Splunk Search

Community Activity

Difference between 2 dates based on another field in years and days I have a sample data as below Assigned Analyst Assigned Date John ... by khojas02 Engager in Splunk Search 03-17-2020 0 8	0	8
What is the equivalent of excel's vlookup in Splunk? i'm trying to join these 2 tables. table 1 : index ="A" sourcetype = A WITH fields deviceName, physicalElementId, ph... by jonglim New Member in Splunk Search 03-17-2020 0 5	0	5
Radial gauge and max value Hi I have a dataset that isn't entirely clean so I first do some trim to get rid of a trailing comma (,). That didn't... by uthornander_spl Splunk Employee in Splunk Search 03-17-2020 0 3	0	3
Need help with below Query I am running below Query \| makeresults\| eval data="Brand1,File1,123;Brand1,File2,456;Brand2,File1,789;Brand2,File2,1... by nilbak1 Communicator in Splunk Search 03-16-2020 0 4	0	4
Splunk Query of Date and Time condition Hi, I am working on a splunk query to pull the records from daily basis depends on timinging. For example 30m and 6... by splunk_venkat New Member in Splunk Search 03-16-2020 0 0	0	0
SPL Help for below scenerio search 1...\|table src_ip search 2: tag=authentication user!=*$ src_ip=xx.xx.xx.xx \| head 1 \| table user src_ip ... by vikram1583 Explorer in Splunk Search 03-16-2020 0 2	0	2
Convert Number of days into years Hello Everyone!! I have a sample data as below Analyst Span A ... by khojas02 Engager in Splunk Search 03-16-2020 0 1	0	1
What would you say is a normal amount of threads for a a Splunk Universal forwarder to have? All, Member of our management team is concerned about a Splunk Forwarder with a number of processes and threads. Cu... by daniel333 Builder in Splunk Search 03-16-2020 0 1	0	1
Allowing More Fields to be Shown in a Search Quick background: I'm looking for SSO logins by users that have authenticated via NTLM. Issue: I copied a snippet... by itsmevic Communicator in Splunk Search 03-16-2020 0 1	0	1
Duplicates events in search Hi all, I am finding duplicate events during search operation. I am bit confused on where the issue is lies and how ... by shivanandbm Explorer in Splunk Search 03-16-2020 0 7	0	7
Calculate the average of some field per some time period per some other field(s) Query index::dlp \| bucket _time span=1d \| stats count(EVENT_DESCRIPTION) AS "Count" BY _time,User_Name,EV... by frbuser Path Finder in Splunk Search 03-16-2020 0 1	0	1
drop null value I have below query index=f5 partition="/Common/-" \| rex "Username\s+'(?(.*))'" \| eval Username=coalesce(Usernam... by riqbal47010 Path Finder in Splunk Search 03-16-2020 0 6	0	6
Change maxresulttows for outputlookup? When running an inline search the results limit is high as we have in limits.conf the following. [searchresults] max... by ddrillic Ultra Champion in Splunk Search 03-16-2020 2 5	2	5
Help with RegEx - Select only XML nodes that contain values Hello Everyone, I'm trying to put together a regex statement that will allow me to select only the XML nodes that co... by adcon82 Explorer in Splunk Search 03-16-2020 0 9	0	9
Add a column with count stats in addition to an existing column with avarage stats I have a json file with some information regarding soa requests. Basically info such as callee, caller, start and end... by piefragnisp Explorer in Splunk Search 03-16-2020 0 4	0	4
how to set null value ? If the field value is null, the value is null, and if it is not controlled, it is still the original value I want to... by WXY Path Finder in Splunk Search 03-16-2020 0 2	0	2
Same report but different lookup file Hi all, is there a way to pass to a report the filename of a csv as variable, to use it as lookup file ? Example: ... by fabrizioalleva Path Finder in Splunk Search 03-16-2020 0 2	0	2
How to filter number from text with regular expression Hi, I have two types of messages, I would like to receive the numbers from these logs : 2020-03-16 15:12:15,304 ... by dabroma5 Explorer in Splunk Search 03-16-2020 0 2	0	2
Matching data across columns Hi, I'm trying to work out how I can display values from a column based on a unique number appearing in another colum... by robwx New Member in Splunk Search 03-16-2020 0 2	0	2
How to convert date differences to seconds Hi all, I have a lookup like this. caseid date a 19-01-01 15:54:43.934000000 b 19-01-... by pipipipi Path Finder in Splunk Search 03-16-2020 0 10	0	10
Search NOT Inputlookup match on 2 columns In a normal search I can do the following: index=foo sourcetype=csv field1!="blah" AND field2!="hah" How would I tran... by willadams Contributor in Splunk Search 03-16-2020 0 3	0	3
Detect abnormal failure event based on machine learning? Hello, I'd like to build a search that will trigger a spike on my authentication agent failure events but I do not wa... by sassens1 Path Finder in Splunk Search 03-15-2020 0 5	0	5
Get windows Local login logs using WMI Dear , I have cluster setup and we need to collect local logging logs from work station using WMI without install UF... by khalidewaidah Explorer in Splunk Search 03-15-2020 0 3	0	3
I am running an import script for an interval of 5 mins to collect data from all sourcetypes and put it into a summary index. I have a situation where in the span of 10 mins there could be a possibility that we didn't get any data from one of ... by Gunjan92 Engager in Splunk Search 03-15-2020 1 2	1	2
command map not working Hi everyone Someone who has used the map command who can help me, I am trying to bind the username of the 12 hours be... by jrodriguezap Contributor in Splunk Search 03-15-2020 0 2	0	2