Splunk Search

Community Activity

Displaying results for events in same index but having different data format We had a report for which the input CSV data format was 'value-only', but the format was modified to 'key-value' pair... by swarjs Explorer in Splunk Search 12-16-2019 1 2	1	2
Why do we get a "Failed to create a bundles setup with server name GUID" message? We get a message such as - *[indexer name] Failed to create a bundles setup with server name GUID : Using peer's loca... by ddrillic Ultra Champion in Splunk Search 12-16-2019 0 5	0	5
Why is base search only showing several hours of events instead of 24 hours? I have a dashboard where I have used base search in each panel. Within the dashboard, I have 40 different panels and ... by Snigdha95 New Member in Splunk Search 12-16-2019 0 2	0	2
Is a lookup definition necessary? I've uploaded a lookup csv file, and was immediately able to use it from a inputlookup and lookup (referencing the fi... by Junie Loves-to-Learn in Splunk Search 12-16-2019 0 1	0	1
How do I find top 10 ports used by attackers? I'm not using Regex. There are over 370,00 events, and the payload of the data reads like this: payload: {"attackerP... by jpsnlyle New Member in Splunk Search 12-15-2019 0 4	0	4
How to show all current day transactions whose amount is higher than the previous month average Hi all, I have a bank transaction XML log with DATE, CC, AMOUNT. I need to show all transactions of the current day ... by dorismustovic New Member in Splunk Search 12-15-2019 0 5	0	5
Help with lookup Hi. Please I need some help. Different devices, all with different port numbers. How to create a single search that... by hank72 Path Finder in Splunk Search 12-15-2019 0 1	0	1
How to check log volume indexed per day in a particular index I want to calculate the total volume of logs index per day for a particular index. is there any search query for the ... by asharma21193 New Member in Splunk Search 12-14-2019 0 2	0	2
field extraction on specific path Hi I have some log files with different name that copy into the Splunk server "/opt/splunk/logs" daily. when I extra... by indeed_2000 Motivator in Splunk Search 12-14-2019 0 1	0	1
How to combine Multiple joins with subsearch? Hi , I have 3 joins with subsearch ,how can I combine those 3 joins and make as one join? join new1 max=0 [search i... by ravikanthbadugu New Member in Splunk Search 12-14-2019 0 8	0	8
Modify X-axis with an interval from 0 to 100 Hello, I'm new here,I would like to know how to modify the X-axis. I don't want to group by host or time, I want an i... by remyjuvenals New Member in Splunk Search 12-13-2019 0 2	0	2
How to rename label in splunk legend that not effected the lookup name? Hi, I would like to display each plugname on the legend instead of plug1, plug2, plug3 and so on using timechart. I ... by matoulas Path Finder in Splunk Search 12-13-2019 1 18	1	18
What is the best practice for donut charts? Hi, I have read different documentation on donut charts, but it's not very clear. What is the better solution for do... by jip31 Motivator in Splunk Search 12-13-2019 0 1	0	1
Using a transform to set index from event field. How to fall back to a certain index? I have events with a field that contains a desired destination index (see index=* below). [timestamp] index=layer1... by juniormint Communicator in Splunk Search 12-13-2019 2 10	2	10
How to sort a chart based on a sum? I dump Splunk daily indexing into a summary index for long term retention and quicker searching. But now I'm trying t... by jeck11 Path Finder in Splunk Search 12-13-2019 0 16	0	16
Eventtype 'msad-dc-health' does not exist or is disabled. After deploying windows infrastructure application i got blocked dashbords with this error message " Eventtype 'msad-... by baroudiem New Member in Splunk Search 12-13-2019 0 1	0	1
help on stats command hello I use the search below in order to count a number of events by SITE If I search a specific site (example \| sea... by jip31 Motivator in Splunk Search 12-13-2019 0 10	0	10
Looping a "forecasting" column using stats Hello all, I just cannot wrap my head around how splunk does looping. Below is what I'm currently trying to do: ... by dojiepreji Path Finder in Splunk Search 12-13-2019 1 9	1	9
How to blacklist events in WinEventLog that have a message containing quotes? I am playing with a new windows event log source called sysmon. Among other things, sysmon logs process creation eve... by dstaulcu Builder in Splunk Search 12-13-2019 0 5	0	5
How to build a regular expression that will split a field on the first underscore? I need to use regex to split a field into two parts, delimited by an underscore. The vast majority of the time, my ... by mstark31 Path Finder in Splunk Search 12-13-2019 1 8	1	8
How to remove specified values of a field from a table? Hello there! I need some help. I have a table, and in that table, there are are a "SHORT_ID", "DATA1 -> ERROR" & "DAT... by ganinurceski Engager in Splunk Search 12-13-2019 0 3	0	3
How to create a search to extract last word of the URL? I need to create a search which extract last word of the URL as below:- https://hostname/bs/cf/webservice/WordtoExtr... by bsaujla131984 Path Finder in Splunk Search 12-13-2019 1 5	1	5
Regular expressions to match a specific string for field exctraction I have this type of log file: 182.236.164.11 - - [04/Mar/2019:18:20:56] "GET /cart.do?action=addtocart&itemId=EST-15... by kstam2 New Member in Splunk Search 12-13-2019 0 5	0	5
How to exclusively search for lower-case characters My query is for searching users...i.e david OR tom OR cindy... The results are: David david Tom tom Cindy cindy Wh... by david1395 New Member in Splunk Search 12-13-2019 0 10	0	10
Citrix Netscaler: How to log external IP addresses Hey there, I am needing to look at what ip's our users are using to connect to our Citrix VD website. I've been try... by eberg1 Engager in Splunk Search 12-13-2019 0 2	0	2