Splunk Search

Community Activity

Multi events I have an event as below Names "John\|James\|Jude\|Jenni\|bond\|Tom" How do i get each name as separate event. by johnsasikumar Path Finder in Splunk Search 05-04-2020 0 1	0	1
CSV file index time field extractions - how to ignore the header? Is there schema on write support? Hello, I have the following little csv file: time,interface,utilization 2019-11-03,int_a,100 2019-11-04,int_b,200 ... by kiril123 Path Finder in Splunk Search 05-04-2020 0 2	0	2
How to calculate time difference between 2 events with a matching value in different field? I'm looking to calculate the elapsed time between 2 events of different types that potentially share a common value b... by dfraseman Explorer in Splunk Search 05-04-2020 0 2	0	2
How To Get User Login ID and Login Attempts by Application So I have a list of 11 applications and I want all the user IDs and number of logins attempts for each user over a sp... by SplunkLunk Path Finder in Splunk Search 05-04-2020 0 5	0	5
Detecting outliers query Hi everyone I was reading through "endpoint security analyst with Splunk (online experience)" which you can find her... by muradghazzawi Engager in Splunk Search 05-04-2020 0 6	0	6
Left Outer Join Using NOT clause I'm trying to identify arrangement's in one data source that do not exist in another data source. One of the sources ... by petem3 New Member in Splunk Search 05-04-2020 0 2	0	2
Rex problem Hey I'm trying to extract the values from _time to new fields (Year, Month, Day), in order to compare average of even... by henderz New Member in Splunk Search 05-04-2020 0 3	0	3
How do I use tstats to extract data from a child data set? Hello, I'm trying to use the tstats command within a data model on a data set that has children and grandchildren. ... by andrewtrobec Motivator in Splunk Search 05-04-2020 0 2	0	2
Combine two columns in a table from two separate searches (where one is a subset of the other) I'm currently running the query (changed to a dog-themed query) where I want to join two logs together by the Dog's n... by splunkuser2127 Loves-to-Learn in Splunk Search 05-04-2020 0 2	0	2
Adding Sparkline based on eval variable I have a search which captures data from all the machines on the network and calculates OS Health of each machine (ho... by itssaad14 Engager in Splunk Search 05-04-2020 0 1	0	1
How to pass a value from a search to another search? I have two sources - /var/log/secure - /var/log/audit/audit.log Here is my SPL so far (index=* source="/var/log/se... by xnx_1012 Explorer in Splunk Search 05-04-2020 0 2	0	2
Question on transformation commands Hi All, I need your helping in writing post process & base searches.. My dashboard requires a chart command in the f... by prettysunshinez Explorer in Splunk Search 05-04-2020 0 4	0	4
What is Needed resource for CM, LM, DS, HF, DMC Hi, We plan to deploy Splunk with indexer clustering (with 3 indexers) in our company. We know the hardware requireme... by jg91 Path Finder in Splunk Search 05-04-2020 0 6	0	6
How to calculate cisco asa VPN session duration time Here's the cisco asa logs I have coming in broken down by eventype=cisco_vpn_start and cisco_vpn_end index=csco sour... by johnward4 Communicator in Splunk Search 05-04-2020 0 8	0	8
List of indexes not referenced in the last 30 days I am in need of a query that will list indexes not searched in the last 30 days. by sumaitasiddiky New Member in Splunk Search 05-04-2020 0 1	0	1
Is it possibile to display zero value label on chart? Hello, I've seen similar questions like this one, but not exactly what I'm looking for. I've managed to create bucke... by andrewtrobec Motivator in Splunk Search 05-04-2020 0 3	0	3
Time format for given log Hi Team, What is the Time_Format forTue Sep 17 12:43:09.925775 2019I am not able to get it exactly from the below lin... by VijaySrrie Builder in Splunk Search 05-04-2020 0 3	0	3
Return user who matches only one value in same field I appologize if this is already answered. I'm having trouble figuring out how to even search for it. I am trying to... by mmacdonald70 Explorer in Splunk Search 05-04-2020 0 2	0	2
Question on base search Hi I have the below post process search but little confused on the base search.Kindly help. Post process search: Sea... by prettysunshinez Explorer in Splunk Search 05-04-2020 0 1	0	1
what is " FATAL: Unable to read the job status.?" I am using python sdk to connect with splunk. after running python script I am getting this error . Please help me to... by ajitshukla61116 Path Finder in Splunk Search 05-03-2020 0 1	0	1
auto-arima in arima model i am creating a model for the prediction of license usage in our environment. tried many combination(around 25) of p... by vinitpathri Path Finder in Splunk Search 05-03-2020 1 7	1	7
Compare values of 2 columns in a table I have a table that has 2 columns with Transaction ID's shown by a stats values() as below: \| stats values(E-Transac... by ramonnegronvz New Member in Splunk Search 05-03-2020 0 6	0	6
Match and compare fields with different names and from different sources Ok, so I a trying my best to evaluate the differences between two search results. Search 1 gives me a list of "vm_... by garciajbg Explorer in Splunk Search 05-03-2020 0 10	0	10
how to stats counts if one of the field's value greater than 100 ? Hello, I have ALERT field and in this field has different types ALERT values, so i want filter one of them counts if... by corehan Explorer in Splunk Search 05-03-2020 0 2	0	2
Compare todays data with yesterdays for results from a custom command I have a custom command that returns results in tabular format with a _time column as well. Its something like below... by Harishma Communicator in Splunk Search 05-03-2020 0 5	0	5