020 0 1	0	1
How to create search for daily license usage report per host? Hi All, I need to create a Splunk License usage report on a daily basis for all the reporting hosts. Can someone ple... by nnimbe1 Path Finder in Splunk Search 05-20-2020 0 2	0	2
Filter results based on aggregates (Another question of Splunk's way to emulate SQL's "HAVING" ) My goal is to design an alert that will populate a table of raw results, but only when certain evaluation aggregates ... by hollybross1219 Path Finder in Splunk Search 05-20-2020 0 5	0	5
Crowdstrike TA error Hi, Running into this error trying to setup the Streaming API: 04-03-2020 11:37:21.473 +0000 INFO TcpOutputProc - ... by warrenkobalt New Member in Splunk Search 05-20-2020 0 2	0	2