Splunk Search

Community Activity

Splunk returns zero results using REST API I'm trying to search a query and retrieve the results through REST API, and it returns zero results. Below queries, i... by kvmadan Explorer in Splunk Search 02-11-2020 0 1	0	1
Unable to retrieve data from Splunk Hi, In our environment Nagios and Splunk are integrated. We configured an alert in Nagios monitoring tool which f... by pratapa Explorer in Splunk Search 02-11-2020 0 2	0	2
Does Splunk have the ability to sort by month-year? I have data that looks like Jan-19 and I want to sort by it. Except I can't, because strptime("Jan-19","%b-%y") does ... by nick405060 Motivator in Splunk Search 02-11-2020 0 1	0	1
Relative reference to columns There's something I'm just not getting today... I've got a chart command that generates results from a series of sea... by aaron_sakovich Path Finder in Splunk Search 02-11-2020 0 2	0	2
Is there a way to get a True or False match on source IP with Tor exit node list in a timechart? I would like to know if there is a way to get true/false match on source IP to see tor sourced traffic over time in a... by kwhatcher New Member in Splunk Search 02-11-2020 0 3	0	3
How to search from last occurrence of a string Hello Experts, I am trying to read the text from the last square bracket (which is TestModelCompany,en_US) 21:11:31... by benuantony New Member in Splunk Search 02-11-2020 0 10	0	10
How to count for all columns in table based on condition in Splunk Hi, We have nearly 50 columns and we want to extract the count for each column based on condition and represent in b... by Gayathri95 New Member in Splunk Search 02-11-2020 0 19	0	19
We see this error message "Search peer USADC-xxxxx has the following message: Too many streaming errors to target=xx.xx.xxx:8080. We have four indexer and replication factor is 2.replication port is on all indexer is 8080 and is enabled on all ser... by shivanandbm Explorer in Splunk Search 02-11-2020 0 2	0	2
Converting extracted information to 12 hour AM/PM format Hello, I am extract information from logs via rex, and I am currently extra information in military time format. (i.... by harshparikhxlrd Path Finder in Splunk Search 02-11-2020 0 3	0	3
IP Watchlist Lookup Hello, I currently have a search against our firewalls, below is the current search. index=(my index) sourcetype="m... by nlisle New Member in Splunk Search 02-11-2020 0 4	0	4
How to group a multi-regex event to form a single event until you find the date only at the beginning of the interaction Hi, I have the following log format, How can I break this multiline event on condition that "2020-01-23 03:50:49,06... by leandromatperei Path Finder in Splunk Search 02-11-2020 0 1	0	1
Extract field values by eliminating random strings I have field values as below , field1=value1 filed2=server1 field1=service/value2/a1 field2=server2... by Allampally Path Finder in Splunk Search 02-11-2020 0 1	0	1
Using result fields for earliest/latest time in secondary search I have an existing search that finds fields named "RunDate" "StartTime" "EndTime" stored as part of test run summarie... by lukepatrick Explorer in Splunk Search 02-11-2020 0 4	0	4
Is there a way to enable event sampling in a search? Is there any way to enable event sampling in a search? I know this can be enabled in a GUI using dropdown list under ... by jankowsr Path Finder in Splunk Search 02-11-2020 1 4	1	4
help on coloring a threshold number with a unit value hi I use a search wich add a unit value at the end of the result (GB) \| eval FreeSpace=FreeSpace." GB", TotalSpace=... by jip31 Motivator in Splunk Search 02-11-2020 0 4	0	4
Splunk Integration with Power BI Hi, I'm looking at possibly integrating certain of my Splunk dashboards with Power Bi hopefully using a REST API. ... by harrywren86 Observer in Splunk Search 02-11-2020 0 0	0	0
Splunk Get Earliest Data by Index and Sourcetype Hi All, Is it possible to get the Earliest available date of index and source type . I tried "Tstats" and "Metadata"... by jadengoho Builder in Splunk Search 02-11-2020 0 3	0	3
LIcense Usage by Source Type Can someone help me include sourcetype to my search below? I am trying to run a report for the past 60 days and need ... by fmpa_isaac Path Finder in Splunk Search 02-10-2020 0 6	0	6
Need help with rex command Hello I'm trying to run a rex command to extract "is set to expire" Relying party trust 'ButterCup Games - Test' xx... by locose Path Finder in Splunk Search 02-10-2020 0 2	0	2
nslookup TXT queries with Splunk I am trying to see if its possible to run nslookup -q=TXT domain 8.8.8.8 so i can compare the results of the output t... by urana Engager in Splunk Search 02-10-2020 0 3	0	3
Splunk Regex Engine Fails? We're trying to extract fields that match this [ FIELD_NAME = S0m3 Valu3 w\ reaLLy $pec!aL ch*rac+3rs ] and write th... by morethanyell Builder in Splunk Search 02-10-2020 0 9	0	9
time-based lookups and kvstore Hello all, We are having some problems defining a time-based kvstore lookup on Splunk 6.2.0. We tried defining a sim... by joaopcarvalho Explorer in Splunk Search 02-10-2020 0 17	0	17
kvstore lookups from database. Hi Please give me any feedback . ideas as to whether I am following the best action. I have a database table that is... by dmcintosh1972 Explorer in Splunk Search 02-10-2020 0 1	0	1
How to incorporate tag in the if-then-else Splunk construct Hello, I created SPL search, that should pull out the log entries, based on the if-then-else condition, but it does n... by chersergei New Member in Splunk Search 02-10-2020 0 3	0	3
Knowledge Objects for Orphaned searches I have a couple orphaned searches owned by a user who is no longer with the company ( his user id was deleted ) . Im ... by newsplunker1 Path Finder in Splunk Search 02-10-2020 0 2	0	2