Splunk Search

Community Activity

How to organize a search with two lookup tables: common and event-specific? In my question I will use a manufacturing monitoring analogy. Employees (uniquely identified by name) work a certain... by pm771 Communicator in Splunk Search 05-01-2020 0 9	0	9
A user can outputlookup and overwrite existing lookups regardless of permissions We just tested in 5.0.2.2 - A user did outputlookup and overwrote a lookup file in etc/system even though in the UI, ... by raziasaduddin Path Finder in Splunk Search 05-01-2020 7 15	7	15
How do I search records for today and 120 days back? sort -date \| dedup Date_Month_Year \| where Date>1575183600 I need this query to run only for the past 120 days from... by tferranteku Explorer in Splunk Search 05-01-2020 0 8	0	8
How can I split stats into rows MY SPL (index=* source="/var/log/authlog" "sudo" AND ("tar -xf" OR "pkg install" OR "pkg uninstall")) OR (index=... by xnx_1012 Explorer in Splunk Search 05-01-2020 0 2	0	2
Including O365 UserAgent data in search Hi all, I'm having trouble getting O365 UserAgent data to show up in a search. Currently, my search looks like: sou... by funkychickin New Member in Splunk Search 05-01-2020 0 1	0	1
lookup field value case sensitivity While field values are not case sensitive by default on Splunk, when we use lookups the default setting for the field... by constantinetamp Observer in Splunk Search 05-01-2020 0 6	0	6
Search results are not wrapping, can't scroll right. I have searched for some traps. The results are not wrapping and I can't scroll any further right. The only way I c... by horngary Engager in Splunk Search 05-01-2020 2 6	2	6
How to Left Join is NULL I just want to get the left cluster (only Table A )as below picture. How should Splunk search be? tu. by fearloess New Member in Splunk Search 05-01-2020 0 3	0	3
No result is showing when i enter the following code . I am trying to generate report using the following command but it is not showing any result . i just want to make sur... by sw9026 New Member in Splunk Search 05-01-2020 0 1	0	1
How to get the top 10 values using timechart? Hi, I have this query and it works just fine index=blah1 OR index=blah2 OR index=blah3 host=media "/fileUpload/im... by dbcase Motivator in Splunk Search 05-01-2020 1 10	1	10
Issue with displaying CPU, Mem & Disk data on the dashboard of Template for Citrix XenDesktop 7 Hi, I have deployed the Template for Citrix XenDesktop 7 with the TA-XD7-Broker add-on deployed on the brokers. Howe... by aknsun Path Finder in Splunk Search 05-01-2020 0 1	0	1
How to put data in table format Name :Test "extensionData": {<!-- --> "entries": [ {<!-- --> ... by chaitu1231 New Member in Splunk Search 04-30-2020 0 2	0	2
I have added the Splunk search to my default.xml. Is it possible to only allow this to appear in the navigation bar for admins? Example of search in nav bar: I only want the Search to be viewable by admins. I have looked at other Splunk quest... by lachlanmcgrath New Member in Splunk Search 04-30-2020 0 0	0	0
Combine 2 searches with 2nd search dependent on first I am trying to combine 2 searches into one. However, the results for the 2nd search should only return if there are r... by worldexplorer81 Path Finder in Splunk Search 04-30-2020 0 0	0	0
Adding vertical bars from one search to a timechart from another search I've got a line timechart of some data based on one search. I'd like to take another search and add vertical lines/b... by mariagullickson Explorer in Splunk Search 04-30-2020 1 2	1	2
Response Time from Splunk Logs using Transaction starts with and within an single event I am trying to calculate the duration/timetaken between 2 strings in an event using transaction starts with and endsw... by sen8sen Engager in Splunk Search 04-30-2020 0 6	0	6
Some time questions. I'm working on a financial data dashboard, and i have a few panels that pull data from last year relative to this yea... by JDukeSplunk Builder in Splunk Search 04-30-2020 0 2	0	2
if one field is returning null value then how do i get all the fields to return null value Hi Guys, I have one search query which is combining two Searches and giving results. But based on the conditions se... by ak9092 Path Finder in Splunk Search 04-30-2020 0 4	0	4
Field extraction using props.conf and transforms.conf Hello, This is what my field extraction looks like in the GUI: Name- source::/home/user/logs/* : EXTRACT-request_id ... by mihirpradhan Explorer in Splunk Search 04-30-2020 0 0	0	0
Navigations Can anyone help me with navigation's, I have created 2 app's. In test app i have a dashboard , when i clicked my pan... by tramya96 New Member in Splunk Search 04-30-2020 0 1	0	1
What is a good convention for config file organisation? Something to ponder while working from home... I am planning on storing and managing my config files in Git. We re... by mikeydee Explorer in Splunk Search 04-30-2020 0 1	0	1
Percentage of two calculated search values don't hate me @to4kawa But can you help me one last time! Ive been stuck for a few hours trying to figure out how ... by pir8radio Path Finder in Splunk Search 04-30-2020 0 2	0	2
How to handle staggered logs Hi , Basically their server send logs one line at a time. When it came to Splunk it ingest automatically and not fol... by jadengoho Builder in Splunk Search 04-30-2020 0 17	0	17
Change the time format in time chart tool tip We have time-chart visualization on a dashboard. The events are uploaded manually on last day of every month with tim... by rajeshjlnt Path Finder in Splunk Search 04-30-2020 0 2	0	2
Can the Splunk OS TAs capture time? Apparently, the Splunk OS TAs don't capture time and if there are index time delays, _time would be skewed and actual... by danielbb Motivator in Splunk Search 04-30-2020 0 1	0	1