Splunk Search

Community Activity

Help with lookup Hi. Please I need some help. Different devices, all with different port numbers. How to create a single search that... by hank72 Path Finder in Splunk Search 12-15-2019 0 1	0	1
How to check log volume indexed per day in a particular index I want to calculate the total volume of logs index per day for a particular index. is there any search query for the ... by asharma21193 New Member in Splunk Search 12-14-2019 0 2	0	2
field extraction on specific path Hi I have some log files with different name that copy into the Splunk server "/opt/splunk/logs" daily. when I extra... by indeed_2000 Motivator in Splunk Search 12-14-2019 0 1	0	1
How to combine Multiple joins with subsearch? Hi , I have 3 joins with subsearch ,how can I combine those 3 joins and make as one join? join new1 max=0 [search i... by ravikanthbadugu New Member in Splunk Search 12-14-2019 0 8	0	8
Modify X-axis with an interval from 0 to 100 Hello, I'm new here,I would like to know how to modify the X-axis. I don't want to group by host or time, I want an i... by remyjuvenals New Member in Splunk Search 12-13-2019 0 2	0	2
How to rename label in splunk legend that not effected the lookup name? Hi, I would like to display each plugname on the legend instead of plug1, plug2, plug3 and so on using timechart. I ... by matoulas Path Finder in Splunk Search 12-13-2019 1 18	1	18
What is the best practice for donut charts? Hi, I have read different documentation on donut charts, but it's not very clear. What is the better solution for do... by jip31 Motivator in Splunk Search 12-13-2019 0 1	0	1
Using a transform to set index from event field. How to fall back to a certain index? I have events with a field that contains a desired destination index (see index=* below). [timestamp] index=layer1... by juniormint Communicator in Splunk Search 12-13-2019 2 10	2	10
How to sort a chart based on a sum? I dump Splunk daily indexing into a summary index for long term retention and quicker searching. But now I'm trying t... by jeck11 Path Finder in Splunk Search 12-13-2019 0 16	0	16
Eventtype 'msad-dc-health' does not exist or is disabled. After deploying windows infrastructure application i got blocked dashbords with this error message " Eventtype 'msad-... by baroudiem New Member in Splunk Search 12-13-2019 0 1	0	1
help on stats command hello I use the search below in order to count a number of events by SITE If I search a specific site (example \| sea... by jip31 Motivator in Splunk Search 12-13-2019 0 10	0	10
Looping a "forecasting" column using stats Hello all, I just cannot wrap my head around how splunk does looping. Below is what I'm currently trying to do: ... by dojiepreji Path Finder in Splunk Search 12-13-2019 1 9	1	9
How to blacklist events in WinEventLog that have a message containing quotes? I am playing with a new windows event log source called sysmon. Among other things, sysmon logs process creation eve... by dstaulcu Builder in Splunk Search 12-13-2019 0 5	0	5
How to build a regular expression that will split a field on the first underscore? I need to use regex to split a field into two parts, delimited by an underscore. The vast majority of the time, my ... by mstark31 Path Finder in Splunk Search 12-13-2019 1 8	1	8
How to remove specified values of a field from a table? Hello there! I need some help. I have a table, and in that table, there are are a "SHORT_ID", "DATA1 -> ERROR" & "DAT... by ganinurceski Engager in Splunk Search 12-13-2019 0 3	0	3
How to create a search to extract last word of the URL? I need to create a search which extract last word of the URL as below:- https://hostname/bs/cf/webservice/WordtoExtr... by bsaujla131984 Path Finder in Splunk Search 12-13-2019 1 5	1	5
Regular expressions to match a specific string for field exctraction I have this type of log file: 182.236.164.11 - - [04/Mar/2019:18:20:56] "GET /cart.do?action=addtocart&itemId=EST-15... by kstam2 New Member in Splunk Search 12-13-2019 0 5	0	5
How to exclusively search for lower-case characters My query is for searching users...i.e david OR tom OR cindy... The results are: David david Tom tom Cindy cindy Wh... by david1395 New Member in Splunk Search 12-13-2019 0 10	0	10
Citrix Netscaler: How to log external IP addresses Hey there, I am needing to look at what ip's our users are using to connect to our Citrix VD website. I've been try... by eberg1 Engager in Splunk Search 12-13-2019 0 2	0	2
How to extract values? My Log Contains "SeqNo":4433221,"T_CODE":"ABC","VALUE":983123456,"VALUE2":"0000000000", I am in need of VALUE field... by valpravin Engager in Splunk Search 12-13-2019 0 2	0	2
Legend of last entry in bar chart is hidden I've installed the newest dashboard examples from splunkbase. When opening the "Bar Chart" example, depending on the ... by DieterSch New Member in Splunk Search 12-13-2019 0 7	0	7
Splunk and Compliance Hello fellow Splunkers - I have a quick question. We have a few platforms in our environment that are reporting diff... by itsmevic Communicator in Splunk Search 12-13-2019 0 3	0	3
compare result of two search results of usernames I need to get a list of all users that haven't changed password (Windows) in a set timespan. Timespan exceeds length ... by erikwie Path Finder in Splunk Search 12-13-2019 0 3	0	3
Extract timetaken from line Here is my log line {"line":"2019-12-09T11:40:13.049Z LCS LCE [pool-8-thread-13] INFO i.r.rest.- job:{id=cd25... by balash1979 Path Finder in Splunk Search 12-12-2019 0 1	0	1
How to order chronologically when _time has been evaluated with strftime? Hello, I always have problems ordering my events after evaluating _time to something else. See this query for example... by 3DGjos Communicator in Splunk Search 12-12-2019 0 6	0	6