Splunk Search

Community Activity

CEF Field Parsing I am not seeing extracted field against below query. index=fireeye \| eval {flexString2Label} = flexString2 below are ... by riqbal47010 Path Finder in Splunk Search 04-01-2020 0 1	0	1
How to count the number of issues (from Jira) that were created, only once? I have data from Jira in Splunk, and issues (stories in particular) are counted multiple times because of modificatio... by YuliyaVassilyev Explorer in Splunk Search 04-01-2020 0 3	0	3
Cumulative hourly Average Hi All, I have counts of some offers for every hour eg 9-10 30 and then 10-11 - it is 40 it should be cumulative... by Rukmani_Splunk Path Finder in Splunk Search 04-01-2020 0 0	0	0
Query help lookup Hi, I am using below query to get a match by SUBNET from B.csv and get the IP filed. And show all fields from A.cs... by surekhasplunk Communicator in Splunk Search 04-01-2020 0 2	0	2
Dynamic dashboard event handling Hello I am new to Splunk. Would be great if you can help me with this. Once I open the dash board , it has couple of ... by 812456 New Member in Splunk Search 03-31-2020 0 0	0	0
Move _time to the last column in the attached mail How I can move _time column to be the last on the an attached csv file in the email send by scheduled report the que... by rayar Contributor in Splunk Search 03-31-2020 0 1	0	1
Transaction starts with ends with Hi does anyone know is there is a way for transaction starts with ends with take the middle result Example, i have tr... by chookp Explorer in Splunk Search 03-31-2020 1 11	1	11
Join 2 fields with the same value in the same search. Hi. I need help to be able to unify 2 fields that have the same value, however, in separate searches. Here is an exam... by LeandroKopke Explorer in Splunk Search 03-31-2020 0 6	0	6
Raw data only parsing the first instance Hello All, I have a data like this X1=[A(status=X, reason=Y), A(status=Z, reason=Y), A(status=xyz, reason=abc)] No... by praddasg Path Finder in Splunk Search 03-31-2020 0 9	0	9
Fetch the data from the fields which has 2 words in the field name using regular expression? I have an event as below: Mar 30 16:59:08 vg1 : %ASA-4-113019: Group = EMPLOYEE, Username = roys86, IP = ...**, Sess... by khojas02 Engager in Splunk Search 03-31-2020 0 3	0	3
is it possible to know which is the index that has less use? good afternoon I would like to know which is the index that has had less access at the data query level. regards by efaundez Path Finder in Splunk Search 03-31-2020 0 2	0	2
How to remove tags in a string? Hello, I have a string field like: View How can I remove tag and to only display View in the search? Thanks, by vnguyen46 Contributor in Splunk Search 03-31-2020 0 9	0	9
Symantec TA field Extractions not working Hello All, I am troubleshooting an issue with the Symantec TA. Fields are not being extracted correctly and I am stum... by rwardwell Explorer in Splunk Search 03-31-2020 2 1	2	1
Using Web datamodel _time doesnt show seconds.. the _time is in format of 2020-03-31 08:45:00 I am trying to use tstats to develop a query, however i need _time to be included in the query for the logic to work.... by dwibedi03 Explorer in Splunk Search 03-31-2020 0 2	0	2
Can I execute job inspector on SH and IDX both? When I execute job inspector on IDX and SH under the indexer cluster environment, are the results same? Do they have ... by brandy81 Path Finder in Splunk Search 03-31-2020 0 1	0	1
Fillnull with previous known or conditional values? I am logging a number of simple on/off switches that Splunk has done a wonderful job automagically parsing. The data ... by keycoldstorage Explorer in Splunk Search 03-31-2020 1 17	1	17
Can we perform search on a value that is returned from a CASE function Hi can I perform a search on a value that is returned from a CASE function in the same search. eval filter=case( ( (... by gurkiratsingh Explorer in Splunk Search 03-30-2020 0 3	0	3
Deriving one event from another Hi, pardon if my question is too obvious, am a Splunk noob. My requirement is: I have a search String , example "Erro... by akki2428 New Member in Splunk Search 03-30-2020 0 1	0	1
Search parameter changed, need help with query i have a search parameter for ex : search Data="Test". This data is there in the index and it has daily ingest and it... by jiaqya Builder in Splunk Search 03-30-2020 0 4	0	4
How to show a count of "0" for hosts with no events in my search results? I am trying to do a search for certain hosts and get counts on the number of events available for each host while try... by harjotsidhu82 New Member in Splunk Search 03-30-2020 0 7	0	7
How to get the customer mismatch Hi, Very new to splunk and dont even know what to search. If you will see every customer if successfully process wi... by amitkusahoo New Member in Splunk Search 03-30-2020 0 2	0	2
Passing parameter with equals sign in string returns search error Hello, I am currently using a lookup table and definition to compare a list of IPs, Domains, URLs, etc. against cert... by terrancedejesus New Member in Splunk Search 03-30-2020 0 2	0	2
Syslog filter for VMware data I am trying to make a filter that will filter out all VPXD, VPXA, and HOSTD data coming in from VM hosts. Below is ex... by MikeVenable Path Finder in Splunk Search 03-30-2020 0 1	0	1
What are transaction evicted and orphaned events? In regards to the transaction command, what are orphaned events and evicted events? Is there a way to filter out log... by frbuser Path Finder in Splunk Search 03-30-2020 0 12	0	12
Creating Custom Field Extractions I am trying to add some field extractions for a log file created by Entrust IdentityGurard authentication solution. C... by snix Communicator in Splunk Search 03-30-2020 0 3	0	3