Splunk Search

Community Activity

How are the lookups updated after entering them in a blacklist? good morning My question is the following, currently working in a cluster environment and these files for splunk... by efaundez Path Finder in Splunk Search 05-22-2020 0 5	0	5
Is there SPL's worst practice? I've seen a lot of join, transaction and append SPLs.Using timechart to show percentage of each time, it's hard. but ... by to4kawa Ultra Champion in Splunk Search 05-22-2020 1 23	1	23
what is the best method to learn and understand the search commands in splunk? I am pretty new to splunk and challenging myself to understand splunk. I am new to splunk and from construction background. challenging myself to do something new. How can you learn, unde... by fortoh New Member in Splunk Search 05-22-2020 0 2	0	2
drilldown of pie chart by business unit I'm currently trying to build a dashboard that would drill down by site name. Here's an example of the site name: AB... by payton_tayvion Path Finder in Splunk Search 05-21-2020 0 2	0	2
Juniper firewall search time field extraction not working "sometimes" Hello, I need help fixing an issue with search time field extractions in juniper fw logs (very chatty). The issue i... by Jarohnimo Builder in Splunk Search 05-21-2020 0 6	0	6
How to search for numbers appearing only after letters in a field? I have a field called CARDFILOGO and I want to search it for ones that start with "JU" and end in numbers. I do not w... by PDXKiel Path Finder in Splunk Search 05-21-2020 0 8	0	8
How to create a search to get number of events for HTTP status code? Hi All, I have the logs below and need to get an HTTP status code count. 10.176.242.7 - app [21/May/2020:16:09:01 +... by rajawccm16 Engager in Splunk Search 05-21-2020 0 1	0	1
Issue with eval in Dashboard XML Source Hey all, Cause of the Y2K bug we recently did an upgrade of our Splunk environment to version 8.0.1 - after this upg... by MERBAG Explorer in Splunk Search 05-21-2020 0 3	0	3
Geo Stats: Change color of description popup in geo stats I have used the geostats command to show the number of blackouts and brownouts by country and have set the pie chart ... by hawifaris Loves-to-Learn in Splunk Search 05-21-2020 0 4	0	4
want to use append instead of join Hello everyone, I just want to use append instead of a join. My code is index="yut" sourcetype="test" cd IN(*) ... by hrs2019 Path Finder in Splunk Search 05-21-2020 0 3	0	3
Sending entity names in the email triggered from Correlation Searches. Hi Team, I have a KPI with split by entity say "Ent1". I have made a correlation search using this KPI and in the tr... by veerendra_modi Loves-to-Learn in Splunk Search 05-21-2020 0 2	0	2
eval or rex help Message="Internal event: Function ldap_search entered.SID: S-1-5-18Source IP: 127.0.0.1:25855Operation identifier: 68... by keyu921 Explorer in Splunk Search 05-21-2020 0 5	0	5
How to show the whole text in a table column while hovering on it ? I want to display the text of a column of a table in one line. After hover to it, it should show whole the descriptio... by patra966 Path Finder in Splunk Search 05-20-2020 0 0	0	0
Help building regex for searches based on cs_username field. I'm having no luck building a regex to match cs_usernames. What I'm looking for are two separate searches both base... by Vfinney Observer in Splunk Search 05-20-2020 0 2	0	2
Timechart glich with column VALUE Got a cenario where timechart returned me a column named 'VALUE' where I don't have a value=VALUE in my logs as part ... by gorosco Engager in Splunk Search 05-20-2020 0 2	0	2
srchMaxTime default unit in authorize.conf Hello guys, is it OK to use srchMaxTime = 9000, it looks like it does 9000 seconds? In authorize.conf doc it asks f... by splunkreal Influencer in Splunk Search 05-20-2020 0 2	0	2
How to return a single value from a subsearch into eval Part 2 I found a different answer article with an example of what I'm trying to do, but I can't get it to work on my end. I... by hollybross1219 Path Finder in Splunk Search 05-20-2020 0 1	0	1
How to create search for daily license usage report per host? Hi All, I need to create a Splunk License usage report on a daily basis for all the reporting hosts. Can someone ple... by nnimbe1 Path Finder in Splunk Search 05-20-2020 0 2	0	2
Filter results based on aggregates (Another question of Splunk's way to emulate SQL's "HAVING" ) My goal is to design an alert that will populate a table of raw results, but only when certain evaluation aggregates ... by hollybross1219 Path Finder in Splunk Search 05-20-2020 0 5	0	5
Crowdstrike TA error Hi, Running into this error trying to setup the Streaming API: 04-03-2020 11:37:21.473 +0000 INFO TcpOutputProc - ... by warrenkobalt New Member in Splunk Search 05-20-2020 0 2	0	2
How do you add a static drop-down for specific field values with conditonal? System OS ABC Windows-Server-2016 ABC Windows-10-Enterprise ABC Mac-OSX DEF Windows Server-2016 DEF Windows Server-2... by UMDTERPS Communicator in Splunk Search 05-20-2020 0 4	0	4
Need to create a search thatshows both success percentage and failure count in dual axis combo chart. Hi, I need to write a search that shows both the success percentage and failure count in a dual axis combo chart. ... by vijaysubramania Path Finder in Splunk Search 05-20-2020 0 2	0	2
Rex mode=sed diff between replace and substitute What are the differences between option "s" and "y"? index=_internal sourcetype=splunkd \| rex mode=sed “s/idx=\d+\.... by ben_leung Builder in Splunk Search 05-20-2020 5 4	5	4
CSV Lookup - Exclusions - Help Required. Hi guys, I'm trying to work out what's wrong with my search (see below). I have a CSV lookup file with a list of nam... by driva Path Finder in Splunk Search 05-20-2020 0 4	0	4
Extract Comma seperated fields I have 3 fields(Key, Version, Date) seperated by comma and records(can be many) seperated by ;(semicolon). Example... by rsantkumar Observer in Splunk Search 05-20-2020 0 2	0	2