Splunk Search

Community Activity

distinct_count (dc) threshold I'm trying to eliminate results below a threshold with dc and it's not working. I only want to show versions that hav... by yannquique New Member in Splunk Search 03-03-2020 0 5	0	5
How to list servers sending logs to Splunk along with source & sourcetype details Hi, I need to list all the Source Server Details (Hosname and IP Address) including log paths & Log File names whic... by splunkwar Explorer in Splunk Search 03-03-2020 0 7	0	7
need rex help in my event i want to extract TLD's i want to extract: com news tech net org please help me with rex? thanks in a... by vikram1583 Explorer in Splunk Search 03-03-2020 0 9	0	9
Parse Nested JSON Array into Splunk Table I have the below JSON event with nested array in splunk -: { "items": [ { "parts": ... by kripzadamas Engager in Splunk Search 03-03-2020 0 9	0	9
How to convert ASCII characters to their Hex values? There are plenty of answers to the question of how to convert Hex into ASCII using a combination of rex/replace and u... by datorres Explorer in Splunk Search 03-02-2020 0 1	0	1
Pull Different Fields from another Sourcetype I'm having to search across two indexes and am looking for a particular string of text, called "sampletext" Example:... by itsmevic Communicator in Splunk Search 03-02-2020 0 6	0	6
Help getting multiple columns from a chart I've spent the last week trying to figure out the answer to this myself in the documentation and in the questions. I'... by p_b New Member in Splunk Search 03-02-2020 0 2	0	2
Show a particular column as the last column always i have a table as below. one two three four total five six i want the "total" column to be shown at the end always,... by jiaqya Builder in Splunk Search 03-02-2020 0 3	0	3
How to create a search showing data starting on a Saturday up to current day I have a customer that needs to have a dashboard showing a start date of Saturday and ending on the current workday. ... by SteveBowser Explorer in Splunk Search 03-02-2020 0 3	0	3
文字コードの設定に関して日本語（UTF-8)と数字や日付情報が入り混じった情報を読み込んでいます。読み込みのChar-setは、AUTOを指定にしています。読み込んだ結果を見ると問題なく、日本語が見えるのですが、何らかの検索をすると途端に表示が別の文字... by tonakano Engager in Splunk Search 03-02-2020 0 3	0	3
Make a dashboard visual from calculated field Splunk n00b here with a question. I have a query I would like to display on a bar graph dashboard visual. Here is th... by hollybross1219 Path Finder in Splunk Search 03-02-2020 0 3	0	3
Distinct results with multiple fields & multiple queries? Hi all, I've been struggling with a good query for this for a few days. Basically I'm trying to track users that dro... by mrhodes93 Explorer in Splunk Search 03-02-2020 0 4	0	4
Endpoint protection options that are Splunk friendly? All, We're reselecting our endpoint protection for Windows Servers and Workstation. I'd like to start with solution... by daniel333 Builder in Splunk Search 03-02-2020 0 1	0	1
can some one help me in fixing this? how might i incorporate regex into a like eval element in a search like this. This syntax does not work \| eval prod... by vikram1583 Explorer in Splunk Search 03-02-2020 0 2	0	2
How to generate the alerts on specific condition Hi All, I am new to Splunk.. Here is my requirement.. I have pass log directory to forwarder. Now i want to read the... by sachindarade New Member in Splunk Search 03-02-2020 0 3	0	3
Create alert for multiple server login search I need an alert that notifies me when the SAME Account_Name logs into 2 specific hosts within the same 30 minute wind... by emasiello New Member in Splunk Search 03-02-2020 0 5	0	5
Field in Lookup Table with Multiple Values In one of the columns of my lookup table, host, some values have two hosts rather than just one. For example, my tab... by alan20854 Path Finder in Splunk Search 03-02-2020 0 10	0	10
return: eval filename=strftime(now(), with yesterdays count (as fileinformation) hello, looking for some help. I am running a search, daily.... but the logs in the source get updated late by the a... by knitz Explorer in Splunk Search 03-02-2020 0 1	0	1
Can not create savedsearch from a search containing sql query inside with dbxquery how can i use a search(ex:abc) as savedsearch when search abc contains sql query inside it? by harry2007gsp Path Finder in Splunk Search 03-02-2020 1 7	1	7
query help `myquery` \| table Site Device Interface metric_name * returns values like this : Site Device Interface metric... by surekhasplunk Communicator in Splunk Search 03-01-2020 0 2	0	2
Send events via log4j raw messages I have an existing app that writes log4j messages as CSV lines using a File appender, and then use the Splunk UF to f... by bowesmana SplunkTrust in Splunk Search 03-01-2020 0 5	0	5
How to globally replace a value in any of the fields. i have a output where i have 0 in random columns. i would like these 0's to be replaced with any text for reporting..... by jiaqya Builder in Splunk Search 03-01-2020 0 6	0	6
help on a complex timechart hi I use the search below in order to display a timechart which count the number of host which are in a cpu range co... by jip31 Motivator in Splunk Search 03-01-2020 0 4	0	4
Data loss after shutdown Splunk Hi, I used "Add Data: Files and Directories" function to add a 200MB csv file from my hard drive into Splunk Enterpri... by dominhthe110 Explorer in Splunk Search 03-01-2020 0 9	0	9
"Account Settings" is accessible without Search app access A user with role which does not have read to "Search" app could not access "Account Settings" to change his password.... by bhupalbobbadi Path Finder in Splunk Search 03-01-2020 0 1	0	1