Splunk Search

Community Activity

Why can't a non-admin user search my accelerated data model? I've created two accelerated data models. As admin, I can search each of them with \|tstats summariesonly=t FROM data... by john_dagostino Path Finder in Splunk Search 04-28-2020 0 4	0	4
Capitalize every word of field in search results I have a list of Cities in a field that are all lower case. Is there a way to capitalize them in search? Example: los... by aelliott Motivator in Splunk Search 04-28-2020 1 6	1	6
time frame calculation Hello i want to write IF statement as part of my query and want it to run on time frame of 30 days or more... the qu... by sarit_s Communicator in Splunk Search 04-28-2020 0 2	0	2
Automatically capitalize the first letter of every word that follows a period? I am looking for the proper SPL to capitalize the first letter of every word that follows a period. I have tried seve... by rogue670 Engager in Splunk Search 04-28-2020 0 5	0	5
need help in extracting a substring from a string hello splunkers! new to splunk and i am needing to extract a word from a message field. this is the message The Clust... by owie6466 Explorer in Splunk Search 04-28-2020 0 4	0	4
expand json array to multiple events, then search constraints on the results Hello, I've gone through a hundred of these types of posts and nothing is working for me. Here is the nested json arr... by zachsisinst Explorer in Splunk Search 04-28-2020 0 4	0	4
How to do an outer join on two tables with two fields? Hi, I'm wondering if it's possible to do an outer/left join two tables on two fields. I have two indexes with the fo... by apiprek2 Explorer in Splunk Search 04-28-2020 0 2	0	2
Clustered search heads broke lookup tables where do I reupload the lookups? Hi All, so i clustered my search heads and added them to my index cluster. However it broke all my lookup tables. ... by rtalcik Path Finder in Splunk Search 04-28-2020 0 1	0	1
How to split cooking data and routing between two (or more) forwarders? Hi all, I have already read several interesting questions regarding this topic. I'd like to verify which approach is... by MMCC Path Finder in Splunk Search 04-28-2020 0 3	0	3
concat lookups for a search so in this search the full list is everything in zone A. do is everything in zone b, zoneserialnumbers are a list o... by rtalcik Path Finder in Splunk Search 04-28-2020 0 6	0	6
define transaction and gather knowledge from it Hi have logs look likes below, and want to define where transaction begin and where finished. for example at ID654321... by indeed_2000 Motivator in Splunk Search 04-28-2020 0 6	0	6
Hi everyone, can someone please tl how can we set up a report where we are fetching last 6 month period for ex: if i am running the report on 5th of may, i will need the data from 1st of November till 30 apri and i l nee... by shivangisharma New Member in Splunk Search 04-28-2020 0 1	0	1
How does one extract timestamp and csv events where column headers are: year/month, someField1,someField2, day1, day2, day3, etc...day31 I am having trouble extracting individual events from a csv file with the data formatted in the following way. I have... by 1sebastinator Explorer in Splunk Search 04-28-2020 0 4	0	4
How to get counts of events matching only particular value pattern from multi valued field I am trying to get counts of events that match only a particular field value pattern from a multi-valued field. Mul... by arrangineni Path Finder in Splunk Search 04-28-2020 0 2	0	2
i need few usecases PII Leaked DNS Generator Anomaly Encrypted C and C Command Anomaly Command and Control Repudation Anomaly File Action... by thaheseens Explorer in Splunk Search 04-28-2020 0 2	0	2
Merge logs Hello team I would like to merge more events into one, currently my events look like this: 1st part {"log":"feign.... by mastoras Explorer in Splunk Search 04-28-2020 0 2	0	2
Count of occurence of string Hi, I am trying to get the occurence of two strings for every 3 minute interval.Tried this. index=xyz host="hostna... by aditya22 New Member in Splunk Search 04-28-2020 0 1	0	1
How to change the default formatting for a table visualization? I would like to change some of the formatting of a Statistics Table in a dashboard, specifically the following: head... by gavinsopra Engager in Splunk Search 04-28-2020 0 13	0	13
Recursively join events on child to parent fields to build chains Hello, everybody! I want to ask something that has already been asked several times but there is still no clear solu... by oshirnin Path Finder in Splunk Search 04-28-2020 0 14	0	14
How I can resize the table length so that the scrolling option I can remove. Hello everyone How I can resize the table length so that the scrolling option I can remove and I can see all the fi... by hrs2019 Path Finder in Splunk Search 04-27-2020 0 12	0	12
Splitting MultiValue Fields: appliedConditionalAccessPolicies{}* Hello, I have some fields that have multiple values in them and I need to split them out into their own rows. The fi... by fdevera Path Finder in Splunk Search 04-27-2020 0 2	0	2
External lookup Python Script: How to send a custom error message to Splunk SH UI Hi Splunkers, My external lookup working just fine and the results are proper. As mentioned in the below screensho... by prabhan New Member in Splunk Search 04-27-2020 0 7	0	7
Regex Help Hello all, I am new to regex and struggling to get the Actual value field. I only need the number in between the quo... by tkerr1357 Path Finder in Splunk Search 04-27-2020 0 4	0	4
How to form splunk query to split a field and make separate fields as per the maximum number of partitions? I have some strings like below returned by my splunk base search: "CN=aa,OU=bb,DC=cc,DC=dd,DC=ee" "CN=xx,OU=bb,DC=cc... by smitapatankarso Explorer in Splunk Search 04-27-2020 0 2	0	2
Adding source path to table output I have the following search set up: search string \| fields host raw \| fields - _time _indextime _sourcetype _subsec... by tom1981 Engager in Splunk Search 04-27-2020 0 4	0	4