Splunk Search

Community Activity

RegEx for pattern matching and extraction Hi, I have data that contains Sessions ID labeled as (SES) and User ID labeled as (ABC). When I look at the events... by mbasharat Builder in Splunk Search 04-18-2020 0 6	0	6
TOP 10 values I have a sample data from email logs where we have from and message size. how can I extract "Top ten sending address... by riqbal47010 Path Finder in Splunk Search 04-18-2020 0 2	0	2
dispatch.finalizeRemoteTimeline taking a long time? When I run a search in Splunk 6.x, the results come back quickly, but it seems like a lot of time is spent on "Finali... by dshpritz SplunkTrust in Splunk Search 04-18-2020 8 18	8	18
If my lookup size is too large (approx 2GB), will moving to KV store solve a search head replication issue? As of now, we use CSV lookups but some of the lookups are around 2 GB which is creating a problem in SH replication. ... by pargupta1234 New Member in Splunk Search 04-18-2020 0 0	0	0
How can I find my Splunk IP adress search head? I am very new with Splunk. I started lerning it with on line courses. I need to configure Forwarding in heavy forwa... by remartins New Member in Splunk Search 04-18-2020 0 1	0	1
Change other in Pie Chart (not in a dashboard panel) Hello, I want to change the field "other(n)" in a pie chart within the search results, not in a dashboard panel. Inst... by genesiusj Builder in Splunk Search 04-17-2020 0 0	0	0
"Other" values in pie chart Hi, Short explanation of my problem: I'm investigating a problem where two file downloads are apparently interrupted... by echalex Builder in Splunk Search 04-17-2020 1 11	1	11
How do I display a table with the fields extracted from regex? I built a regular expression to extract fields from a log file. However, after extracting I am not able to display th... by gvssaicharan Engager in Splunk Search 04-17-2020 0 3	0	3
How can we prevent users from creating knowledge objects within the Search app? A similar question as in Is there a way to prevent users from saving knowledge objects in the Searching and Reporting... by ddrillic Ultra Champion in Splunk Search 04-17-2020 0 7	0	7
Rename Extracted Fields Name Is there a way to rename the extracted fields in the Interesting Fields section? Example would be Interesting Fields... by wwhite12 Path Finder in Splunk Search 04-17-2020 0 3	0	3
Is there a systemd unit file for Splunk? systemd replaces SysV init scripts and some Linux distributions are migrating to or currently support systemd (such a... by Yorokobi SplunkTrust in Splunk Search 04-17-2020 14 66	14	66
Need to extract elapsed time hi, I have a query with the below mentioned resultset logger: com.optum.bh.benefit.plan.api.BhBenefitPlansResource ... by vipulg83 New Member in Splunk Search 04-17-2020 0 10	0	10
How to sum multiple columns by multiple names? Hi, how do I sum multiple columns using multiple columns? For instance, my data looks like this: How do I get two ... by tarantula Engager in Splunk Search 04-17-2020 0 1	0	1
How to subtract _time field from Multifield value Hello I have a search with an MV Value this is called HeartBeatTime. I like to create an allert when the HeartBeatTim... by zhonk Explorer in Splunk Search 04-17-2020 0 8	0	8
Has any one created SPL query for detecting Lateral movement of users I am currently trying to create a SPL query to detect any suspicious lateral Movement to be detected from windows log... by dikshaj Engager in Splunk Search 04-17-2020 0 1	0	1
spl query output mismatch index=_internal host=abc123 source="metrics.log" group=tcpin_connections fwdType=uf \|dedup hostname \|table hostname ... by vinitpathri Path Finder in Splunk Search 04-17-2020 0 6	0	6
match function is not working I have two fields called field1, field2. Both are having same value as "xyz" but when i try to compare them with matc... by Allampally Path Finder in Splunk Search 04-16-2020 0 3	0	3
サーチ結果からアラーム的にブラウザ側で音(MP3)を再生することはできますか。リモートワークがフォーカスされてきており、オペレーションセンターに勤務ができない状況が続いております。このため、今までアラームをパトランプでセンター側で鳴らしていたのですが、自宅でオペレーションすることになり、自宅側でもアラームを認識... by syazaki_splunk Splunk Employee in Splunk Search 04-16-2020 0 2	0	2
Timechart trend I have to show trends in one search: I'd like to have the results of last 24 hours and to compare it with the result ... by gcusello SplunkTrust in Splunk Search 04-16-2020 0 7	0	7
How to set a bar chart by quarter? I have the following code that shows leases that end in June. \| inputlookup Leases.csv \| rename "Lease End" as lea... by danielbb Motivator in Splunk Search 04-16-2020 0 4	0	4
Eval If - count one item against sum total of the rest of the items in the group Hi, So I a page with more than a few urls that represent that same page. However, one of these urls has a value that... by user93 Communicator in Splunk Search 04-16-2020 0 1	0	1
Customer count between two percentile count of API response times Hi All, I am little bit of a novice with Splunk, but I am curious to find the distinct number of customers between 9... by vibhorkhanna New Member in Splunk Search 04-16-2020 0 1	0	1
RegEx to Parse Field Containing Json Format I am attempting to parse logs that contain fields similar to the example below. Field name being ValidFilterColumns, ... by ahaveles New Member in Splunk Search 04-16-2020 0 3	0	3
Help with error from a custom command: ERROR SearchStatusEnforcer - sid:1536453655.14705 Search auto-canceled Hello, Splunk 7.1.3, Linux x86_64. One of my custom (SCPv1) commands errors when the number of events returned exce... by jibanes Path Finder in Splunk Search 04-16-2020 4 4	4	4
Query to find Memory in percentage How would i need to modify the below query to get Memory value in percentage when the threshold exceeds 90. Kindly su... by sureshkumaar Path Finder in Splunk Search 04-16-2020 0 1	0	1