Splunk Search

Community Activity

Convert Number of days into years Hello Everyone!! I have a sample data as below Analyst Span A ... by khojas02 Engager in Splunk Search 03-16-2020 0 1	0	1
What would you say is a normal amount of threads for a a Splunk Universal forwarder to have? All, Member of our management team is concerned about a Splunk Forwarder with a number of processes and threads. Cu... by daniel333 Builder in Splunk Search 03-16-2020 0 1	0	1
Allowing More Fields to be Shown in a Search Quick background: I'm looking for SSO logins by users that have authenticated via NTLM. Issue: I copied a snippet... by itsmevic Communicator in Splunk Search 03-16-2020 0 1	0	1
Duplicates events in search Hi all, I am finding duplicate events during search operation. I am bit confused on where the issue is lies and how ... by shivanandbm Explorer in Splunk Search 03-16-2020 0 7	0	7
Calculate the average of some field per some time period per some other field(s) Query index::dlp \| bucket _time span=1d \| stats count(EVENT_DESCRIPTION) AS "Count" BY _time,User_Name,EV... by frbuser Path Finder in Splunk Search 03-16-2020 0 1	0	1
drop null value I have below query index=f5 partition="/Common/-" \| rex "Username\s+'(?(.*))'" \| eval Username=coalesce(Usernam... by riqbal47010 Path Finder in Splunk Search 03-16-2020 0 6	0	6
Change maxresulttows for outputlookup? When running an inline search the results limit is high as we have in limits.conf the following. [searchresults] max... by ddrillic Ultra Champion in Splunk Search 03-16-2020 2 5	2	5
Help with RegEx - Select only XML nodes that contain values Hello Everyone, I'm trying to put together a regex statement that will allow me to select only the XML nodes that co... by adcon82 Explorer in Splunk Search 03-16-2020 0 9	0	9
Add a column with count stats in addition to an existing column with avarage stats I have a json file with some information regarding soa requests. Basically info such as callee, caller, start and end... by piefragnisp Explorer in Splunk Search 03-16-2020 0 4	0	4
how to set null value ? If the field value is null, the value is null, and if it is not controlled, it is still the original value I want to... by WXY Path Finder in Splunk Search 03-16-2020 0 2	0	2
Same report but different lookup file Hi all, is there a way to pass to a report the filename of a csv as variable, to use it as lookup file ? Example: ... by fabrizioalleva Path Finder in Splunk Search 03-16-2020 0 2	0	2
How to filter number from text with regular expression Hi, I have two types of messages, I would like to receive the numbers from these logs : 2020-03-16 15:12:15,304 ... by dabroma5 Explorer in Splunk Search 03-16-2020 0 2	0	2
Matching data across columns Hi, I'm trying to work out how I can display values from a column based on a unique number appearing in another colum... by robwx New Member in Splunk Search 03-16-2020 0 2	0	2
How to convert date differences to seconds Hi all, I have a lookup like this. caseid date a 19-01-01 15:54:43.934000000 b 19-01-... by pipipipi Path Finder in Splunk Search 03-16-2020 0 10	0	10
Search NOT Inputlookup match on 2 columns In a normal search I can do the following: index=foo sourcetype=csv field1!="blah" AND field2!="hah" How would I tran... by willadams Contributor in Splunk Search 03-16-2020 0 3	0	3
Detect abnormal failure event based on machine learning? Hello, I'd like to build a search that will trigger a spike on my authentication agent failure events but I do not wa... by sassens1 Path Finder in Splunk Search 03-15-2020 0 5	0	5
Get windows Local login logs using WMI Dear , I have cluster setup and we need to collect local logging logs from work station using WMI without install UF... by khalidewaidah Explorer in Splunk Search 03-15-2020 0 3	0	3
I am running an import script for an interval of 5 mins to collect data from all sourcetypes and put it into a summary index. I have a situation where in the span of 10 mins there could be a possibility that we didn't get any data from one of ... by Gunjan92 Engager in Splunk Search 03-15-2020 1 2	1	2
command map not working Hi everyone Someone who has used the map command who can help me, I am trying to bind the username of the 12 hours be... by jrodriguezap Contributor in Splunk Search 03-15-2020 0 2	0	2
Count Dashboard for each ip based on traffic count Hi All, I am trying to build the query to get the website hits for each IP, there are 16 servers ip and wanted to ge... by ajay_semwal New Member in Splunk Search 03-15-2020 0 1	0	1
geostats name and status plot Hi every one. I want to show device names and their status (connected / disconnected) on the map. The color of point... by zinaalbaik New Member in Splunk Search 03-15-2020 0 1	0	1
Back-computation using table contents I have categories.csv that contains list of sub-categories in each category Category,Sub_category Biology,Botany Bio... by vigneshtv Explorer in Splunk Search 03-14-2020 0 5	0	5
Use the output of search A to refine results in search B I have 2 searches. Search A produces a table output of "UserIP" Search B produces a table output of "FailedDestina... by vmeleco New Member in Splunk Search 03-14-2020 0 7	0	7
Run Splunk query through excel I am new to Splunk and still learning.. I have more than 100 queries to run when asked during a daily activity and i... by splunk_learner_ New Member in Splunk Search 03-14-2020 0 3	0	3
Query not displaying any events User complained that following query is not displaying any events. index=main sourcetype=wms_oracle_sessions \| bucke... by pratapa Explorer in Splunk Search 03-14-2020 0 6	0	6