Splunk Search

Community Activity

Time Chart and DBXquery I am new to splunk. I have a DB connection from where I am fetching a table. I want to create a dashboard for with x-... by shubhamkanugo New Member in Splunk Search 02-24-2020 0 9	0	9
error on tag and dedup in search Hi all, I have a weird error on my splunk instance 7.3.0. I created a tag called application_web, if I try to use th... by asabatini85 Path Finder in Splunk Search 02-24-2020 0 6	0	6
Need to get the help about the substraction. Hi, status count ERROR 9346 PROCESSED 148066 PROCESSING 149571 I want to do the subtr... by kredrm New Member in Splunk Search 02-24-2020 0 3	0	3
Using a lookup table to fill multiple subsearches to show hierarchy of user data I have a lookup table that shows all the next-level managers of a particular manager as UserManager UserManagerx1 Use... by cblanton Communicator in Splunk Search 02-23-2020 1 14	1	14
How to extract fields from my string logs I have something like below logged in as a message. How can i replace "This is my logfile ** ->" with empty and then... by kotig Path Finder in Splunk Search 02-23-2020 0 6	0	6
How to find out the record which has unique value I have records have 2 fields: phone number result 1111 success 2222 success 2222... by jianyu75074 New Member in Splunk Search 02-23-2020 0 3	0	3
Help With Extractions Involving Microsoft AV Hashes Inconsistency with file names coming from Microsoft AV hashes is causing alerts to populate null results when firing ... by dfurtaw Path Finder in Splunk Search 02-23-2020 0 5	0	5
Blacklist WinEventLog::/Security with user names ending in $ I'm trying to get a blacklisted log entry that works on Universal Forwarders to filter out specific event codes with ... by ericrenfro New Member in Splunk Search 02-23-2020 0 1	0	1
How to use regex and format strings for an XML sample without using KV_MODE=XML? Hi, I want to use REGEX and FORMAT strings for an xml sample as given without using KV_MODE=xml So i am trying to us... by gaurav_ramteke Explorer in Splunk Search 02-22-2020 0 14	0	14
Question on no data in index "no results found" I have 2 situations to address.. 1. if no data in index for timeframe , create a blank row with "no data" and come ou... by jiaqya Builder in Splunk Search 02-22-2020 0 3	0	3
Detect most delay transactions How can I find most delay transactions? Here is the log file like below, I want to find which transaction delay and s... by indeed_2000 Motivator in Splunk Search 02-22-2020 0 12	0	12
Last 3 occurrence not like So my below query gives the result of Rejection % but I need to also filter this one step more where it should not sh... by praddasg Path Finder in Splunk Search 02-22-2020 0 15	0	15
pick the last value in an array? (Apologies in advance since I am not even sure what question to ask and how to ask it. I'll rewrite it once I get a b... by mitag Contributor in Splunk Search 02-21-2020 0 4	0	4
I am trying to use regular expression to remove the keyword %5C from my extracted filed The below is the text we are capturing Filename= &Filename=C%3A%5CUsers%5Cjbaile16%5CAppData%5CRoaming%5CDocumentum%5... by 1200125 Engager in Splunk Search 02-21-2020 0 3	0	3
Table with with a column that contains positive and negative values. I want to sum the total of all values and have the results as a Total, but it ignores the negative values. What am I doing wrong? \| table Account "Estimated Gain_Loss" \| addcoltotals labelfield="Account" label="Totals" \| sort -"Estimated Gain_Los... by ihaveasplunkacc Loves-to-Learn Lots in Splunk Search 02-21-2020 0 3	0	3
Calling an eval-macro Hi All, I can't put an eval before my search syntax so I am trying to use an eval-Macro called "FriendlyEval" However... by ignacm01 New Member in Splunk Search 02-21-2020 0 2	0	2
How to combine two indexes with Stats? Following a super helpful thread here https://answers.splunk.com/answers/129424/how-to-compare-fields-over-multiple-s... by mattfunk20 Explorer in Splunk Search 02-21-2020 0 2	0	2
help on complex bar chart hi With the xml below, i display a complex bar chart that you can see in the screenshot I would like to modify 3 thin... by jip31 Motivator in Splunk Search 02-21-2020 0 7	0	7
Why is the subsearch excluding inputlookup results? Good morning, Hope someone can help me out here. I am trying to get a list of IPs where hits are > 100, but I want t... by swengroeneveld Explorer in Splunk Search 02-21-2020 0 4	0	4
Adding a Time Range (Extending to the Future) and Use it in a Timechart Hi everyone, We have logs that contain field named "var" with num data type, the value of this field changes throug... by jameldebbiche Engager in Splunk Search 02-21-2020 0 6	0	6
Is there a sub search limit in a single search? The subject states the question.... is there a limit on how many sub search I can use within a single query. While d... by cresposh Explorer in Splunk Search 02-21-2020 0 1	0	1
Searching for exact string match Hi , I have logs like this a) 04:55:21.8630 Info {"message":"16 A Process completed, notification displayed" b)04:... by rgjnnc New Member in Splunk Search 02-21-2020 0 5	0	5
Basic commands with SPL Hi @all, I'm a little bit helpless at the beginning of SPLUNK. I tried to do simple queries like: Request statusc... by 123michi19 Explorer in Splunk Search 02-20-2020 0 3	0	3
Splunkのタイムピッカーで日付範囲を指定する方法(バージョン違い) バージョン7.1.4のSplunkでタイムピッカーで日付範囲を指定した場合以下の図のように、yyyy/mm/dd 00:00:00となりますが、 yyyy/mm/dd 24:00:00で選択することは可能でしょうか。バージョン... by muto123 New Member in Splunk Search 02-20-2020 0 0	0	0
Set dark mode as the default for an app? All, I am creating an app and was hoping to set the default to dark mode, is there a simple XML or conf file I shou... by daniel333 Builder in Splunk Search 02-20-2020 0 0	0	0