Splunk Search

Community Activity

Cannot access results of a Searchmanager in a for loop I have a dashboard that should perform a dynamic number of searches. For this purpose I created a search manager, whi... by mariuswal New Member in Splunk Search 03-20-2020 0 0	0	0
How do you use the lookup value as a variable? Hi, I have the following lookup, which is basically a mapping lookup: lookup name: "scoring_rules" source , field... by lozarich007 New Member in Splunk Search 03-19-2020 0 2	0	2
Scatter Plot for time x-axis and numbered Y axis I am looking to plot scatter plot to show all the data points in a particular time. Some how I am not able to get aro... by howardroark Explorer in Splunk Search 03-19-2020 1 23	1	23
How to check if an index exists efficiently? In elasticsearch one would do HEAD [index_name] and check if an index exists efficiently. Is it possible to do someth... by dapitis Engager in Splunk Search 03-19-2020 0 13	0	13
How to convert epoch to human readable format at index time for multiple time values? Event data has multiple time values in the Epoch time format. I am able to convert the one used for event timestamp w... by donaldwayne1975 Path Finder in Splunk Search 03-19-2020 0 3	0	3
Combine the Sum of Two Fields Hi all, For a search similar to the following: index=myindex "Search Term" NOT field=value source="mylog.log" \| eval... by bcarr12 Path Finder in Splunk Search 03-19-2020 0 3	0	3
How to get session key in a search script (\| script ) similar to the way a scripted input can? I'm storing a few credentials in Splunk keystore using setup.xml endpoint="storage/passwords". I have no problem ex... by avilandau Path Finder in Splunk Search 03-19-2020 1 16	1	16
Sonicwall VPN group by field then sum of a field? Hi, We are getting data from syslog for ssl vpn login. Here is a sample log. ,,"'0'",,"'-'",,"Thor","'Tunnel'","MCU... by mashhoorgulati Engager in Splunk Search 03-19-2020 0 2	0	2
Split is converting my empty strings back into null? This query kills morejunk even though it should NOT be doing so: \| makeresults \| eval a="1 2" \| eval b="junk" \| appe... by nick405060 Motivator in Splunk Search 03-19-2020 1 5	1	5
Calculating total in row Hi, I need help adding b+ c together to get a total, I will then calculate a percentage using a/combined b+c. Is thi... by khanyag1 New Member in Splunk Search 03-19-2020 0 11	0	11
Display data in timechart I'm using summary index to get data and display in timechart. but not able to create a time chart with the data. ind... by kirrusk Communicator in Splunk Search 03-19-2020 0 4	0	4
Can I update a CSV lookup file with more rows and how will this affect existing csv files and lookups? Looking at understanding better how lookups work in Splunk. As I understand it, there are 3 steps: 1. lookup table... by HattrickNZ Motivator in Splunk Search 03-19-2020 2 12	2	12
SA-Eventgen and Splunk SPL Examples - Help Generating Data Hello community, I've installed SA-Eventgen and SPL Examples as directed in the following .conf talk: https://conf.s... by dillardo_2 Path Finder in Splunk Search 03-19-2020 0 4	0	4
How to extract numbers correctly Hi! I have this field in my log: callerSipNumber="18121710_text". How should I extract "18121710" and name it "number... by pomazanelvira New Member in Splunk Search 03-19-2020 0 4	0	4
Log format validation I have frequently asked whether the fields are being extracted well. The easiest method to answer this question is t... by landen99 Motivator in Splunk Search 03-19-2020 1 2	1	2
How to get diff count and show field and result of diff Hello Splunkers, I have a trouble with the result, example i have some data log Goat \| alive Goat \| dead Goat \| ali... by mockingj New Member in Splunk Search 03-19-2020 0 4	0	4
regex to split names extracted from a string This is a little tricky to explain but I have this query: index = active_directory directReports=* sAMAccountName=* ... by nathanluke86 Communicator in Splunk Search 03-19-2020 0 2	0	2
項目名に変数の値を設定できるかお世話になります。項目名に月の値を入れたいです。現在検討している方法は別カラムに月の値(2020-03)を設定し、【予定】という項目の先頭に月の値(2020-03)をセットして、【2020-03予定】という項目名にしたいのですが、実... by 1014502 New Member in Splunk Search 03-19-2020 0 3	0	3
Regex assistance on match, capture, repeat - simple yet I can't! Good morning you lovely lot, I have a theoretically simple regex extraction, but it is slaying me. If one of you wou... by Barty Explorer in Splunk Search 03-19-2020 0 4	0	4
How can I extract a value from a field that have many content I have a field named "Message", the content as below: *Active Directory Domain Services could not use DNS to resolve ... by lllidan New Member in Splunk Search 03-18-2020 0 1	0	1
How to tell which transform applied to which event Is there a way to tell if a regex has been applied to an event? I'm doing field extractions and want a way to confirm... by Alan_Bradley Path Finder in Splunk Search 03-18-2020 2 10	2	10
Splunk query for getting the hosts that are not reporting but with a condition mentioned below? Hi All, I want to build a splunk query which will give us the host details, last_time_stamp, number_of_days_aged not... by abhi04 Communicator in Splunk Search 03-18-2020 0 0	0	0
How can I fix my field extraction? Hello I have a structured data source that puts out data in a table with headers and a footer row with a total. I go... by tkw03 Communicator in Splunk Search 03-18-2020 0 2	0	2
Search to identify the most volatile values in a field Hello Splunkers! I have the following fields being populated by 1000s of values every 1 minute: Name Cost E.g. Luk... by luke222010 Engager in Splunk Search 03-18-2020 0 2	0	2
help on tstats command hello I use the stats command below in order to count the number of index on which an host collect events \| stats dc... by jip31 Motivator in Splunk Search 03-18-2020 0 2	0	2