Splunk Search

Community Activity

Subsearch map command doesn't work I have a query that uses map and subsearch inside map command as below: host="X" booking source="Y" Success \| ded... by slipinski Path Finder in Splunk Search 05-05-2020 0 12	0	12
Unable to input zipped csv files from .gz Hi All, I am unable to index .gz files which has csv file. Can you guys please help 04-16-2019 03:11:28.982 -0400 INF... by hethaishibk New Member in Splunk Search 05-05-2020 0 3	0	3
Rex to match fields until particular string Hi, I'm using expression: (?ms)book.(?\d{7}-\d) to extract some numbers from this input (thanks @to4kawa ) : " ne... by slipinski Path Finder in Splunk Search 05-05-2020 0 2	0	2
Filter Events based on lookup file contents Hey All, I am attempting to write a search that looks for AD group add/removals for specific groups executed by spec... by adalbor Builder in Splunk Search 05-05-2020 0 8	0	8
Using lookups, determine if search is null. I have a lookup table where the columns are formatted as follows: Location, Vendor, dns_name, host-ip, host-short-na... by OldManEd Builder in Splunk Search 05-05-2020 0 6	0	6
IOC Inputlookup Hi , my goal is to detect if there is any matches with my custom Domain_IOC.csv list and display additional column f... by zayedaljaberi Engager in Splunk Search 05-05-2020 0 7	0	7
validate that index is not being queried in splunk Good afternoon I can validate in the MC which index have events and which do not, but is it possible to know whic... by efaundez Path Finder in Splunk Search 05-05-2020 0 1	0	1
duration calculator with current time Need help in find a query to get the duration of the alert w.r.t the current time. Current code am using: index=o... by jerinvarghese Communicator in Splunk Search 05-05-2020 0 1	0	1
How to set class for different fields using JavaScript for changing font color and background color in Splunk table? Hi i am new to Splunk/JavaScript, Need your help for reducing my code, i have created two class for 2 fields, likewis... by 812456 New Member in Splunk Search 05-05-2020 0 1	0	1
Some fields with >90% coverage disappear randomly between searches So this is a prerequisite-free kind of question about a field disappearing from "All Fields" section. By prerequisite... by funghorn Explorer in Splunk Search 05-05-2020 0 2	0	2
customize the chart display on selecting value from static multiselect option HI, I am trying to implement customized chart views, to state the issue I have static multi select input with token... by vikashperiwal Path Finder in Splunk Search 05-05-2020 0 6	0	6
Search Same URLs between two endpoints, each endpoint different time range I'm trying to find what URLs are the same that two endpoints went to, but at different times. Example: What URLs di... by pkohn117 Explorer in Splunk Search 05-05-2020 0 0	0	0
Bank holiday exclusion from search query HI All, I have a search query that needs to be excluded to run on a bank holiday. I have created a holidays.csv fil... by ashrafsj Path Finder in Splunk Search 05-05-2020 0 2	0	2
Discrepancies between metadata and tstats latest time results I'm trying to figure out which search will most accurately tell me when events with future timestamps are being detec... by merch_sf Engager in Splunk Search 05-05-2020 0 3	0	3
Alternate to EventStats \| Using EventStats for a longer duration results in data loss Hi Team, Is there an alternative to count all the events to 'eventstats' using it results in data loss if exceed the... by nishantberiwal New Member in Splunk Search 05-05-2020 0 6	0	6
Unable to break events using multikv? Hi Splunkers, Please find attached image, this is the way i am getting my data. My desired format is : Hostname \| Mi... by sarvesh_11 Communicator in Splunk Search 05-04-2020 0 4	0	4
How to compare fields over multiple sourcetypes without 'join', 'append' or use of subsearches? Hello everyone, Now, this one bugs me for some time and this question got my attention back to this topic. How can o... by MuS SplunkTrust in Splunk Search 05-04-2020 20 24	20	24
Can not get my subsearch work Hello, everybody! Does anybody can help me understand why the following subsearch not limits the results of the oute... by oshirnin Path Finder in Splunk Search 05-04-2020 0 5	0	5
How to count events that occurred 60 minutes apart (not on the hour)? Hello everyone, I need help with a search. I have a table with the following fields: VISITDATE USERNUMB... by srive326 Explorer in Splunk Search 05-04-2020 0 4	0	4
Covert KB to MB in a chart count search. I have a chart count of Index using License usage using the below search. The search works fine but how to convert th... by pdantuuri0411 Explorer in Splunk Search 05-04-2020 0 6	0	6
Parsing of events with fixed pattern Hi, I am using Splunk to parse a particular sets of logs since many years but recently i have started facing some is... by ramprakash Explorer in Splunk Search 05-04-2020 0 5	0	5
Why is my data not parsing correctly? I am trying to make sure I know how to configure an environment to ingest weblogs that are correctly parsed and I am ... by mhouse3 Path Finder in Splunk Search 05-04-2020 0 2	0	2
IP based black list in Serverclass.conf does not work Hi, I am trying to push app based on IP subnet whitelist and blacklist, while whitelist subnets are working perfectly... by habeebkaradan New Member in Splunk Search 05-04-2020 0 1	0	1
Multi events I have an event as below Names "John\|James\|Jude\|Jenni\|bond\|Tom" How do i get each name as separate event. by johnsasikumar Path Finder in Splunk Search 05-04-2020 0 1	0	1
CSV file index time field extractions - how to ignore the header? Is there schema on write support? Hello, I have the following little csv file: time,interface,utilization 2019-11-03,int_a,100 2019-11-04,int_b,200 ... by kiril123 Path Finder in Splunk Search 05-04-2020 0 2	0	2