Splunk Search

Community Activity

Make a dashboard visual from calculated field Splunk n00b here with a question. I have a query I would like to display on a bar graph dashboard visual. Here is th... by hollybross1219 Path Finder in Splunk Search 03-02-2020 0 3	0	3
Distinct results with multiple fields & multiple queries? Hi all, I've been struggling with a good query for this for a few days. Basically I'm trying to track users that dro... by mrhodes93 Explorer in Splunk Search 03-02-2020 0 4	0	4
Endpoint protection options that are Splunk friendly? All, We're reselecting our endpoint protection for Windows Servers and Workstation. I'd like to start with solution... by daniel333 Builder in Splunk Search 03-02-2020 0 1	0	1
can some one help me in fixing this? how might i incorporate regex into a like eval element in a search like this. This syntax does not work \| eval prod... by vikram1583 Explorer in Splunk Search 03-02-2020 0 2	0	2
How to generate the alerts on specific condition Hi All, I am new to Splunk.. Here is my requirement.. I have pass log directory to forwarder. Now i want to read the... by sachindarade New Member in Splunk Search 03-02-2020 0 3	0	3
Create alert for multiple server login search I need an alert that notifies me when the SAME Account_Name logs into 2 specific hosts within the same 30 minute wind... by emasiello New Member in Splunk Search 03-02-2020 0 5	0	5
Field in Lookup Table with Multiple Values In one of the columns of my lookup table, host, some values have two hosts rather than just one. For example, my tab... by alan20854 Path Finder in Splunk Search 03-02-2020 0 10	0	10
return: eval filename=strftime(now(), with yesterdays count (as fileinformation) hello, looking for some help. I am running a search, daily.... but the logs in the source get updated late by the a... by knitz Explorer in Splunk Search 03-02-2020 0 1	0	1
Can not create savedsearch from a search containing sql query inside with dbxquery how can i use a search(ex:abc) as savedsearch when search abc contains sql query inside it? by harry2007gsp Path Finder in Splunk Search 03-02-2020 1 7	1	7
query help `myquery` \| table Site Device Interface metric_name * returns values like this : Site Device Interface metric... by surekhasplunk Communicator in Splunk Search 03-01-2020 0 2	0	2
Send events via log4j raw messages I have an existing app that writes log4j messages as CSV lines using a File appender, and then use the Splunk UF to f... by bowesmana SplunkTrust in Splunk Search 03-01-2020 0 5	0	5
How to globally replace a value in any of the fields. i have a output where i have 0 in random columns. i would like these 0's to be replaced with any text for reporting..... by jiaqya Builder in Splunk Search 03-01-2020 0 6	0	6
help on a complex timechart hi I use the search below in order to display a timechart which count the number of host which are in a cpu range co... by jip31 Motivator in Splunk Search 03-01-2020 0 4	0	4
Data loss after shutdown Splunk Hi, I used "Add Data: Files and Directories" function to add a 200MB csv file from my hard drive into Splunk Enterpri... by dominhthe110 Explorer in Splunk Search 03-01-2020 0 9	0	9
"Account Settings" is accessible without Search app access A user with role which does not have read to "Search" app could not access "Account Settings" to change his password.... by bhupalbobbadi Path Finder in Splunk Search 03-01-2020 0 1	0	1
Alert to detect email spoofing - Sender address and reply to address different Morning Splunk Gurus's, I wonder if you can solve a question I have? If an email is sent to you and the senders emai... by DDewarSplunk New Member in Splunk Search 03-01-2020 0 3	0	3
Can Monitor files and directories and HTTP Event Collector use the same name of source data type My application wants to sent dat to SPLUNK via Monitor files and directories and meantime via HTTP Event Collector. ... by cdp_fap Observer in Splunk Search 03-01-2020 0 1	0	1
How do I create splunk query to get the total percentage of the two results I'm new to splunk and need further guidance to be able to accomplish my dashboard for Pi-Hole: Could some expert gui... by rodrigrc Explorer in Splunk Search 02-29-2020 0 3	0	3
How to Use Eval to add 2 Field Values Search -- \|source1 \| stats count(source1.field1) by (source1.field2) \| sort 0 source1.field2 Search Output sour... by promukh Path Finder in Splunk Search 02-29-2020 0 4	0	4
How to combine 2 stats count O/P to be displayed in one for use in Overlay Chart search query 1 \| stats count by source1.field1 \| where blah ==blah \| rename field1 as "Y-098" Y-098 \|\| Count 1.Ins... by promukh Path Finder in Splunk Search 02-29-2020 0 2	0	2
Sending Logs to splunk from logstash Hi i am trying to send logs to splunk with HEC using logstash, but configuration is not working. A curl from the ser... by ragmenion New Member in Splunk Search 02-29-2020 0 1	0	1
List all created users with their roles. Hi, I would like to see roles of created users not roles of user which created account, is there a way to to this? ... by omateusz New Member in Splunk Search 02-29-2020 0 2	0	2
Using dedup in multi-month query I'm trying to create a timechart showing the count of events over 6 months. The query is index=itemdb `macrotest` (... by wu_weidong Path Finder in Splunk Search 02-28-2020 0 1	0	1
List, Raw and Table log format selection not appearing After I run my query, I am unable to see the logs it pulls under events. I can't see them using the raw, list or tab... by itsmevic Communicator in Splunk Search 02-28-2020 0 2	0	2
Using value in lookup as source in search Hello, I am new to Splunk so apologies if this question seems overly simple. Currently I have a search where in the... by eoghanmcd Engager in Splunk Search 02-28-2020 0 1	0	1