Splunk Search

Community Activity

Bank holiday exclusion from search query HI All, I have a search query that needs to be excluded to run on a bank holiday. I have created a holidays.csv fil... by ashrafsj Path Finder in Splunk Search 05-05-2020 0 2	0	2
Discrepancies between metadata and tstats latest time results I'm trying to figure out which search will most accurately tell me when events with future timestamps are being detec... by merch_sf Engager in Splunk Search 05-05-2020 0 3	0	3
Alternate to EventStats \| Using EventStats for a longer duration results in data loss Hi Team, Is there an alternative to count all the events to 'eventstats' using it results in data loss if exceed the... by nishantberiwal New Member in Splunk Search 05-05-2020 0 6	0	6
Unable to break events using multikv? Hi Splunkers, Please find attached image, this is the way i am getting my data. My desired format is : Hostname \| Mi... by sarvesh_11 Communicator in Splunk Search 05-04-2020 0 4	0	4
How to compare fields over multiple sourcetypes without 'join', 'append' or use of subsearches? Hello everyone, Now, this one bugs me for some time and this question got my attention back to this topic. How can o... by MuS SplunkTrust in Splunk Search 05-04-2020 20 24	20	24
Can not get my subsearch work Hello, everybody! Does anybody can help me understand why the following subsearch not limits the results of the oute... by oshirnin Path Finder in Splunk Search 05-04-2020 0 5	0	5
How to count events that occurred 60 minutes apart (not on the hour)? Hello everyone, I need help with a search. I have a table with the following fields: VISITDATE USERNUMB... by srive326 Explorer in Splunk Search 05-04-2020 0 4	0	4
Covert KB to MB in a chart count search. I have a chart count of Index using License usage using the below search. The search works fine but how to convert th... by pdantuuri0411 Explorer in Splunk Search 05-04-2020 0 6	0	6
Parsing of events with fixed pattern Hi, I am using Splunk to parse a particular sets of logs since many years but recently i have started facing some is... by ramprakash Explorer in Splunk Search 05-04-2020 0 5	0	5
Why is my data not parsing correctly? I am trying to make sure I know how to configure an environment to ingest weblogs that are correctly parsed and I am ... by mhouse3 Path Finder in Splunk Search 05-04-2020 0 2	0	2
IP based black list in Serverclass.conf does not work Hi, I am trying to push app based on IP subnet whitelist and blacklist, while whitelist subnets are working perfectly... by habeebkaradan New Member in Splunk Search 05-04-2020 0 1	0	1
Multi events I have an event as below Names "John\|James\|Jude\|Jenni\|bond\|Tom" How do i get each name as separate event. by johnsasikumar Path Finder in Splunk Search 05-04-2020 0 1	0	1
CSV file index time field extractions - how to ignore the header? Is there schema on write support? Hello, I have the following little csv file: time,interface,utilization 2019-11-03,int_a,100 2019-11-04,int_b,200 ... by kiril123 Path Finder in Splunk Search 05-04-2020 0 2	0	2
How to calculate time difference between 2 events with a matching value in different field? I'm looking to calculate the elapsed time between 2 events of different types that potentially share a common value b... by dfraseman Explorer in Splunk Search 05-04-2020 0 2	0	2
How To Get User Login ID and Login Attempts by Application So I have a list of 11 applications and I want all the user IDs and number of logins attempts for each user over a sp... by SplunkLunk Path Finder in Splunk Search 05-04-2020 0 5	0	5
Detecting outliers query Hi everyone I was reading through "endpoint security analyst with Splunk (online experience)" which you can find her... by muradghazzawi Engager in Splunk Search 05-04-2020 0 6	0	6
Left Outer Join Using NOT clause I'm trying to identify arrangement's in one data source that do not exist in another data source. One of the sources ... by petem3 New Member in Splunk Search 05-04-2020 0 2	0	2
Rex problem Hey I'm trying to extract the values from _time to new fields (Year, Month, Day), in order to compare average of even... by henderz New Member in Splunk Search 05-04-2020 0 3	0	3
How do I use tstats to extract data from a child data set? Hello, I'm trying to use the tstats command within a data model on a data set that has children and grandchildren. ... by andrewtrobec Motivator in Splunk Search 05-04-2020 0 2	0	2
Combine two columns in a table from two separate searches (where one is a subset of the other) I'm currently running the query (changed to a dog-themed query) where I want to join two logs together by the Dog's n... by splunkuser2127 Loves-to-Learn in Splunk Search 05-04-2020 0 2	0	2
Adding Sparkline based on eval variable I have a search which captures data from all the machines on the network and calculates OS Health of each machine (ho... by itssaad14 Engager in Splunk Search 05-04-2020 0 1	0	1
How to pass a value from a search to another search? I have two sources - /var/log/secure - /var/log/audit/audit.log Here is my SPL so far (index=* source="/var/log/se... by xnx_1012 Explorer in Splunk Search 05-04-2020 0 2	0	2
Question on transformation commands Hi All, I need your helping in writing post process & base searches.. My dashboard requires a chart command in the f... by prettysunshinez Explorer in Splunk Search 05-04-2020 0 4	0	4
What is Needed resource for CM, LM, DS, HF, DMC Hi, We plan to deploy Splunk with indexer clustering (with 3 indexers) in our company. We know the hardware requireme... by jg91 Path Finder in Splunk Search 05-04-2020 0 6	0	6
How to calculate cisco asa VPN session duration time Here's the cisco asa logs I have coming in broken down by eventype=cisco_vpn_start and cisco_vpn_end index=csco sour... by johnward4 Communicator in Splunk Search 05-04-2020 0 8	0	8