Splunk Search

Community Activity

How to pattern match with the extracted field I have a report generated with following fields, Field 1 , Field 2, Field 3. I have to create an alert based on the... by Deprasad Path Finder in Splunk Search 01-02-2020 0 2	0	2
multiple stats count function in the same search component @gcusello I have multiple count functions in the same search component. What does it mean by that? What is really ha... by palisetty Communicator in Splunk Search 01-02-2020 0 1	0	1
How to display media field Hi everyone, I'm trying this search but apparently Splunk doesn't have the same logic as SQl. Can someone give me he... by tahasefiani Explorer in Splunk Search 01-02-2020 0 3	0	3
How to search the results produced by the multireport command? I have the following search: index="main" \|rename Proj_repo AS Project \| multireport [ stats values(Project) AS Proj... by jlkokko Path Finder in Splunk Search 01-02-2020 0 7	0	7
Using NOT and != would return the same results. (T/F) Using NOT and != would return the same results. For me, the answer is false but quizlet says true. I say false ... by palisetty Communicator in Splunk Search 01-01-2020 1 4	1	4
Help with stats count between two urls Hi all, hope there is a way to do the following. I am trying to find out how many events it takes for a user to go f... by stephenreece New Member in Splunk Search 01-01-2020 0 8	0	8
Help extracting totalCount out of nested JSON { [-] detailMap: { [-] critical: false result: 0 totalCnt: 5 txnCountWithIgnoredIRC: 0 wa... by bhavya49 New Member in Splunk Search 01-01-2020 0 2	0	2
Search terms are case sensitive or case insensitive. Search terms are case sensitive or case insensitive? (components of search language)? For me, the answer is case sen... by palisetty Communicator in Splunk Search 01-01-2020 0 9	0	9
categorize or classify dissimilar field values at search time? The goal is to generate a new field "Category" and assign it an arbitrary value (e.g. "Error") depending on which reg... by mitag Contributor in Splunk Search 12-31-2019 0 4	0	4
Correlating two alerts question I have the following 2 alerts and need to correlate them. The first one is looks for an OS reboot. The second one l... by sbgoldberg13 Explorer in Splunk Search 12-31-2019 0 5	0	5
Why is the Splunk Enterprise 'WGet' link so slow? I'm trying to automate the deployment of the Heavy Forwarder, as part of that i'm automatically fetching the Splunk H... by patrick112 New Member in Splunk Search 12-31-2019 0 0	0	0
Create more efficient "IF"statement that looks at the last 30 days \| eval nessus = if(like(nessus, "%2019") AND relative_time(now(), "-30d@d") < strptime(nessus,"%m/%d/%Y"), 1, 0) Ab... by UMDTERPS Communicator in Splunk Search 12-31-2019 0 2	0	2
Systemd support with Splunk does not work on SLES When we set up Splunk to start under systemd it prompts us recursively for the root password even we're running Splun... by dchoi_splunk Splunk Employee in Splunk Search 12-31-2019 0 5	0	5
Is max_searches_per_cpu at 6 a good set-up? On our primary search head max_searches_per_cpu is set to 6. I wonder if it’s a good effective set-up. Where can I fi... by danielbb Motivator in Splunk Search 12-31-2019 0 7	0	7
How to group events by time after using timechart span? I'm using the following search with timechart span=1h to show how many events appear by the day and hour: \|inputlook... by russell120 Communicator in Splunk Search 12-31-2019 0 7	0	7
How to assign a custom scoring scale based on device type? (eval related) Hello, Currently we have a scoring for our systems that counts each server, router, switch, firewall, workstation, e... by UMDTERPS Communicator in Splunk Search 12-31-2019 0 8	0	8
How to find out who deleted savedsearches We found there were some savedsearches deleted for some reasons. Is it a way to find out who deleted the savedsearch... by lucas4394 Path Finder in Splunk Search 12-31-2019 0 2	0	2
Splunk fetching node as jenkins master, instead of actual slave for pipeline job builds. why? I am using jenkins's splunk plugin version 1.6.3(latest). I have configured no executor in master, so no possibility ... by rakesh635 Engager in Splunk Search 12-31-2019 3 14	3	14
Show me all events where field value not present? Greetings good people, i may be over thinking things or didn't get enough sleep. I need to return results where a fi... by yepyepyayyooo New Member in Splunk Search 12-30-2019 0 6	0	6
Copy a row in a table Hi, I am trying to conditionally add records to my table with a slight modification to the data. for example Date ... by komalg New Member in Splunk Search 12-30-2019 0 3	0	3
Regex help to extract from json Need help to extract the Phone number callForwardSelectiveDetails\":{\"description\":\"New Years Temp\",\"action\":f... by yograjpatel New Member in Splunk Search 12-30-2019 0 9	0	9
Timechart does not work correctly with another user I created several objects with my local splunk user and everything is working as expected. I need to share all items ... by sergeimartao Explorer in Splunk Search 12-30-2019 0 3	0	3
Why does count and dc behave differently? I have written the query index="main" host="web_application" \| stats count by status The result is: status c... by palisetty Communicator in Splunk Search 12-30-2019 0 1	0	1
How to sort a table by a time field in text format Hello, Here's the problem. Dashboard - Time picker is used to select a date range. But this date range is not check... by genesiusj Builder in Splunk Search 12-30-2019 0 2	0	2
What is the best way to count numbers of recipients in stanza? I have a recipient field containing a list of recipient delimited by a comma. What is the best way to calculate the t... by lucas4394 Path Finder in Splunk Search 12-30-2019 0 1	0	1