Splunk Search

Community Activity

How do we overcome the shortcomings of "bin" when trying to find X number of events in a certain time period? Hello all, I've had this issue in the past but never really spent the time to find a solution as bin is usually "goo... by jadamsplunk Path Finder in Splunk Search 04-11-2020 0 4	0	4
How to run search based on a condition? I have a couple of search queries to execute based on certain conditions. A search query in my dashboard is getting e... by rarangarajanspl Explorer in Splunk Search 04-11-2020 0 2	0	2
I need to get hourly reports starting at five minutes before the hour and get the previous week and the week previous to that for the same hour. So I need a start/chart/timechart etc... that shows a distinct count of separate login ids from 7:55 - 8:54:59 then 8... by johnegracej New Member in Splunk Search 04-11-2020 0 1	0	1
rex syntax for extracting value from a set of match criteria I am wanting to create a rex that will have a list of text that is to be matched, but the matched value is what needs... by RNB Path Finder in Splunk Search 04-11-2020 0 3	0	3
Improve query to list apps and versions on all indexer nodes I have this query to list the apps and their versions last update date for apps on all index nodes, however the updat... by radam2000 Path Finder in Splunk Search 04-11-2020 0 2	0	2
Splunk Data and apps all got deleted All data and apps from our distributed architecture suddenly got deleted, including indexes and other configurations.... by abhijitnath89 Path Finder in Splunk Search 04-11-2020 0 1	0	1
Showing baseline result relative to other results I have a line chart that plots results for a bunch of tests. One of the tests is a "baseline" result. Each result i... by jrjarcher New Member in Splunk Search 04-10-2020 0 1	0	1
How can I find searches using a specific index? All, I am breaking my index=windows up into index=oswin and index=oswinsec. Any tricks or tools to search for sea... by daniel333 Builder in Splunk Search 04-10-2020 0 1	0	1
Need a query for the same event repeated in a defined time Hi, I need a query to show me all occurrances when the same message is logged within 200ms. Log example: Message="La... by esaionz New Member in Splunk Search 04-10-2020 0 4	0	4
What happened to the transposed dates? I made a query that involves transposing a timechart (span=1w, analyzing since 1/1/2020). The result is the exact l... by hollybross1219 Path Finder in Splunk Search 04-10-2020 0 2	0	2
Need to query for a users internet history activity I have this query: search index="paloaltologs" user="*UserName" \| table _time, user, url, action However it doesn'... by cwright757 New Member in Splunk Search 04-10-2020 0 3	0	3
Calculate the Difference from the previous week results. I have a simple timechart showing a percentage of status that = success from the total count of phase=second found. ... by jcarstar Engager in Splunk Search 04-10-2020 0 2	0	2
Timechart - x-axis to show label/ticks as Sunday instead of Monday Hey there folks! Can't believe I'm stuck on something which could be pretty simple. I have a timechart with span=1d ... by andrewwjc Engager in Splunk Search 04-10-2020 0 0	0	0
Field Extraction using Regex Hi Team, I would like to extract table name from below combined event using rex. Both events are combined in one eve... by abilann New Member in Splunk Search 04-10-2020 0 1	0	1
How to pass earliest and latest in search time using inputlookup Hi Experts, I have a one month data inputlookup file i.e, sample.csv which contains two fields test and _time. I want... by james_n Path Finder in Splunk Search 04-10-2020 0 3	0	3
How to merge a row count in a table to other row Hi, I am trying to merge below row "EUR%20" count to "EUR" . Please help. String: sourcetype=access_combined index... by mrr6892 Loves-to-Learn in Splunk Search 04-10-2020 0 2	0	2
Why does field extraction only work when "\| extract reload=T" is added to search? I've got a fairly simple field extraction specified by a props.conf REPORT directive pointed to a transforms.conf spe... by muebel SplunkTrust in Splunk Search 04-09-2020 2 6	2	6
Timechart from lookupfile using Date field Good morning all, I have a little challenge for someone whom has far superior brains than myself! I have created a l... by Barty Explorer in Splunk Search 04-09-2020 0 3	0	3
how to extract a field where there are different values, but which has not determined a value. Hello everyone! how to extract a field where there are different values, but which has not determined a value. I nee... by jfeitosa_real Path Finder in Splunk Search 04-09-2020 0 2	0	2
How to transform a table If I have the data in following format: time session event t1 session1 actionA ... by dtakacssplunk Explorer in Splunk Search 04-09-2020 0 1	0	1
How can SPL be written more efficiently to combine 3 source types? I am combining 3 source types. I've tried using \|stats values() but can't seem to get it to work. Example of what I... by wichniewicz New Member in Splunk Search 04-09-2020 0 2	0	2
Calculating the time between events I am trying to pull some stats from splunk around how long a user session was active for. in the logs i have a logo... by gsmi New Member in Splunk Search 04-09-2020 0 1	0	1
Why the count of the user per hour varies after executing the same query after a inetrval of time? Hi All, Input logs are forwarded from a syslog server. We extracted server name and user id from the logs. Our requi... by srideviv Engager in Splunk Search 04-09-2020 0 2	0	2
Splunk logs in RedShift Hi All, I am trying to use RedShift to store all my Splunk logs, it it possible? by ashishsecdev Engager in Splunk Search 04-09-2020 0 5	0	5
Subserch - trying to use results from subsearch as an input on the main one. Hi, I am trying to filter input and output with : 2020-03-31 09:57:11,714 9.5.1455: ERROR syslog156: operation f... by dabroma5 Explorer in Splunk Search 04-09-2020 0 7	0	7