Splunk Search

Community Activity

Is there a reference for the syntax of configuration files? The pages in [this section][1] give some pointers about what syntax is allowed, but I cannot find a full reference. I... by nohyei6v Explorer in Splunk Search 01-24-2020 0 2	0	2
append command is not working Hi All, Updated I have 70,535 records in first query and 201776 from second query. when i am append these two searc... by harishalipaka Motivator in Splunk Search 01-24-2020 0 4	0	4
コマンド制限について「sort 0」や「join max=0」などコマンドに件数制限がかかっているケースが見受けられれます。上記は制限解除のオプションは用意されていますが、制限を解除することでの影響はあるのでしょうか。制限以上件数に見合う速度や負荷以... by nishida_tada_ca Loves-to-Learn Lots in Splunk Search 01-24-2020 0 1	0	1
Setting earliest and latest. I want to search data from "earliest" to "earliest" + 5 minutes later. How should I implement it ? I tried the fol... by shikata74 New Member in Splunk Search 01-24-2020 0 13	0	13
How to trigger alert only when the result is changed? I want to trigger an alert only when the results are changed. The frequency of my alert is 15 mins, So the next Alert... by keskash Loves-to-Learn in Splunk Search 01-24-2020 0 1	0	1
help on where command which is malformed hi I have an issue in the where command below (The expression is malformed) What is the problem please?? \| eval PRO... by jip31 Motivator in Splunk Search 01-23-2020 0 1	0	1
Show a message even when no events are returned using Sttats with by clause Hi All, I have situation where I want to show a message instead of empty cell. I am using below query to get some d... by rkmaggidi New Member in Splunk Search 01-23-2020 0 2	0	2
Calculate the difference between two time fields within a single event I have two time fields in a single event that I need to calculate the difference between and then display said differ... by migquinn Engager in Splunk Search 01-23-2020 0 2	0	2
How do I get a distinct value count from two fields? I have two different fields (DB_INSTANCE_NAME & INSTANCE_NAME ) in two source types. These fields contain a similar v... by twh1 Communicator in Splunk Search 01-23-2020 0 2	0	2
How to achieve distinct count across multiple fields? How to get a distinct count across two different fields. I have webserver request logs containing browser family and ... by robert2138 Engager in Splunk Search 01-23-2020 2 5	2	5
How to translate SID to Username via the Lookup Table? I have a lookup file which contains various fields, including the username and corresponding SID (pulled from AD). I... by Kendo213 Communicator in Splunk Search 01-23-2020 0 2	0	2
How to regex up to a specific word? How can I create a regex query up to a Specific word? For example, the specific word below is "Index". Example data: ... by limalbert Path Finder in Splunk Search 01-23-2020 0 1	0	1
Case Statement Issue I'm Having issues with my case statement. index=sti_123 source=rss_servers active = "1" status = "Being Commissione... by Bbyers3 New Member in Splunk Search 01-23-2020 0 3	0	3
SPL: Searching the Network Traffic for anything that is not (!=) United States Hello fellow Splunkers ( : Does anyone have some SPL laying around that shows network traffic that is NOT United St... by itsmevic Communicator in Splunk Search 01-23-2020 0 2	0	2
Grouping similar results (URL) I am trying to pull list of different URLs from a splunk query. The data is like below. Sample data: 1. Need to gro... by ashwinkhai Engager in Splunk Search 01-23-2020 0 3	0	3
Unable to resolve host I am trying to send logcat logs to Splunk mint. I added this code Mint.initAndStartSession(this.getApplication(), "5... by mansimarkaur New Member in Splunk Search 01-23-2020 0 0	0	0
Table not sorted by time even after specifying the sort, what am I missing? I have a search results I want to show in a table. I noticed that the events were not sorted by time so I added the s... by leekeener Path Finder in Splunk Search 01-23-2020 0 8	0	8
How to fetch top 5 rows based on a value in table index= aab sourcetype=topconnections earliest=-10m latest=-5m \| table SESSION_AUTH_ID , CONNECTION_COUNT \| addcoltota... by ashanka Explorer in Splunk Search 01-23-2020 0 4	0	4
Splunk Stream Case Insensitive Extraction Doing an extraction in Splunk Stream and get an error when trying to use (?i) in my regex: (?i)x-forwarded-for([:\s]... by tjago11 Communicator in Splunk Search 01-23-2020 0 2	0	2
Compare data between 2 indexes Hi i am using below query to get the results for Ip index=shinken sourcetype=shinken_alarms Level=HARD Status!=UP S... by surekhasplunk Communicator in Splunk Search 01-23-2020 0 0	0	0
len(-5d@d) I am trying to solve a query and I came across a time modifier with len() function. I did not understand the behavior... by yasaswinipotta New Member in Splunk Search 01-23-2020 0 2	0	2
Updating eventgen.conf requires a Splunk restart Hi, I am playing around with SA-Eventgen to generate data in a Dev environment but I find if I make a change to the ... by newportknight Loves-to-Learn in Splunk Search 01-23-2020 0 3	0	3
Pass value to subsearch with inputlookup Hi, perhaps it is the wrong approach, but i try to use an inputlookup within a search and pass a value to this subse... by tdoSplunk Path Finder in Splunk Search 01-23-2020 0 6	0	6
Find Difference between multiple events TransID AppName timestamp Messagge 1 App1 2019-12-16 18:18:43.731 +0000 Message…… 1 App1 2019-1... by rkmaggidi New Member in Splunk Search 01-23-2020 0 2	0	2
Lookups and Wildcard Entries I'm currently setting up an alert using a CSV lookup file with wildcard entries. I followed the instructions provided... by pwguinto New Member in Splunk Search 01-23-2020 0 2	0	2