Splunk Search

Community Activity

Show a message even when no events are returned using Sttats with by clause Hi All, I have situation where I want to show a message instead of empty cell. I am using below query to get some d... by rkmaggidi New Member in Splunk Search 01-23-2020 0 2	0	2
Calculate the difference between two time fields within a single event I have two time fields in a single event that I need to calculate the difference between and then display said differ... by migquinn Engager in Splunk Search 01-23-2020 0 2	0	2
How do I get a distinct value count from two fields? I have two different fields (DB_INSTANCE_NAME & INSTANCE_NAME ) in two source types. These fields contain a similar v... by twh1 Communicator in Splunk Search 01-23-2020 0 2	0	2
How to achieve distinct count across multiple fields? How to get a distinct count across two different fields. I have webserver request logs containing browser family and ... by robert2138 Engager in Splunk Search 01-23-2020 2 5	2	5
How to translate SID to Username via the Lookup Table? I have a lookup file which contains various fields, including the username and corresponding SID (pulled from AD). I... by Kendo213 Communicator in Splunk Search 01-23-2020 0 2	0	2
How to regex up to a specific word? How can I create a regex query up to a Specific word? For example, the specific word below is "Index". Example data: ... by limalbert Path Finder in Splunk Search 01-23-2020 0 1	0	1
Case Statement Issue I'm Having issues with my case statement. index=sti_123 source=rss_servers active = "1" status = "Being Commissione... by Bbyers3 New Member in Splunk Search 01-23-2020 0 3	0	3
SPL: Searching the Network Traffic for anything that is not (!=) United States Hello fellow Splunkers ( : Does anyone have some SPL laying around that shows network traffic that is NOT United St... by itsmevic Communicator in Splunk Search 01-23-2020 0 2	0	2
Grouping similar results (URL) I am trying to pull list of different URLs from a splunk query. The data is like below. Sample data: 1. Need to gro... by ashwinkhai Engager in Splunk Search 01-23-2020 0 3	0	3
Unable to resolve host I am trying to send logcat logs to Splunk mint. I added this code Mint.initAndStartSession(this.getApplication(), "5... by mansimarkaur New Member in Splunk Search 01-23-2020 0 0	0	0
Table not sorted by time even after specifying the sort, what am I missing? I have a search results I want to show in a table. I noticed that the events were not sorted by time so I added the s... by leekeener Path Finder in Splunk Search 01-23-2020 0 8	0	8
How to fetch top 5 rows based on a value in table index= aab sourcetype=topconnections earliest=-10m latest=-5m \| table SESSION_AUTH_ID , CONNECTION_COUNT \| addcoltota... by ashanka Explorer in Splunk Search 01-23-2020 0 4	0	4
Splunk Stream Case Insensitive Extraction Doing an extraction in Splunk Stream and get an error when trying to use (?i) in my regex: (?i)x-forwarded-for([:\s]... by tjago11 Communicator in Splunk Search 01-23-2020 0 2	0	2
Compare data between 2 indexes Hi i am using below query to get the results for Ip index=shinken sourcetype=shinken_alarms Level=HARD Status!=UP S... by surekhasplunk Communicator in Splunk Search 01-23-2020 0 0	0	0
len(-5d@d) I am trying to solve a query and I came across a time modifier with len() function. I did not understand the behavior... by yasaswinipotta New Member in Splunk Search 01-23-2020 0 2	0	2
Updating eventgen.conf requires a Splunk restart Hi, I am playing around with SA-Eventgen to generate data in a Dev environment but I find if I make a change to the ... by newportknight Loves-to-Learn in Splunk Search 01-23-2020 0 3	0	3
Pass value to subsearch with inputlookup Hi, perhaps it is the wrong approach, but i try to use an inputlookup within a search and pass a value to this subse... by tdoSplunk Path Finder in Splunk Search 01-23-2020 0 6	0	6
Find Difference between multiple events TransID AppName timestamp Messagge 1 App1 2019-12-16 18:18:43.731 +0000 Message…… 1 App1 2019-1... by rkmaggidi New Member in Splunk Search 01-23-2020 0 2	0	2
Lookups and Wildcard Entries I'm currently setting up an alert using a CSV lookup file with wildcard entries. I followed the instructions provided... by pwguinto New Member in Splunk Search 01-23-2020 0 2	0	2
indexのrententionの仕様について。,indexのRetention (days)の仕様について。 DBConectデータを取り込んだところ、 indexのrententionは一日（a day ago）にもかかわらず、５日分保持されております。 splunk cloudではrentention以上の期間を保持するものでしょうか。... by suzuki_caica New Member in Splunk Search 01-23-2020 0 0	0	0
Predefined Group What is the best way to define a "group" of ip subnets called server_subnet then use that in searches. I have about ... by balcv Contributor in Splunk Search 01-22-2020 0 1	0	1
Is there a way to search and list all attributes from a data model? Is there a way to search and list all attributes from a data model in a search? For example if my data model consists... by spammenot66 Contributor in Splunk Search 01-22-2020 0 5	0	5
Specified driver could not be loaded due to system error 126: The specified module could not be found. (Splunk ODBC Driver, C:\Program Files\Splunk ODBC Driver\lib\SplunkDSII.dll). Hi, I am trying to connect to Splunk from tableau and getting the attached error. All the drivers are present in the ... by rtrived New Member in Splunk Search 01-22-2020 0 1	0	1
Can All-In-One be set as a search peer? Hello! Can All-In-One be set as a search peer? Although the status is set to UP when set, the search returns 0 resu... by HiroshiSatoh Champion in Splunk Search 01-22-2020 0 4	0	4
How to hide title space of a Table? I want to hide the blank space acquired by a TABLE TITLE as my table title is empty and occupying extra space on the ... by nagar57 Communicator in Splunk Search 01-22-2020 1 3	1	3