Splunk Search

Community Activity

Juniper firewall search time field extraction not working "sometimes" Hello, I need help fixing an issue with search time field extractions in juniper fw logs (very chatty). The issue i... by Jarohnimo Builder in Splunk Search 05-21-2020 0 6	0	6
How to search for numbers appearing only after letters in a field? I have a field called CARDFILOGO and I want to search it for ones that start with "JU" and end in numbers. I do not w... by PDXKiel Path Finder in Splunk Search 05-21-2020 0 8	0	8
How to create a search to get number of events for HTTP status code? Hi All, I have the logs below and need to get an HTTP status code count. 10.176.242.7 - app [21/May/2020:16:09:01 +... by rajawccm16 Engager in Splunk Search 05-21-2020 0 1	0	1
Issue with eval in Dashboard XML Source Hey all, Cause of the Y2K bug we recently did an upgrade of our Splunk environment to version 8.0.1 - after this upg... by MERBAG Explorer in Splunk Search 05-21-2020 0 3	0	3
Geo Stats: Change color of description popup in geo stats I have used the geostats command to show the number of blackouts and brownouts by country and have set the pie chart ... by hawifaris Loves-to-Learn in Splunk Search 05-21-2020 0 4	0	4
want to use append instead of join Hello everyone, I just want to use append instead of a join. My code is index="yut" sourcetype="test" cd IN(*) ... by hrs2019 Path Finder in Splunk Search 05-21-2020 0 3	0	3
Sending entity names in the email triggered from Correlation Searches. Hi Team, I have a KPI with split by entity say "Ent1". I have made a correlation search using this KPI and in the tr... by veerendra_modi Loves-to-Learn in Splunk Search 05-21-2020 0 2	0	2
eval or rex help Message="Internal event: Function ldap_search entered.SID: S-1-5-18Source IP: 127.0.0.1:25855Operation identifier: 68... by keyu921 Explorer in Splunk Search 05-21-2020 0 5	0	5
How to show the whole text in a table column while hovering on it ? I want to display the text of a column of a table in one line. After hover to it, it should show whole the descriptio... by patra966 Path Finder in Splunk Search 05-20-2020 0 0	0	0
Help building regex for searches based on cs_username field. I'm having no luck building a regex to match cs_usernames. What I'm looking for are two separate searches both base... by Vfinney Observer in Splunk Search 05-20-2020 0 2	0	2
Timechart glich with column VALUE Got a cenario where timechart returned me a column named 'VALUE' where I don't have a value=VALUE in my logs as part ... by gorosco Engager in Splunk Search 05-20-2020 0 2	0	2
srchMaxTime default unit in authorize.conf Hello guys, is it OK to use srchMaxTime = 9000, it looks like it does 9000 seconds? In authorize.conf doc it asks f... by splunkreal Motivator in Splunk Search 05-20-2020 0 2	0	2
How to return a single value from a subsearch into eval Part 2 I found a different answer article with an example of what I'm trying to do, but I can't get it to work on my end. I... by hollybross1219 Path Finder in Splunk Search 05-20-2020 0 1	0	1
How to create search for daily license usage report per host? Hi All, I need to create a Splunk License usage report on a daily basis for all the reporting hosts. Can someone ple... by nnimbe1 Path Finder in Splunk Search 05-20-2020 0 2	0	2
Filter results based on aggregates (Another question of Splunk's way to emulate SQL's "HAVING" ) My goal is to design an alert that will populate a table of raw results, but only when certain evaluation aggregates ... by hollybross1219 Path Finder in Splunk Search 05-20-2020 0 5	0	5
Crowdstrike TA error Hi, Running into this error trying to setup the Streaming API: 04-03-2020 11:37:21.473 +0000 INFO TcpOutputProc - ... by warrenkobalt New Member in Splunk Search 05-20-2020 0 2	0	2
How do you add a static drop-down for specific field values with conditonal? System OS ABC Windows-Server-2016 ABC Windows-10-Enterprise ABC Mac-OSX DEF Windows Server-2016 DEF Windows Server-2... by UMDTERPS Communicator in Splunk Search 05-20-2020 0 4	0	4
Need to create a search thatshows both success percentage and failure count in dual axis combo chart. Hi, I need to write a search that shows both the success percentage and failure count in a dual axis combo chart. ... by vijaysubramania Path Finder in Splunk Search 05-20-2020 0 2	0	2
Rex mode=sed diff between replace and substitute What are the differences between option "s" and "y"? index=_internal sourcetype=splunkd \| rex mode=sed “s/idx=\d+\.... by ben_leung Builder in Splunk Search 05-20-2020 5 4	5	4
CSV Lookup - Exclusions - Help Required. Hi guys, I'm trying to work out what's wrong with my search (see below). I have a CSV lookup file with a list of nam... by driva Path Finder in Splunk Search 05-20-2020 0 4	0	4
Extract Comma seperated fields I have 3 fields(Key, Version, Date) seperated by comma and records(can be many) seperated by ;(semicolon). Example... by rsantkumar Observer in Splunk Search 05-20-2020 0 2	0	2
How to filter values to remove attributes from a table? Hello Splunkers, I appended two different searches within Splunk. Then I created a table, and now I need to filter t... by gmartinv New Member in Splunk Search 05-20-2020 0 3	0	3
How to convert tabular data to time series data? I have a lookup file, which is of the format: "Department", "Jan FY20", "Feb FY20", "Mar FY20", "Apr FY20" "Sales", ... by hmallett Path Finder in Splunk Search 05-20-2020 0 6	0	6
How do I extract a comma separated field during search? I have event data in Splunk that look like this: 2013-02-14 11:32:46.4314 app=ws3 sev=INFO mid=1325748 , Fooo, Barr,... by andyk Path Finder in Splunk Search 05-20-2020 0 5	0	5
How to display count from last week and avg from last month on one timechart I'm trying to plot count of errors from last week per day and daily average value from month. The result from query b... by slipinski Path Finder in Splunk Search 05-20-2020 0 7	0	7