Splunk Search

Community Activity

Trouble creating a search to return other events that happened within a time period of a subsearch I'm trying to write a query that search for a users ID, shows what buildings they have accessed and who else has acce... by aaronnash Engager in Splunk Search 05-05-2020 0 5	0	5
Issue with strptime I am trying to convert a date / time into 24 hour format using strptime. Here's the example: OpenedAt = 5/4/2019 9:04... by sethinkbold Engager in Splunk Search 05-05-2020 0 2	0	2
FilesystemChangeWatcher : The device is not ready We are trying to monitor a lot of systems that have various configurations of drives, (C:disk  cdrom, c:disk d: disk... by troywollenslege Path Finder in Splunk Search 05-05-2020 1 10	1	10
Show percentage on pie chart out of 100% I have event logs with a % in them and I want to break them apart and show them on their own: My event log looks lik... by trever Loves-to-Learn in Splunk Search 05-05-2020 0 2	0	2
How to ignore fill null values in the result? In below scenario i want to ignore two vales are null in the result. index=test \|stats count by ErrorDetail ErrorMes... by karthi2809 Builder in Splunk Search 05-05-2020 0 5	0	5
How to count min max time by user? Hello, I am trying to pull min and max time for each user: index="iptv_rdkb" [\|inputlookup usersfile.csv] \| fields ... by t874560 New Member in Splunk Search 05-05-2020 0 2	0	2
How can I delete search data result incoming within 5 minutes? Hi. When I search a '_time' field, there are two result values like '2020/04/30 18:00' and '2020/04/30 18:03' I just... by tkdguq0110 Path Finder in Splunk Search 05-05-2020 0 8	0	8
How to fill auto-fill missing dates in a time range and fill null with previous value? Hello everyone, I need help with a query. I have a table with the following fields: _time USERNUMB... by srive326 Explorer in Splunk Search 05-05-2020 0 7	0	7
Architecture Can Deployer and Deployment server be on a Single instance? What are Management servers in Splunk? by revanthammineni Path Finder in Splunk Search 05-05-2020 0 3	0	3
Field aliasing using host tags I am looking to alias several field names from multiple sources/hosts with an alias of 'Username'. When looking in t... by pj Contributor in Splunk Search 05-05-2020 0 5	0	5
Subsearch map command doesn't work I have a query that uses map and subsearch inside map command as below: host="X" booking source="Y" Success \| ded... by slipinski Path Finder in Splunk Search 05-05-2020 0 12	0	12
Unable to input zipped csv files from .gz Hi All, I am unable to index .gz files which has csv file. Can you guys please help 04-16-2019 03:11:28.982 -0400 INF... by hethaishibk New Member in Splunk Search 05-05-2020 0 3	0	3
Rex to match fields until particular string Hi, I'm using expression: (?ms)book.(?\d{7}-\d) to extract some numbers from this input (thanks @to4kawa ) : " ne... by slipinski Path Finder in Splunk Search 05-05-2020 0 2	0	2
Filter Events based on lookup file contents Hey All, I am attempting to write a search that looks for AD group add/removals for specific groups executed by spec... by adalbor Builder in Splunk Search 05-05-2020 0 8	0	8
Using lookups, determine if search is null. I have a lookup table where the columns are formatted as follows: Location, Vendor, dns_name, host-ip, host-short-na... by OldManEd Builder in Splunk Search 05-05-2020 0 6	0	6
IOC Inputlookup Hi , my goal is to detect if there is any matches with my custom Domain_IOC.csv list and display additional column f... by zayedaljaberi Engager in Splunk Search 05-05-2020 0 7	0	7
validate that index is not being queried in splunk Good afternoon I can validate in the MC which index have events and which do not, but is it possible to know whic... by efaundez Path Finder in Splunk Search 05-05-2020 0 1	0	1
duration calculator with current time Need help in find a query to get the duration of the alert w.r.t the current time. Current code am using: index=o... by jerinvarghese Communicator in Splunk Search 05-05-2020 0 1	0	1
How to set class for different fields using JavaScript for changing font color and background color in Splunk table? Hi i am new to Splunk/JavaScript, Need your help for reducing my code, i have created two class for 2 fields, likewis... by 812456 New Member in Splunk Search 05-05-2020 0 1	0	1
Some fields with >90% coverage disappear randomly between searches So this is a prerequisite-free kind of question about a field disappearing from "All Fields" section. By prerequisite... by funghorn Explorer in Splunk Search 05-05-2020 0 2	0	2
customize the chart display on selecting value from static multiselect option HI, I am trying to implement customized chart views, to state the issue I have static multi select input with token... by vikashperiwal Path Finder in Splunk Search 05-05-2020 0 6	0	6
Search Same URLs between two endpoints, each endpoint different time range I'm trying to find what URLs are the same that two endpoints went to, but at different times. Example: What URLs di... by pkohn117 Explorer in Splunk Search 05-05-2020 0 0	0	0
Bank holiday exclusion from search query HI All, I have a search query that needs to be excluded to run on a bank holiday. I have created a holidays.csv fil... by ashrafsj Path Finder in Splunk Search 05-05-2020 0 2	0	2
Discrepancies between metadata and tstats latest time results I'm trying to figure out which search will most accurately tell me when events with future timestamps are being detec... by merch_sf Engager in Splunk Search 05-05-2020 0 3	0	3
Alternate to EventStats \| Using EventStats for a longer duration results in data loss Hi Team, Is there an alternative to count all the events to 'eventstats' using it results in data loss if exceed the... by nishantberiwal New Member in Splunk Search 05-05-2020 0 6	0	6