Splunk Search

Community Activity

Is there a way to pre-set the earliest event of a search for a user? Hello Splunk Community, in order to honour privacy policies we need to limit the searches of most users/roles of an ... by DATEVeG Path Finder in Splunk Search 01-21-2020 0 2	0	2
how to create a table with empty cells Hello, I would like to create a table in below format in splunk. should display first value in first cell of first c... by PC00128849 New Member in Splunk Search 01-21-2020 0 3	0	3
Timechart with count of open connections per protocol (TCP/UDP/ICMP) ? Hi, i'm getting stuck an weird using Splunk to show me am Timechart for the last 30 days with open connection per pro... by rhornung Explorer in Splunk Search 01-20-2020 0 10	0	10
create a table with one column will display some items on one field and another column to display all other items from the same field I have firewall logs where the field "user" has multiple user id's including guest and unknown. I need to count all ... by d4rk_sp1d3r Loves-to-Learn Lots in Splunk Search 01-20-2020 0 4	0	4
I can't collect logs in splunk GUI after splunk configuration Hello!!!! I can't collect logs in Splunk after Splunk configuration I have done all configuration but I still not g... by pacifikn Communicator in Splunk Search 01-20-2020 0 3	0	3
How to make a Simple Pie Chart showing the percent on the pie Im trying to create a simple Pie chart from a csv file or indexed data and cant seem to configure the Pie chart corre... by mikeoks New Member in Splunk Search 01-20-2020 0 1	0	1
Splunk UI not working windows 10. I believe the latest MS updates changed something that is preventing Splunk to open. The error message does not say m... by GersonGarcia Path Finder in Splunk Search 01-20-2020 0 2	0	2
How to find total byte count? I am looking through my firewall logs and would like to find the total byte count between a single source and a singl... by DEAD_BEEF Builder in Splunk Search 01-20-2020 0 4	0	4
Regex to extract the end of a string (from a field) before a specific character (starting form the right) Hi Everyone: I'd like to extract everything before the first "=" below (starting from the right): sender=john&uid=j... by mdeterville Path Finder in Splunk Search 01-20-2020 0 4	0	4
WinHostMon launched processes with users Hello guys, I'm currently using Splunk_TA_Windows (v5.0.1). I'd like to add the user who launched each processes. Is... by francoisternois Path Finder in Splunk Search 01-20-2020 0 0	0	0
Is it possible to use max_match inside a datamodel rex definition? In the definition of a datamodel, I would like to use a regular expression with argument max_match=10 or max_match=0.... by tonniea Explorer in Splunk Search 01-20-2020 0 7	0	7
Use repetitive query in a subsearch Hello All, I would like to reuse repetitive query in a sub-search. Could you please help me to retrieve the base quer... by andrewpagans Path Finder in Splunk Search 01-20-2020 0 1	0	1
Why is line breaking not working as expected ? Hi, I would like to break my logs at every time + log level but it is not working as expected. Here's my props.conf :... by romainbouajila Path Finder in Splunk Search 01-20-2020 0 13	0	13
SPLUNK SPL on an scenario Have 2 DB connection and i want to compare the DB1 connection HRA field keeping as primary key say here in this examp... by naliniasb Explorer in Splunk Search 01-20-2020 0 4	0	4
Using latest timestamp in another search Good afternoon! I need to do the following: 1. Using a search result that finds the last timestamp in a certain time... by krylov Explorer in Splunk Search 01-20-2020 0 3	0	3
retrieving timechart values when there are no events I am running following query in Splunk index=appName build=xyz logLevel=ERROR \| timechart span=1d count As value. if... by ashish198511 Explorer in Splunk Search 01-20-2020 1 14	1	14
clarification with indexing time and trasforfms.conf needed Hello, I would like to reduce the license consumption and therefore think of installing HF and applying filtering th... by damucka Builder in Splunk Search 01-20-2020 0 2	0	2
Is it possible to create Time chart with search with base search? I have a dashboard with the following base search: <search id="CreatedDossierCount"> <query>index="customer1-clo... by fvegdom Path Finder in Splunk Search 01-20-2020 0 2	0	2
Regex match on "message" portion of event From the splunk windows_TA guide "The following keys are equivalent to the fields which appear in the text of the ac... by montydo Explorer in Splunk Search 01-20-2020 0 2	0	2
How to write regex for a multivalue field I have a multivalue field which is got from a stats function. using mvfind function, how to write regex for this. qu... by gndivya Explorer in Splunk Search 01-20-2020 0 4	0	4
Embedded report shrinks when printing I have a webpage with a few splunk reports embedded to it using the embed option from the Embed page of splunk. Works... by salmiakki New Member in Splunk Search 01-20-2020 0 3	0	3
Matching records from 2 different indexes with a look up I have 2 indexes and need to get only a records of field that exists in both indexes. One of the index has to filter ... by sherins New Member in Splunk Search 01-20-2020 0 3	0	3
default indexes to both target group How can we forward internal,_audit ,* indexes to both target groups? In outputs.conf, create stanzas for each receiv... by ansif Motivator in Splunk Search 01-20-2020 0 2	0	2
"Capability" attribute not working in restmap.conf in Splunk. The documentation for 'restmap.conf' can be obtained here: https://docs.splunk.com/Documentation/Splunk/8.0.1/Admin/R... by zahrasidhpuri Engager in Splunk Search 01-19-2020 0 0	0	0
How to return 0 when the search has no results in time chart I am trying to see how can we return 0 if no results are found using timechart for a span of 30minutes.i tried using ... by vrmandadi Builder in Splunk Search 01-19-2020 0 7	0	7