Splunk Search

Community Activity

Field Extraction regex, stop at word or $ So I have some data that I'm trying to extract the application name from. These are Citrix ICA syslog events. Here'... by JDukeSplunk Builder in Splunk Search 03-26-2020 0 4	0	4
How to rank data based on field value? I've got data say in following format (*there may be more than three types of exception) Name,Exception,count ... by s20071035 Engager in Splunk Search 03-26-2020 0 3	0	3
Are Splunk-metrics needed to search logs for pods? Hi, When I perform any search in Splunk, the left side has Interesting Fields and Selected fields showing a list of ... by sunk New Member in Splunk Search 03-26-2020 0 0	0	0
makeresults query stuck in v7.3 Hello, One of the dashboards has a makeresults query like below, with about 250 append statements. \| makeresults\| e... by saneja New Member in Splunk Search 03-26-2020 0 2	0	2
Help me write props.conf /transforms.conf for below data. 36,03/26/20,13:12:04,Packet dropped because of Client ID hash mismatch or standby server.,IP,,B88584ADE973,,0,6,,,,,,... by muizash Path Finder in Splunk Search 03-26-2020 0 1	0	1
How to handle "no results found" in subsearch Hi all, I have a subsearch that returns me the delta between two events. The problem is, sometimes the two events I... by tsa_asap Engager in Splunk Search 03-26-2020 0 2	0	2
Need help in time difference for events Hi All, Pleas help me in getting a query to display the time difference from the events that mentioned below index=op... by jerinvarghese Communicator in Splunk Search 03-26-2020 0 7	0	7
How to regex multiple events, store it in one variable and display based on User click? Hi, I am looking for some help on the below query. I have list of APIs which has different parameters in the URL. I ... by rkrish71 New Member in Splunk Search 03-26-2020 0 8	0	8
Fix datetime.xml file in SPlunk So I have to update my datetime.xml file in Splunk because timestamp extraction problem after 1jan 2020. According t... by muizash Path Finder in Splunk Search 03-26-2020 0 2	0	2
Splunk Add-on for ServiceNow：about the table "sys_audit_delete" Hello. Please help me.... I failed to get the table "sys_audit_delete" via Splunk Add-on for ServiceNow. I succeeded ... by kanahayashi Explorer in Splunk Search 03-25-2020 1 8	1	8
Combine some of the results in a field and count the total Hi all, I am trying to get a count of all users signed into our VPN. While this is easy, i need it broken out based ... by mungerc New Member in Splunk Search 03-25-2020 0 1	0	1
Stats issue with multivalue field Hi, I am tracking my assets with vulnerabilities. My minimized sample query is: index=vuln \| stats dc(dns) as impac... by mbasharat Builder in Splunk Search 03-25-2020 0 4	0	4
How to get LDAP group name by using query or REST API? by viswanathsd Path Finder in Splunk Search 03-25-2020 0 10	0	10
How to create a bar chart that counts completed tickets and averages Hi guys! I am pretty new to this and in researching I have not found what I am looking for or did not recognize the a... by tmanuel1 New Member in Splunk Search 03-25-2020 0 2	0	2
Splunk search based on header value Is it possible to filter the logs based on http header value? I am conducting a load testing by using Jmeter. While ... by eprince New Member in Splunk Search 03-25-2020 0 0	0	0
Find and compare a value from one event in a subsequent future event Hello, I'm trying to figure out how to search and compare values in subsequent/sequential JSON messages where a user ... by alphanumeric85 Explorer in Splunk Search 03-25-2020 0 8	0	8
Displaying 2 counts (error and total) There is a requirement in which i need to display total count and errors(in total count). error message is in raw tex... by shashankjuloori New Member in Splunk Search 03-25-2020 0 10	0	10
How to find concurrent VPN users per hour? We are using pulse secure as our VPN solution and I'm looking to build a search that tracks concurrent users per hour... by jwalzerpitt Influencer in Splunk Search 03-25-2020 0 9	0	9
How to set time to search Hi am getting the earliest tie through a text box and I want to set the latest time automatically to (earliest+24h). ... by gurkiratsingh Explorer in Splunk Search 03-25-2020 0 2	0	2
How can i create a "key" for two searches and combine them to one search with a new column by "key" Hello community i hope you can help me, I'm new here... The field "moid" for 'folder' has the same values like th... by i17065 Engager in Splunk Search 03-25-2020 0 0	0	0
Regex working on Regex101 but not in splunk I am having below event - Subject: Security ID: EMEA\abc Account Name: XXXXXXX Account Domai... by shugup2923 Path Finder in Splunk Search 03-25-2020 0 3	0	3
query in splunk to check the previous jobs completed Hi All, I am trying to write a query where we have to check all the jobs in success or not built status before the j... by manish_singh_77 Builder in Splunk Search 03-24-2020 0 7	0	7
Squid URL lookups? All, Any service you recommend for doing domain classification and lookups against my Squid proxy logs? Just genera... by daniel333 Builder in Splunk Search 03-24-2020 0 1	0	1
Compare case-sensitivity of fields I'm using a rex to extract a field called field1 from my search... how do I take all the results of field1 and call o... by tb5821 Communicator in Splunk Search 03-24-2020 0 3	0	3
Index time extraction Hi all, I have 10 events containing events from events 1,event2,event 3,....event 10. I need to cobine events2,3,4 an... by bhavneeshvohra9 New Member in Splunk Search 03-24-2020 0 2	0	2