Splunk Search

Community Activity

What is the best practice for donut charts? Hi, I have read different documentation on donut charts, but it's not very clear. What is the better solution for do... by jip31 Motivator in Splunk Search 12-13-2019 0 1	0	1
Using a transform to set index from event field. How to fall back to a certain index? I have events with a field that contains a desired destination index (see index=* below). [timestamp] index=layer1... by juniormint Communicator in Splunk Search 12-13-2019 2 10	2	10
How to sort a chart based on a sum? I dump Splunk daily indexing into a summary index for long term retention and quicker searching. But now I'm trying t... by jeck11 Path Finder in Splunk Search 12-13-2019 0 16	0	16
Eventtype 'msad-dc-health' does not exist or is disabled. After deploying windows infrastructure application i got blocked dashbords with this error message " Eventtype 'msad-... by baroudiem New Member in Splunk Search 12-13-2019 0 1	0	1
help on stats command hello I use the search below in order to count a number of events by SITE If I search a specific site (example \| sea... by jip31 Motivator in Splunk Search 12-13-2019 0 10	0	10
Looping a "forecasting" column using stats Hello all, I just cannot wrap my head around how splunk does looping. Below is what I'm currently trying to do: ... by dojiepreji Path Finder in Splunk Search 12-13-2019 1 9	1	9
How to blacklist events in WinEventLog that have a message containing quotes? I am playing with a new windows event log source called sysmon. Among other things, sysmon logs process creation eve... by dstaulcu Builder in Splunk Search 12-13-2019 0 5	0	5
How to build a regular expression that will split a field on the first underscore? I need to use regex to split a field into two parts, delimited by an underscore. The vast majority of the time, my ... by mstark31 Path Finder in Splunk Search 12-13-2019 1 8	1	8
How to remove specified values of a field from a table? Hello there! I need some help. I have a table, and in that table, there are are a "SHORT_ID", "DATA1 -> ERROR" & "DAT... by ganinurceski Engager in Splunk Search 12-13-2019 0 3	0	3
How to create a search to extract last word of the URL? I need to create a search which extract last word of the URL as below:- https://hostname/bs/cf/webservice/WordtoExtr... by bsaujla131984 Path Finder in Splunk Search 12-13-2019 1 5	1	5
Regular expressions to match a specific string for field exctraction I have this type of log file: 182.236.164.11 - - [04/Mar/2019:18:20:56] "GET /cart.do?action=addtocart&itemId=EST-15... by kstam2 New Member in Splunk Search 12-13-2019 0 5	0	5
How to exclusively search for lower-case characters My query is for searching users...i.e david OR tom OR cindy... The results are: David david Tom tom Cindy cindy Wh... by david1395 New Member in Splunk Search 12-13-2019 0 10	0	10
Citrix Netscaler: How to log external IP addresses Hey there, I am needing to look at what ip's our users are using to connect to our Citrix VD website. I've been try... by eberg1 Engager in Splunk Search 12-13-2019 0 2	0	2
How to extract values? My Log Contains "SeqNo":4433221,"T_CODE":"ABC","VALUE":983123456,"VALUE2":"0000000000", I am in need of VALUE field... by valpravin Engager in Splunk Search 12-13-2019 0 2	0	2
Legend of last entry in bar chart is hidden I've installed the newest dashboard examples from splunkbase. When opening the "Bar Chart" example, depending on the ... by DieterSch New Member in Splunk Search 12-13-2019 0 7	0	7
Splunk and Compliance Hello fellow Splunkers - I have a quick question. We have a few platforms in our environment that are reporting diff... by itsmevic Communicator in Splunk Search 12-13-2019 0 3	0	3
compare result of two search results of usernames I need to get a list of all users that haven't changed password (Windows) in a set timespan. Timespan exceeds length ... by erikwie Path Finder in Splunk Search 12-13-2019 0 3	0	3
Extract timetaken from line Here is my log line {"line":"2019-12-09T11:40:13.049Z LCS LCE [pool-8-thread-13] INFO i.r.rest.- job:{id=cd25... by balash1979 Path Finder in Splunk Search 12-12-2019 0 1	0	1
How to order chronologically when _time has been evaluated with strftime? Hello, I always have problems ordering my events after evaluating _time to something else. See this query for example... by 3DGjos Communicator in Splunk Search 12-12-2019 0 6	0	6
Appendcols not lining up Total Volume by SLA Volume Trying to do a correlation search for total volume vs sla volume. This search works if I edit the time span to an ho... by fisuser1 Contributor in Splunk Search 12-12-2019 1 9	1	9
Random sampling ratio in subsearch (long OR list) only? Is it possible, via Splunk's Python SDK, to specify event sampling ratio (say 1:1000) or some equivalent random eval... by alancalvitti Path Finder in Splunk Search 12-12-2019 0 5	0	5
.NET CLR Memory -> # Bytes in all Heaps Performance Counter We have Splunk enterprise license in our client network. Here we can see chart of Private Bytes for all processes in ... by vighneshtrivedi New Member in Splunk Search 12-12-2019 0 1	0	1
Is it possible to make a pie chart with pre calculated percentage values? Hello all, I am trying to make a pie chart with already calculated percentage values and am wondering if this if pos... by jregruit Engager in Splunk Search 12-12-2019 0 2	0	2
Define results when duplicate events have dissimilar field values HR data I'm working with has multiple entries for the same user. The hr_id always starts with an Alpha character foll... by dorgra Path Finder in Splunk Search 12-12-2019 0 8	0	8
Does Splunk have an echo command Does Splunk have a command that could be used in the search field that would echo the response in the search results.... by TonyLeeVT Builder in Splunk Search 12-12-2019 2 11	2	11