Splunk Search

Community Activity

What happened to the transposed dates? I made a query that involves transposing a timechart (span=1w, analyzing since 1/1/2020). The result is the exact l... by hollybross1219 Path Finder in Splunk Search 04-10-2020 0 2	0	2
Need to query for a users internet history activity I have this query: search index="paloaltologs" user="*UserName" \| table _time, user, url, action However it doesn'... by cwright757 New Member in Splunk Search 04-10-2020 0 3	0	3
Calculate the Difference from the previous week results. I have a simple timechart showing a percentage of status that = success from the total count of phase=second found. ... by jcarstar Engager in Splunk Search 04-10-2020 0 2	0	2
Timechart - x-axis to show label/ticks as Sunday instead of Monday Hey there folks! Can't believe I'm stuck on something which could be pretty simple. I have a timechart with span=1d ... by andrewwjc Engager in Splunk Search 04-10-2020 0 0	0	0
Field Extraction using Regex Hi Team, I would like to extract table name from below combined event using rex. Both events are combined in one eve... by abilann New Member in Splunk Search 04-10-2020 0 1	0	1
How to pass earliest and latest in search time using inputlookup Hi Experts, I have a one month data inputlookup file i.e, sample.csv which contains two fields test and _time. I want... by james_n Path Finder in Splunk Search 04-10-2020 0 3	0	3
How to merge a row count in a table to other row Hi, I am trying to merge below row "EUR%20" count to "EUR" . Please help. String: sourcetype=access_combined index... by mrr6892 Loves-to-Learn in Splunk Search 04-10-2020 0 2	0	2
Why does field extraction only work when "\| extract reload=T" is added to search? I've got a fairly simple field extraction specified by a props.conf REPORT directive pointed to a transforms.conf spe... by muebel SplunkTrust in Splunk Search 04-09-2020 2 6	2	6
Timechart from lookupfile using Date field Good morning all, I have a little challenge for someone whom has far superior brains than myself! I have created a l... by Barty Explorer in Splunk Search 04-09-2020 0 3	0	3
how to extract a field where there are different values, but which has not determined a value. Hello everyone! how to extract a field where there are different values, but which has not determined a value. I nee... by jfeitosa_real Path Finder in Splunk Search 04-09-2020 0 2	0	2
How to transform a table If I have the data in following format: time session event t1 session1 actionA ... by dtakacssplunk Explorer in Splunk Search 04-09-2020 0 1	0	1
How can SPL be written more efficiently to combine 3 source types? I am combining 3 source types. I've tried using \|stats values() but can't seem to get it to work. Example of what I... by wichniewicz New Member in Splunk Search 04-09-2020 0 2	0	2
Calculating the time between events I am trying to pull some stats from splunk around how long a user session was active for. in the logs i have a logo... by gsmi New Member in Splunk Search 04-09-2020 0 1	0	1
Why the count of the user per hour varies after executing the same query after a inetrval of time? Hi All, Input logs are forwarded from a syslog server. We extracted server name and user id from the logs. Our requi... by srideviv Engager in Splunk Search 04-09-2020 0 2	0	2
Splunk logs in RedShift Hi All, I am trying to use RedShift to store all my Splunk logs, it it possible? by ashishsecdev Engager in Splunk Search 04-09-2020 0 5	0	5
Subserch - trying to use results from subsearch as an input on the main one. Hi, I am trying to filter input and output with : 2020-03-31 09:57:11,714 9.5.1455: ERROR syslog156: operation f... by dabroma5 Explorer in Splunk Search 04-09-2020 0 7	0	7
i want to get data's from 8am ysterday to 8am today.. ?? can anyone help me i want to get data's from 8am ysterday to 8am today.. by Puvi New Member in Splunk Search 04-09-2020 0 1	0	1
Creating a summary of fields by multi-selected values Hey everybody! I have this following multi-select construction with checkboxes and submit button. This gives me the s... by uveys Engager in Splunk Search 04-09-2020 0 0	0	0
SPL query to check event START... and END (if there is!!??!!) I guys. Recently i came in trouble to resolve the "puzzle" described in Title... What we need 1) Trigger the "Job_St... by verbal_666 Builder in Splunk Search 04-09-2020 0 6	0	6
How to convert a field containing number of days since 01/01/1970 to a human readable date? Hi. I have a monitor of "/etc/shadow" file with last password change field lastchange in days (example lastchange=1... by kalianov Path Finder in Splunk Search 04-09-2020 0 5	0	5
Filtering the results in Dashboard from InputLookup Depend Upon Time Hi, I'm trying to filter the results of the lookup depend upon the time selection from the dashboard. I have date fi... by cchange Path Finder in Splunk Search 04-08-2020 0 2	0	2
Rex has exceeded configured match_limit I am trying to extract about 4 fields from a log line. Each lines have about 1500 character. I can only extract 2 fi... by clementros Path Finder in Splunk Search 04-08-2020 0 4	0	4
search time rex works but simple field extraction searching does not Basically, when I try to search for mf4 values on their own, index="sean-testing" mf4=w, the data found is zero or bl... by rewritex Contributor in Splunk Search 04-08-2020 0 3	0	3
Getting uptime of a process from PS I've been searching splunk answers all morning trying to get this one. It seems simple enough, but I can't lick it an... by JDukeSplunk Builder in Splunk Search 04-08-2020 0 1	0	1
inputlookup(csv) with Distinct_count Hi There! I have created a list of 2000 names in a CSV file. I am trying to get the phone numbers of these 2000 peopl... by priya777 New Member in Splunk Search 04-08-2020 0 4	0	4