Splunk Search

Community Activity

URLDECODE I would like to know how can I use the urldecorder command for all URLs in the reqHdr.referer field (Akamai) index=a... by erlindemberg Explorer in Splunk Search 01-24-2020 0 11	0	11
Append Search Performance Slow Hi, I'm trying to create a search that returns certain hosts that are NOT found returning data. I know I can do this ... by chrisboy68 Contributor in Splunk Search 01-24-2020 1 2	1	2
How to pass Appname in query ? Hi, can appname be passed in the query ? I have 2 different app names in splunk and need to pass them in queries App... by msrama5 Explorer in Splunk Search 01-24-2020 0 2	0	2
What's the difference between using "By" and having another field in top command? Don't have a specific example, but would like to understand for my education. For example, I don't understand what C... by hollybross1219 Path Finder in Splunk Search 01-24-2020 0 3	0	3
How to compare list of hosts? I have a large amount of hostnames and IP's (approx. 1850) I need to validate are sending logs to Splunk. I do not be... by vlape_SCWX New Member in Splunk Search 01-24-2020 0 6	0	6
Subsearch or ‘let stats sort it out’? Hey folks. Help! I have two indexes. Index 1 - Contains an authoritative list of AWSconfig accounts it.index 2 - C... by RocIngersol Explorer in Splunk Search 01-24-2020 0 5	0	5
Is there a reference for the syntax of configuration files? The pages in [this section][1] give some pointers about what syntax is allowed, but I cannot find a full reference. I... by nohyei6v Explorer in Splunk Search 01-24-2020 0 2	0	2
append command is not working Hi All, Updated I have 70,535 records in first query and 201776 from second query. when i am append these two searc... by harishalipaka Motivator in Splunk Search 01-24-2020 0 4	0	4
コマンド制限について「sort 0」や「join max=0」などコマンドに件数制限がかかっているケースが見受けられれます。上記は制限解除のオプションは用意されていますが、制限を解除することでの影響はあるのでしょうか。制限以上件数に見合う速度や負荷以... by nishida_tada_ca Loves-to-Learn Lots in Splunk Search 01-24-2020 0 1	0	1
Setting earliest and latest. I want to search data from "earliest" to "earliest" + 5 minutes later. How should I implement it ? I tried the fol... by shikata74 New Member in Splunk Search 01-24-2020 0 13	0	13
How to trigger alert only when the result is changed? I want to trigger an alert only when the results are changed. The frequency of my alert is 15 mins, So the next Alert... by keskash Loves-to-Learn in Splunk Search 01-24-2020 0 1	0	1
help on where command which is malformed hi I have an issue in the where command below (The expression is malformed) What is the problem please?? \| eval PRO... by jip31 Motivator in Splunk Search 01-23-2020 0 1	0	1
Show a message even when no events are returned using Sttats with by clause Hi All, I have situation where I want to show a message instead of empty cell. I am using below query to get some d... by rkmaggidi New Member in Splunk Search 01-23-2020 0 2	0	2
Calculate the difference between two time fields within a single event I have two time fields in a single event that I need to calculate the difference between and then display said differ... by migquinn Engager in Splunk Search 01-23-2020 0 2	0	2
How do I get a distinct value count from two fields? I have two different fields (DB_INSTANCE_NAME & INSTANCE_NAME ) in two source types. These fields contain a similar v... by twh1 Communicator in Splunk Search 01-23-2020 0 2	0	2
How to achieve distinct count across multiple fields? How to get a distinct count across two different fields. I have webserver request logs containing browser family and ... by robert2138 Engager in Splunk Search 01-23-2020 2 5	2	5
How to translate SID to Username via the Lookup Table? I have a lookup file which contains various fields, including the username and corresponding SID (pulled from AD). I... by Kendo213 Communicator in Splunk Search 01-23-2020 0 2	0	2
How to regex up to a specific word? How can I create a regex query up to a Specific word? For example, the specific word below is "Index". Example data: ... by limalbert Path Finder in Splunk Search 01-23-2020 0 1	0	1
Case Statement Issue I'm Having issues with my case statement. index=sti_123 source=rss_servers active = "1" status = "Being Commissione... by Bbyers3 New Member in Splunk Search 01-23-2020 0 3	0	3
SPL: Searching the Network Traffic for anything that is not (!=) United States Hello fellow Splunkers ( : Does anyone have some SPL laying around that shows network traffic that is NOT United St... by itsmevic Communicator in Splunk Search 01-23-2020 0 2	0	2
Grouping similar results (URL) I am trying to pull list of different URLs from a splunk query. The data is like below. Sample data: 1. Need to gro... by ashwinkhai Engager in Splunk Search 01-23-2020 0 3	0	3
Unable to resolve host I am trying to send logcat logs to Splunk mint. I added this code Mint.initAndStartSession(this.getApplication(), "5... by mansimarkaur New Member in Splunk Search 01-23-2020 0 0	0	0
Table not sorted by time even after specifying the sort, what am I missing? I have a search results I want to show in a table. I noticed that the events were not sorted by time so I added the s... by leekeener Path Finder in Splunk Search 01-23-2020 0 8	0	8
How to fetch top 5 rows based on a value in table index= aab sourcetype=topconnections earliest=-10m latest=-5m \| table SESSION_AUTH_ID , CONNECTION_COUNT \| addcoltota... by ashanka Explorer in Splunk Search 01-23-2020 0 4	0	4
Splunk Stream Case Insensitive Extraction Doing an extraction in Splunk Stream and get an error when trying to use (?i) in my regex: (?i)x-forwarded-for([:\s]... by tjago11 Communicator in Splunk Search 01-23-2020 0 2	0	2